GnuPG (GPG) — Encryption & Signing Tool
GnuPG (GPG) is the open-source implementation of the OpenPGP standard for encryption, signing, and key management. This cheatsheet covers the complete workflow from key generation, import/export to file encryption/decryption, signing/verification, along with keyserver operations and advanced configuration.
Updated: 2026-07-17·30 commands
Overview
GnuPG (GPG) is a complete and free implementation of the OpenPGP standard. It allows you to encrypt and sign your data and communications. This cheatsheet covers key management, encryption, signing, and verification.
Quick Start
``bash
gpg --gen-key # Generate a new key pair
gpg --list-keys # List public keys
gpg --encrypt -r user file.txt # Encrypt a file
``
Refer to the command table below for detailed usage.
Key Mgmt(18)
| Command | Level | ||
|---|---|---|---|
gpg --gen-keyQuickly generate a new GPG key pair (interactive) | Basic | gpg --gen-key | |
gpg --full-generate-keyGenerate a key pair with full control (type, length, expiry) | Intermediate | gpg --full-generate-key | |
gpg --list-keysList all public keys | Basic | gpg --list-keys | |
gpg --list-secret-keysList all secret keys | Basic | gpg --list-secret-keys --keyid-format LONG | |
gpg --exportExport a public key (binary format) | Basic | gpg --export -o alice-pub.gpg alice@example.com | |
gpg --export --armorExport a public key in ASCII-armored format | Basic | gpg --armor --export alice@example.com | |
gpg --importImport a key (public or private) | Basic | gpg --import bob-pub.asc | |
gpg --send-keysSend a key to a keyserver | Intermediate | gpg --keyserver keys.openpgp.org --send-keys ABCD1234 | |
gpg --recv-keysReceive a key from a keyserver | Intermediate | gpg --keyserver keys.openpgp.org --recv-keys ABCD1234 | |
gpg --delete-keysDelete a public key | Intermediate | gpg --delete-keys alice@example.com | |
gpg --delete-secret-keysDelete a secret key | Intermediate | gpg --delete-secret-keys alice@example.com | |
gpg --export-secret-keysExport secret keys (for backup) | Expert | gpg --export-secret-keys --armor -o private-backup.asc alice@example.com | |
gpg --edit-keyInteractively edit a key (add UID, change expiry, set trust, etc.) | Expert | gpg --edit-key alice@example.com | |
gpg --fingerprintDisplay key fingerprint | Basic | gpg --fingerprint alice@example.com | |
gpg --keyserverSpecify a keyserver | Intermediate | gpg --keyserver hkps://keys.openpgp.org --search-keys alice@example.com | |
gpg --refresh-keysRefresh all keys (fetch updates from keyserver) | Intermediate | gpg --refresh-keys | |
gpg --list-sigsList signatures on a key | Intermediate | gpg --list-sigs alice@example.com | |
gpg --search-keysSearch for keys on a keyserver | Intermediate | gpg --keyserver keys.openpgp.org --search-keys alice@example.com |
Encryption(6)
| Command | Level | ||
|---|---|---|---|
gpg --encryptEncrypt a file with a public key | Basic | gpg -e -r alice@example.com secret.txt | |
gpg --decryptDecrypt a file | Basic | gpg -d secret.txt.gpg | |
gpg -cSymmetric encryption (use a passphrase instead of a public key) | Basic | gpg -c myfile.txt | |
gpg --armorOutput in ASCII-armored format (for email and text transmission) | Basic | gpg --armor -e -r bob@example.com data.txt | |
gpg -oSpecify output file | Basic | gpg -o decrypted.txt -d secret.txt.gpg | |
gpg -rSpecify recipient (encrypt with their public key) | Basic | gpg -e -r alice@example.com -r bob@example.com data.txt |
Signing(4)
| Command | Level | ||
|---|---|---|---|
gpg --signSign a file (with compression) | Intermediate | gpg -s document.txt | |
gpg --clearsignClear-sign a file (readable text with embedded signature) | Intermediate | gpg --clearsign announcement.txt | |
gpg --detach-signGenerate a detached signature file | Intermediate | gpg --detach-sign --armor file.zip | |
gpg --verifyVerify a signature | Basic | gpg --verify file.zip.asc file.zip |
Advanced(2)
| Command | Level | ||
|---|---|---|---|
gpg --trust-modelSet the trust model (always/pgp/classic/direct) | Expert | gpg --trust-model always -e -r bob@example.com file.txt | |
gpg --gen-revokeGenerate a revocation certificate | Intermediate | gpg --gen-revoke alice@example.com |
FAQ
This cheatsheet is compiled from official tool documentation. Last updated: 2026-07-17.