GPG

Key

Create

gpg --full-generate-key

Export

Public key

gpg -k
gpg --output PublickKey.key --armor --export $KEY_ID

Private key

gpg -K
gpg --output Secret.key --armor --export-secret-keys $KEY_ID

# Or subkeys
gpg --output Secret-Subkeys.key --armor --export-secret-subkeys $KEY_ID

Import

gpg --import ./private.key

Remember to delete the private.key file to not expose the key.

Read GitHub documentation about generating a new GPG key for more details.

Sending a key to a keyserver

gpg --keyserver keyserver.ubuntu.com --send-keys <key-id>

Export an SSH public key from a GPG key

gpg --export-ssh-key <key-id>

Smartcard

You can view the whole Yubikey Guide at drduh/YubiKey-Guide.

Fetching a public key from a smart card

• Fetching manually:

gpg --card-edit
gpg> fetch
gpg> quit

• Fetching by automatically passing the fetch command (this will read the commands from stdin)

echo "fetch" | gpg --command-fd=0 --pinentry-mode=loopback --card-edit

Moving a secret key to a smart card

gpg --expert --edit-key <key-id>
gpg> key 1
gpg> keytocard
# When moving a key remember to chose the correct slot
gpg> key 1
# Do the same for each key (remember to deselect it after moving it to card)
gpg> save

Removing a key from a smartcard

I haven't found a way to remove a key from a smartcard. The only way is to reset it to factory settings.

gpg --edit-card
gpg> admin
gpg> factory-reset

Yubikey defaults:

• PIN: 123456
• Admin PIN: 12345678

Useful article

SSH

• To use GPG for SSH authentication you have to set the SSH socket. You can add the code below to your .bashrc file

export GPG_TTY=$(tty)
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
gpgconf --launch gpg-agent
gpg-connect-agent updatestartuptty /bye > /dev/null

• The ssh public SSH key can be exported using the command below

gpg --export-ssh-key <key-id>