Working with GnuPG

GnuPG, the GNU Privacy Guard is a complete implementation of the OpenPGP standard. It allows you to generate and manage your own GnuPG key, and is tightly integrated to many e-mail clients, libraries, and many other applications.

Ubuntu 18.04 includes both gpg and gpg2. However, Evolution and the "Password and Keys" app (also known as "seahorse") only work with gpg2.

Create Key

The following command will guide you though the process of creating a new key:

gpg2 --full-generate-key

If gpg2 command does not work, try with gpg

gpg --full-generate-key

Follow the instructions and set a limited duration for the new key, for example one or two years. And remember the password!

Check Key Fingerprint

Use the following command:

gpg2 --fingerprint firstname.lastname@vshn.ch

For most practical purposes, the fingerprint can be thought of as the last four hexadecimal characters of the output.

Send to Server

Submit your public key so that others can find you:

gpg2 --send-keys ABCDEF10

Import Keys from Other Users

You can find the keys corresponding to your colleagues with this command:

gpg2 --search email@address

Once found, use the gpg2 --recv-keys ABCDEF01 command to add it to your keychain.

Exporting Keys for Backup

You should export your key and store it safely, for example in your password manager.

List your keys:

gpg2 --list-keys

Export your keys as follows:

gpg2 --output mygpgkey_pub.gpg --armor --export ABCDFE01
gpg2 --output mygpgkey_sec.gpg --armor --export-secret-key ABCDFE01

This also works:

gpg2 --armor --export you@example.com > mykey.asc

gpg --export-secret-key [last 8 digits of your fingerprint] > ~/my-key.asc

The resulting file can be safely imported into other applications, for example ProtonMail or GitLab.

Using your Key

Check these related pages for more information about how to use your newly created key:

More Information

How-To: Import/Export GPG key pair