GNU Privacy Guard (GPG) Cheat Sheet
Summary
Learn how to use GNU Privacy Guard (GPG) for encryption, signing, and key management. The cheat sheet includes essential commands, options, and examples in one reference.
Introduction #
GNU Privacy Guard (GPG) is a free and open-source command-line tool that allows you to encrypt, decrypt, and sign data and communications. It implements the Open Pretty Good Privacy (OpenPGP) standard, providing secure message exchange through public-key cryptography. GPG supports both symmetric and asymmetric encryption methods, enabling you to protect sensitive information and verify message authenticity.
GPG vs PGP #
Pretty Good Privacy (PGP) was the original encryption software developed by Phil Zimmermann in 1991, but it later became proprietary. GNU Privacy Guard (GPG) is a completely free and open-source reimplementation of the OpenPGP standard (defined in RFC 4880). While PGP uses closed-source licensing and may require commercial licenses, GPG provides the same core functionality under the GNU General Public License (GPL). Both tools are compatible because they follow the same OpenPGP specification.
Synopsis #
GPG is typically invoked from the command line with the following syntax:
gpg [options] [files]
Common actions include key generation, data encryption, decryption, signing, and verifying messages. You can use short or long options, and combine multiple options in a single command.
Options #
| Option | Description |
|---|---|
--gen-key | Generate a new key pair (public and private). |
--list-keys | Display all public keys in your keyring. |
--list-secret-keys | Display all private keys in your keyring. |
--export | Export a public key to standard output. |
--export-secret-keys | Export a private key. |
--import | Import keys from a file. |
--delete-key | Delete a public key. |
--delete-secret-key | Delete a private key. |
--encrypt | Encrypt data using the recipient’s public key. |
--decrypt | Decrypt data using your private key. |
--symmetric | Encrypt data locally using a password instead of a key pair (symmetric encryption). |
--sign | Digitally sign a file or message. |
--verify | Verify the signature of a file or message. |
--armor | Create ASCII-armored output (for text-based key sharing). |
--output | Specify output file name. |
--recipient | Define the recipient for encryption. |
--help | Display available options and usage information. |
Symmetric encryption vs. asymmetric encryption #
Symmetric encryption is a method of encryption where the same key (or password) is used for both encryption and decryption.
When you use symmetric encryption in GPG (with the --symmetric option), you choose a passphrase. This passphrase is used to encrypt the file and must be entered again to decrypt it later. No public or private key pair is involved.
In contrast, asymmetric encryption uses two different keys: a public key for encryption and a private key for decryption. Symmetric encryption is simpler and faster but less suitable for secure communication between multiple users, since everyone who decrypts the data must know the same shared passphrase.
Examples #
Generate a new key pair #
gpg --gen-key
Generates a new key pair. You will be prompted to provide user ID details and passphrase.
List keys #
gpg --list-keys
Displays all stored public keys.
Export a public key #
gpg --armor --export user@example.com > publickey.asc
Exports the public key for sharing in ASCII format.
Import a key #
gpg --import publickey.asc
Adds an imported key to your local keyring.
Encrypt a file for a recipient #
gpg --output message.gpg --encrypt --recipient user@example.com message.txt
Encrypts the message.gpg file using the specified recipient’s public key. The unencrypted file name is set to message.txt.
Encrypt an unencrypted file (symmetric encryption) #
gpg --symmetric --output message.gpg message.txt
Encrypts (symmetric encryption) the unencrypted message.txt file locally using a password instead of a public key. You will be prompted to enter and confirm a passphrase. The encrypted file name is set to message.gpg.
Symmetric encryption is a method of encryption where the same key (or password) is used for both encryption and decryption.
Decrypt an encrypted file #
gpg --output message.txt --decrypt message.gpg
Decrypts the message.gpg file using your private key. The unencrypted file name is set to message.txt.
Sign a file #
gpg --output signedfile.gpg --sign message.txt
Creates a signed version of the file using your private key.
Verify a signature #
gpg --verify signedfile.gpg
Checks the authenticity and integrity of the signed file.
FAQ's #
Most common questions and brief, easy-to-understand answers on the topic:
What is GNU Privacy Guard (GPG)?
GNU Privacy Guard (GPG) is a free and open-source implementation of the OpenPGP standard used for encrypting, decrypting, and signing data and communications.
How does GPG differ from PGP?
Pretty Good Privacy (PGP) is a proprietary encryption program, while GPG is an open-source alternative implementing the same OpenPGP standard.
Can I use GPG on Windows and macOS?
Yes. GNU Privacy Guard is available for Linux, Windows, and macOS through official packages and tools such as Gpg4win or MacGPG.
What is a public and private key in GPG?
A public key is used to encrypt data and verify signatures, while a private key is used to decrypt data and sign messages.
How can I back up my GPG keys?
You can export your keys using gpg --export and gpg --export-secret-keys and store them in a secure location.
Is GPG still secure?
Yes. When used with strong keys and modern algorithms, GPG remains a secure and trusted tool for encryption and digital signatures.
Further readings #
Sources and recommended, further resources on the topic:
- GnuPG: Official Manual
- OpenPGP: Specification and Information
- IETF: RFC 4880: OpenPGP Message Format
- Wikipedia: GNU Privacy Guard
Author
Jonas Jared Jacek (J15k)
Jonas works as project manager, web designer, and web developer since 2001. On top of that, he is a Linux system administrator with a broad interest in things related to programming, architecture, and design. See: https://www.j15k.com/License
GNU Privacy Guard (GPG) Cheat Sheet by Jonas Jared Jacek is licensed under CC BY-SA 4.0.
This license requires that reusers give credit to the creator. It allows reusers to distribute, remix, adapt, and build upon the material in any medium or format, for noncommercial purposes only. To give credit, provide a link back to the original source, the author, and the license e.g. like this:
<p xmlns:cc="http://creativecommons.org/ns#" xmlns:dct="http://purl.org/dc/terms/"><a property="dct:title" rel="cc:attributionURL" href="https://www.ditig.com/gpg-cheat-sheet">GNU Privacy Guard (GPG) Cheat Sheet</a> by <a rel="cc:attributionURL dct:creator" property="cc:attributionName" href="https://www.j15k.com/">Jonas Jared Jacek</a> is licensed under <a href="https://creativecommons.org/licenses/by-sa/4.0/" target="_blank" rel="license noopener noreferrer">CC BY-SA 4.0</a>.</p>For more information see the Ditig legal page.
