GPG: Difference between revisions

Revision as of 17:53, 21 November 2024

~/.gnupg/gpg-agent.conf
default-cache-ttl ... to lock a key after the given number of seconds if unused
max-cache-ttl ... to lock a key after the given number of seconds no matter what

typically you will generate a secret key per account and system for decryption, and copy its public key to other places for encryption there
gpg --output payload --export ... on the origin system to export a public key
gpg --import payload on the target system to import it
- then you need to trust it, see below

gpg-connect-agent <<<help for list of commands
- gpg-connect-agent <<<'help ...' for help on a specific command
gpg-connect-agent <<<reloadagent to pick up new config
- this also forgets cached passphrases
gpg-connect-agent <<<'keyinfo --list' to check which keys (by keygrip) are currently unlocked, look for a 1
- note that all keys with the same passphrase are unlocked even if this shows just one of them is
- gpg --list-secret-keys --with-keygrip to show the keygrips of your secret keys

@@ Line 14: / Line 14: @@
 * <code>gpg --import payload</code> on the target system to import it
 ** then you need to trust it, see below
+== Shell ==
+* <code>gpg --edit-key ...</code>
+* <code>trust</code> to make an imported public key usable for encryption
+* <code>passwd</code> to change the passphrase
 == Agent ==
@@ Line 24: / Line 30: @@
 ** note that all keys with the same passphrase are unlocked even if this shows just one of them is
 ** <code>gpg --list-secret-keys --with-keygrip</code> to show the keygrips of your secret keys
-== Shell ==
-* <code>gpg --edit-key ...</code>
-* <code>trust</code> to make an imported public key usable for encryption
-* <code>passwd</code> to change the passphrase
 [[Category:Wisdom]]