Questions tagged [gnupg]

GNU Privacy Guard (GnuPG or GPG) is an open source implementation of PGP, a file encryption and signature tool widely used for emails

GNU Privacy Guard (GnuPG or GPG) is an implementation of OpenPGP, a file encryption and signature format widely used for emails. It is an open source alternative to PGP.

Use this tag for questions about security properties of GPG and how to effectively use GPG to achieve security policies. For questions on how to use GPG, ask on Unix & Linux, Super User (if you use Windows) or other sites as applicable.

780 questions
30
votes
2 answers

Is it possible to export a GPG subkey's public component?

I'm trying to export the public component of my subkey, but all GPG will give me is the public component of my master key. The keyring is set up like this. $ gpg…
strugee
  • 719
  • 1
  • 6
  • 16
27
votes
1 answer

Can I add an email address to an existing GPG key?

Is it possible to add an email address to an existing GPG key? When I created a key using gpg --gen-key, I left the "Email address" field blank. Now I want to add an email address. If I have already used the key to encrypt documents and emails, will…
Flux
  • 873
  • 2
  • 9
  • 15
20
votes
1 answer

Is there a common best practice for naming public and private PGP keys when exporting them?

Is there a common best practice for naming exported public and private GPG keys when exporting them or otherwise storing them as files? I know that GnuPG doesn’t care what keys are named when you import them. However, there must be some naming…
lukejanicke
  • 335
  • 2
  • 7
14
votes
5 answers

How to use multiple smart cards with gnupg?

I have two smart cards: SCard1 and SCard2. The same keys are stored on both of them. One of the feature I use the most is SSH authentication to access multiple servers. But I cannot use the second one after having used the first both of the smart…
Morgan Courbet
  • 270
  • 2
  • 11
13
votes
1 answer

Help me understand the relationship between GPG public keys, sub-keys and expiration dates

Following best practices I'm now at the point where I have a non-expiring secret key stored in a save location and a set of sub-keys with an expiration date stored together with the public key on my local machine. However, what I want to do is to…
12
votes
1 answer

Why does gpg --list-keys modify my keyring?

I am concerned that listing the keys in my GPG keyring changes my pubring.gpg and trustdb.gpg files. I expected listing keys to be a read-only operation. Would you know what the reason is? If there is no good reason, is there a way to prevent it?…
marcv81
  • 173
  • 7
11
votes
1 answer

pubring.gpg and pubring.gpg~ at install - why?

I've just installed GPG Suit and have pubring.gpg and pubring.gpg~ in ~/.gnupg. Why? Thank you. ~ cd .gnupg/ ~/.gnupg ls -a . .. gpg-agent.conf gpg.conf pubring.gpg pubring.gpg~ secring.gpg trustdb.gpg
user87589
9
votes
2 answers

Multiple encryption subkeys on hardware smart cards

I've created a PGP key set which consists of the following: A master RSA key with only signing capabilities, stored offline. Multiple OpenPGP cards, each with three RSA keys: An encryption key A signing key An authentication key for SSH My…
Naftuli Kay
  • 6,763
  • 11
  • 49
  • 78
9
votes
1 answer

Which actions does the GnuPG "Certify" capability permit?

Of the following three actions: Certifying / signing other people's public keys. Generating a revocation certificate. Adding & revoking subkeys. ... which ones does the Certify capability on a key allow? As I understand it, Certify permits 1) but…
Paul M Furley
  • 368
  • 3
  • 9
9
votes
1 answer

GnuPG expiration date differs between public and secret key

I exported the secret part of my master key for security reasons. Now I had to extend the expiration date of my key for six months. When typing gpg --list-keys in my console, the following appears pub 4096R/D11FEC22 2015-04-11 [expires:…
null
  • 535
  • 2
  • 14
7
votes
1 answer

Superceding a passphrased key with a token-based key

I've been using a GPG key for awhile (mostly with the pass password manager but also some with mail). Since it's now in use, a few years old, and entering the passphrase is getting tiresome, I thought I'd update/upgrade it with a new key and a…
pjz
  • 121
  • 4
6
votes
1 answer

GnuPG - Symmetric crypt with a null key

As the title tells it, is it possible, using GnuPG, to do a symmetric encryption on a file, using a "null" key so when you do a gpg --output doc --decrypt foo, it'll decrypt it without asking for a password/passphrase ? If not possible, is there a…
Lulzsec
  • 163
  • 3
6
votes
1 answer

What's the difference between trusting a key and signing it?

What's the difference of meaning between trusting (trust command) a key and signing (sign command) it?
Antoine
  • 689
  • 1
  • 5
  • 7
6
votes
2 answers

Restore GPG key after exported to a smartcard

After exporting my private key, I moved my private key on a smart card using keytocard. This worked fine, and I could sign and use GnuPG as expected. Now I would like to go back to have the private key in my GnuPG data base. Since I have the private…
falstaff
  • 221
  • 2
  • 3
5
votes
1 answer

OpenPGP specification and ECC

From OpenPGP specification (RFC 4880) section 13.8 (Reserved Algorithm Numbers): The reserved public-key algorithms, Elliptic Curve (18), ECDSA (19), and X9.42 (21), do not have the necessary parameters, parameter order, or semantics…
John Tracid
1
2 3 4 5 6 7 8