delete gpg keys

Problem

My GPG Key Pair expired so needed to delete the existing one and replace with a new one

Solution

  • First list the gpg keys:

imela@whiscardz ~ $ gpg –list-keys
pub 4096R/5443F656 2018-09-06 [expired: 2019-09-06]
uid Whiscard imela (implementations encryption) <imela@whiscardz.org>

  • Delete the secret key first

imela@whiscardz ~ $ gpg –delete-secret-keys 5443F656
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

sec 4096R/5443F656 2018-09-06 Whiscard imela (implementations encryption) <imela@whiscardz.org>

Delete this key from the keyring? (y/N) y
This is a secret key! – really delete? (y/N) y

  • Then delete the public key

imela@whiscardz ~ $ gpg –delete-keys 5443F656
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub 4096R/5443F656 2018-09-06 Whiscard imela (implementations encryption) <imela@whiscardz.org>

Delete this key from the keyring? (y/N)y

References

https://serverfault.com/questions/214605/gpg-does-not-have-enough-entropy

https://www.howtoforge.com/helping-the-random-number-generator-to-gain-enough-entropy-with-rng-tools-debian-lenny

http://blog.chapagain.com.np/gpg-remove-keys-from-your-public-keyring/

 

Exporting gpg private key

Problem

Needed to back my gpg keys.

Solution

First export a revocation certificate. This is useful if you want to notify people to stop using your key for any reason:


$ gpg --output test.gpg.revocation-certificate --gen-revoke email@test.org

Now you can export your secret key pair

 


$ gpg --export-secret-keys --armor email@test.org > test.gpg.sec

References

Creating the perfect GPG keypair

Creating the perfect GPG keypair

Encrypt and Decrypt with gpg key

Here’s how to encrypt a document with the recipients public gpg key that you have imported into your keyring:


implementer@whiscardz ~ $ gpg --output test.gpg --encrypt --recipient email@gmail.com test

NOTE: In-case you get a warning whether or not to trust the user’s public key then have a look at this post on signing or trusting gpg keys.

You can also choose not to sign the keys and add the --trust-model always option to the encryption:


$ gpg --output test.gpg --encrypt --recipient email@gmail.com --trust-model always test

 

Decrypting

Here’s how to decrypt a document with the recipients public gpg key. Note you have to have the private key that was used to decrypt.

imela@curtsey ~ $ gpg --output test --decrypt test.gpg

References

Encrypting and decrypting documents

Encrypting and decrypting files with GnuPG

gpg encrypt file without keyboard interaction

gpg: 3310B567: There is no assurance this key belongs to the named user

Problem

I was getting the above error when trying to encrypt a file using a public key that I just imported.

Solution

Sign the public key. Before you sign it you must ensure that you also have a public private key of your own so that you can sign someone else’s public key.

  • Edit the key and get the finger print and confirm with the owner of the key whether the key is correct. You can do this by phone or text or whichever method:

implementer@whiscardz ~ $ gpg --edit-key whiscard [68/600]
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub XXXX/XXXXXXX created: 2017-XX-XX expires: never usage: SC 
 trust: unknown validity: unknown
sub XXXX/XXXXXXX created:2017-XX-XX expires: never usage: E 
[ unknown] (1). Imela (whiscard) <email@gmail.com>

gpg> fpr
pub XXXX/XXXXXXX  2017-XX-XX Imela (whiscard) <email@gmail.com>
 Primary key fingerprint: FFFF 40CD 8888 DA4E 96CB UUUU 3C4B YT89 6AF0 PPPP

  • Sign, check and then quit to exit

gpg> sign

gpg> check

gpg> quit

References

Exchanging keys

gnupg: There is no assurance this key belongs to the named user

Why is gpg getting upset and how do I stop it?

gpg encrypt file without keyboard interaction

Importing gpg public key

Problem

Needed to import a binary .gpg public key into my keyring for use in encrypting documents

Solution

Used the following command to import the key:


implementer@whiscardz ~ $ gpg --list-keys 
implementer@whiscardz ~ $ gpg --import imela.gpg 
gpg: key XXXXXX: public key "Imela (whiscard) <email@gmail.com> imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
implementer@whiscardz ~ $ gpg --list-keys 
/home/implementer/.gnupg/pubring.gpg
------------------------------------
pub XXXXXX/XXXXXX 2017-XX-XX
uid Imela (whiscard)<email@gmail.com>
sub XXXXXX/XXXXXX 2017-XX-XX

 

References

Importing a public key

Generate gpg key pair

Problem

Needed to generate a gpg key pair for encryption and decryption of documents.

Solution

Since gpg is mostly always installed on a linux system by default, I just ran the following command and used the default options except for the key size:


imela@curtsey ~ $ gpg --list-keys
imela@curtsey ~ $ gpg --gen-key
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks

<n>m = key expires in n months [136/410]
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Imela
Email address: email@gmail.com
Comment: whiscard
You selected this USER-ID:
"Imela (whiscard) <email@gmail.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
[0] 0:[tmux]* 1:bash 2:bash 3:[tmux]-

  • Now when you list you will see the following gpg key that was generated:

mela@curtsey ~ $ gpg --list-keys
------------------------------
pub XXXXX/XXXXXX 2017-XX-XX
uid imela (whiscard) <email@gmail.com>
subXXXXX/XXXXXX 2017-XX-XX

References

Generating a new GPG key