Create and delete GPG keypair | Introduction to GnuPG


UPDATED ON 2022-12-07

GnuPG, popularly known as GPG, is an extremely versatile tool, being widely used as the industry standard for encryption of things like emails, messages, files, or just anything you need to send to someone securely.

Encrypt and decrypt a file using gpg keys

Introduction to GnuPG

GnuPG is a hybrid encryption software module that uses OpenPGP at its core. PGP stands for Pretty Good Privacy. It is a tool for secure communication that provides authentication and cryptographic privacy for data communication.

GPG uses public key encryption wherein you create a key pair: one private or secret key you keep to yourself and one public key you share with your correspondents or the world. The important part of this two-key system is that neither key can be calculated by having the other. They are each an independent and necessary part of the system and are based upon solid mathematical foundations.

Prerequisite

Generating a GPG key pair

To start working with GPG you need to create a key pair for yourself.

  • Use gpg with the --full-generate-key option to create a key pair.
  • With this option, gpg creates and populates the ~/.gnupg directory if it does not exist.
gpg --full-generate-key


$ gpg --full-generate-key
gpg (GnuPG) 2.2.39; Copyright (C) 2022 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory '/home/castor/.gnupg' created gpg: keybox '/home/castor/.gnupg/pubring.kbx' created Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (14) Existing key from card Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 2 Key expires at Tue 01 Nov 2022 09:29:11 AM +0545 Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: yogesh Email address: castor@whoisyoges.eu.org Comment: just a test key You selected this USER-ID: "yogesh (just a test key) <castor@whoisyoges.eu.org>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: /home/castor/.gnupg/trustdb.gpg: trustdb created gpg: directory '/home/castor/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/home/castor/.gnupg/openpgp-revocs.d/036A752DE9DF5516B33E87BE33C05B4624890348.rev' public and secret key created and signed.
pub rsa4096 2022-10-30 [SC] [expires: 2022-11-01] 036A752DE9DF5516B33E87BE33C05B4624890348 uid yogesh (just a test key) <castor@whoisyoges.eu.org> sub rsa4096 2022-10-30 [E] [expires: 2022-11-01]

Sharing your public key

You need to share your public key so that people can encrypt and send any message and files to you which can be decrypted using only your private key.

List the key pair

gpg --list-keys


$ gpg --list-keys
/home/castor/.gnupg/pubring.kbx
--------------------------------
pub   rsa4096 2022-10-30 [SC] [expires: 2022-11-01]
      036A752DE9DF5516B33E87BE33C05B4624890348
uid           [ultimate] yogesh (just a test key) <castor@whoisyoges.eu.org>
sub   rsa4096 2022-10-30 [E] [expires: 2022-11-01]

Getting your public key

gpg --armor --export <id>


$ gpg --armor --export 036A752DE9DF5516B33E87BE33C05B4624890348
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGNd8zcBEACpJLknkdJmlJ9FWnyc6W/mMBuv/DD9ECF4DB45+2mFhPc21bYW nKHZosvtmwBIYHArU6xlHkaOlL2K3Rda7zzwRXB+LzQNqWv0GxN2ukzbS3yixGBg s8yDTa4SM1KFBXuLe6j+x0t0/M7p4yD0tTtK1zCIheel2pkWZ8djHqzvboj34ZN9 5nlxTKSTDbsPOOrrD9Y9nM/RVKdkklHT1esWc25i9rSHwJ0ds0F3F17mCIt+rRpl tm2vTD7Ml5Le5cR8FAz/VBhSltDANtWjr4PtUncuwlUU9wFu6zUGMxzsoxLUXkZp bB+geMhnbE8Sk1kyYILExaoLcQZ9GmsmBwYc7n1lgWCCNdwuVh26CgQu2Y96VTaC /lJMe+j/HlkZKgZwPJd8JL7kxCvL3zYCsnJ4KPTMxUpgSp5JaUOGm5+mNsR2O98u EC8LGU5TplfE7TEsr7IvNH5Dq+XQHaTv54iOJyUDICZMmQyp32nhc7LAvWzRsxDU Axsx2lsJzrZC/SkD7Kd7gZPGyA0i3KHNDWqq8YbGFIAv3uv+pvw26WKjvTLgm1d5 5oKEYOGEJa/LZAco3O2Mbl7sKMB7bpFcV4Q3Ff26rsp7oSCxU4C66pSdZdpAEQSY nnoCsmTtNUIVbyNU9S5lwOwQrWX7IOcfTuGALNq1yW7LnOZimKoGblCBxQARAQAB tDN5b2dlc2ggKGp1c3QgYSB0ZXN0IGtleSkgPGNhc3RvckB3aG9pc3lvZ2VzLmV1 Lm9yZz6JAlQEEwEIAD4WIQQDanUt6d9VFrM+h74zwFtGJIkDSAUCY13zNwIbAwUJ AAKjAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAzwFtGJIkDSLgsEACRqvg6 2Bcglte32vQNz5tHWqqKmmtSuJsXaxgIYjg+eKvkJrRW3QLK+YpiHYvyTDZLjq0/ VCFbCL3We9CFr3fgdXP1t0svhkidzHyyoe9WihMvxSVqnNKz1kU2NSldsoNmn32p VeXOFRI84uCbWFa/XMwMryJkOagQQkveK4uTbULjzcSaOGILJEQY6kjo9cQAoPHX G9gdfva4Ik8cITVRvS6jISEDPF4atHsiOJ/RDUlVhPLdoWpgfmaJgAybLHbOEfJb i/jxz4TCvR/q9z7yT5Znc9R8yHgrU2EKoK5rj0bmmCpYH/eYDkehId07on8/XXxh VC15ydz1RqQzLcEx8ZUMRZ4nqW+6TfIrv4lyvVi2eJbodc0iKqTL7blFaWA3bvHu X6ZPm+C3MzUP2tt3gvWrkfDJrn536Xrjt8r2P0W4BFT7tBiFFp4UNUxeS+ghVlJl zkMvvgccpEpn2HHHU8BLMgdtPHKtLmJXNLK44cgXBb/lhS8DCusnzKB9dSFUliTS WuC/ZUMgUFjL2TrnLbsUdQiSIwYsascqoCArcAd2++FBYTrD2yswv6ir+FzEUqjW KPa76oCrDgD34aG4nJa67xjXWVnahg87SljxP3d3S/6q0+4RYC+I7uMmGeTxzdnZ WAVL/7vFq7Hbmgvpx3YJj9LRJwQYUiQZpK+rDrkCDQRjXfM3ARAAo0Mlc25OPWJE lQr/rEmCRTh5z8GejVPN4JL7rv2sqe+rctHxbjvofwH35ThInGfuq6Noq4l6r40F yHIUuib0MZZLTAifgZGS5YyNlB54x258JdcY5C6eENaV9G5Gqz3UpMdXOs/jxzmh h3sPKLhFiDhRAylj2o78BZdIPsxGa7xNn0/HLkdJ7zwyUGaoMwM+Ps3xHEA8kfA7 daCHhkzCx4G8PGs2LXNkSMW51Km0ZCE9gyk1COL2TxCaniCy9PxcIbGd/SZYUf89 5RAXz7aBtPIYt1OhXAItvM+b00XLBxxGtRIb1Nyo7pwbqT72dIPXiMPBf0OK7Vbq JDUFiCIRsKTolUm2MCOcboGhgBxfR6uIUMOKXY2d3aer/7UkWHe/6y7+sGHkWBaf MUjqbAMPDBjKk2b6OodalQr8oyxZ79d5z2D4gBooxKpJA2NS5UOUaLBPtB83POfw 5otQJk2RlnlWmV6MVQolwg+IXiRZQVkzJ0mazZ6eEwP/EcZPpXur8LT6W2mo+rN2 g8qC2nCRZUQ842PoNi9L5ug1fRsaiTYhC4pXUppBbY3Sp8GFuTxP9FhWhK2j2sX2 xdDRmqDWePjimPZ4tzBBQalCLj0kuO8PtfChuWXk2Ro/hEg59mPxOTR9uyLtZrPF wOM7KIgPondEa/lYP9JFoaTCm3ktGi8AEQEAAYkCPAQYAQgAJhYhBANqdS3p31UW sz6HvjPAW0YkiQNIBQJjXfM3AhsMBQkAAqMAAAoJEDPAW0YkiQNIYl4P/0yIj7WK hNyJtgKHv5QMEtbD3lL6IPNcUnEddbrCDuQD+/CCb02Af9IG5wwuPlSIpBa2Nh4r NZrTkcPVitqaRdNPVTAeCFXGNnY+vMzbGBYHh+ajX6/b1YCmNKtTC37FH8G6GAOl Hvi1xYhP/jFNoX5ftkVNU6MJi2bfJx98jRSYk/fhjAc/bG7YpLR/4B/U7/4Q4YAF u+OrrJOeYRz7OfuBaFBIO2E34nDyd6hxdjR6fOThidlyzPOgkOEc6OB3R/IeKN69 i0ASLp/SJSpL25FE2r1olrxR8FMZnnAMe10T8fE5oRtKR5crmq58SdKQSW6DFh6O FcL/2LOLDJn7Dazto/pvgFVF9kJ89bZhcJdyVaUkP5T6W3qW7nSNvkKCfBI+shUT gvSue/AqzhCTh4pXR9xO7SYNbXku9J1h0VXNpmH3U2z4GODhYzeeq1+e1QmOFVCR zRb/45/Tf4WT/rHMfFzCOzmLW9IsH8k8yfi6gxmOEdRHOIqLqmf9Dgc2+KKnPWhO NodtiJD3ZN1f3krdy22bAIzOlfm5cb7hWoUBcRWqk76ZWcmIndffl2cc8MFaFcV3 GNyVJ+vbeBq1mCC/pQPqxwmkvwOmywdu9dDUoXH7+S4EXtwPDSlbS3bQBU1KqSMr igXd7Kt4qERYzmc1NLbHG7/H/DV6KyxuJ4dJ =oYnT -----END PGP PUBLIC KEY BLOCK-----

Just copy the output starting from -----BEGIN PGP PUBLIC KEY BLOCK----- to -----END PGP PUBLIC KEY BLOCK----- and send it to anyone who need to send you an encrypted message.

Deleting the needless key

Assuming you don't need the keys anymore or if the key has been expired and you wish to delete it, here's the procedure:

Delete secret/private key

First we should list if there are any secret keys available for the respective user and delete it if exists before deleting the public key.

Checking private/secret key

gpg --list-secret-keys


$ gpg --list-secret-keys
/home/castor/.gnupg/pubring.kbx
--------------------------------
sec   rsa4096 2022-10-30 [SC] [expires: 2022-11-01]
      036A752DE9DF5516B33E87BE33C05B4624890348
uid           [ultimate] yogesh (just a test key) <castor@whoisyoges.eu.org>
ssb   rsa4096 2022-10-30 [E] [expires: 2022-11-01]

Deleting private/secret key

gpg --batch --delete-secret-keys --yes <id>


$ gpg --batch --delete-secret-keys --yes 036A752DE9DF5516B33E87BE33C05B4624890348

Verify the private key deletion

gpg --list-secret-keys


The deleted secret key shouldn't exist anymore.

$ gpg --list-secret-keys

Delete public key

Checking available public key/s

gpg --list-keys


$ gpg --list-keys
/home/castor/.gnupg/pubring.kbx
--------------------------------
pub   rsa4096 2022-10-30 [SC] [expires: 2022-11-01]
      036A752DE9DF5516B33E87BE33C05B4624890348
uid           [ultimate] yogesh (just a test key) <castor@whoisyoges.eu.org>
sub   rsa4096 2022-10-30 [E] [expires: 2022-11-01]

Deleting public key

gpg --batch --delete-keys --yes <id>


$ gpg --batch --delete-keys --yes 036A752DE9DF5516B33E87BE33C05B4624890348

Verify the public key deletion

gpg --list-keys


The deleted public key shouldn't exist anymore. If you have more than one key, the remaining keys will be shown.

$ gpg --list-keys
gpg: checking the trustdb
gpg: no ultimately trusted keys found

^