GNU privacy guard

Tips for `gpg`

Export and import keys

First, list all available public/private keys with

gpg --list-keys         # list public keys
gpg --list-secret-keys  # list secret keys

To export a key, run

gpg --export --armor KEY_ID > public.asc               # for public keys
gpg --export-secret-keys --armor KEY_ID > private.asc  # for private keys

whereby you specify the key you want to export with KEY_ID.

Import the key with

gpg --import <public/private>.asc

Make sure to set the trust level appropriately with

gpg --edit-key (keyIDNumber)
gpg> trust

To use private keys, you must set the trust level to 5. Only use trust level 5 for your own¹ private keys.

For interaction with keyservers, see below.

Extend expiration date

gpg --edit-key <KEY_ID>
gpg> expire  # follow instructions afterwards
gpg> save

or, more quickly, with:

gpg --quick-set-expire <KEY_ID> <EXTENSION_PERIOD> '*'

Don't forget to update the key on the keyservers you've previously posted the key to afterwards with:

gpg --keyserver <KEYSERVER_URL> --send-keys <KEY_ID>

On keyservers

Refrain from using the SKS keyserver network. Use keys.openpgp.org (no support for signatures) or keyserver.ubuntu.com instead.

The easiest way to interact with keyservers are:

gpg --keyserver hkps://<your_keyserver> --send-keys <KEY_ID>  # to send keys
gpg --keyserver hkps://<your_keyserver> --recv-keys <KEY_ID>  # to download keys

You should always prefer using these commands over file-based interactions in the keyservers' web interfaces.

GNU privacy guard

Tips for gpg

Export and import keys

Extend expiration date

On keyservers

see also

Tips for `gpg`