Skip to main content

GnuPG (GPG) — Encryption & Signing Tool

GnuPG (GPG) is the open-source implementation of the OpenPGP standard for encryption, signing, and key management. This cheatsheet covers the complete workflow from key generation, import/export to file encryption/decryption, signing/verification, along with keyserver operations and advanced configuration.

Updated: 2026-07-17·30 commands

Overview

GnuPG (GPG) is a complete and free implementation of the OpenPGP standard. It allows you to encrypt and sign your data and communications. This cheatsheet covers key management, encryption, signing, and verification.

Quick Start

``bash gpg --gen-key # Generate a new key pair gpg --list-keys # List public keys gpg --encrypt -r user file.txt # Encrypt a file ``

Refer to the command table below for detailed usage.

Key Mgmt(18)

CommandLevel
gpg --gen-key
Quickly generate a new GPG key pair (interactive)
Basic
gpg --full-generate-key
Generate a key pair with full control (type, length, expiry)
Intermediate
gpg --list-keys
List all public keys
Basic
gpg --list-secret-keys
List all secret keys
Basic
gpg --export
Export a public key (binary format)
Basic
gpg --export --armor
Export a public key in ASCII-armored format
Basic
gpg --import
Import a key (public or private)
Basic
gpg --send-keys
Send a key to a keyserver
Intermediate
gpg --recv-keys
Receive a key from a keyserver
Intermediate
gpg --delete-keys
Delete a public key
Intermediate
gpg --delete-secret-keys
Delete a secret key
Intermediate
gpg --export-secret-keys
Export secret keys (for backup)
Expert
gpg --edit-key
Interactively edit a key (add UID, change expiry, set trust, etc.)
Expert
gpg --fingerprint
Display key fingerprint
Basic
gpg --keyserver
Specify a keyserver
Intermediate
gpg --refresh-keys
Refresh all keys (fetch updates from keyserver)
Intermediate
gpg --list-sigs
List signatures on a key
Intermediate
gpg --search-keys
Search for keys on a keyserver
Intermediate

Encryption(6)

CommandLevel
gpg --encrypt
Encrypt a file with a public key
Basic
gpg --decrypt
Decrypt a file
Basic
gpg -c
Symmetric encryption (use a passphrase instead of a public key)
Basic
gpg --armor
Output in ASCII-armored format (for email and text transmission)
Basic
gpg -o
Specify output file
Basic
gpg -r
Specify recipient (encrypt with their public key)
Basic

Signing(4)

CommandLevel
gpg --sign
Sign a file (with compression)
Intermediate
gpg --clearsign
Clear-sign a file (readable text with embedded signature)
Intermediate
gpg --detach-sign
Generate a detached signature file
Intermediate
gpg --verify
Verify a signature
Basic

Advanced(2)

CommandLevel
gpg --trust-model
Set the trust model (always/pgp/classic/direct)
Expert
gpg --gen-revoke
Generate a revocation certificate
Intermediate

FAQ

This cheatsheet is compiled from official tool documentation. Last updated: 2026-07-17.