export, import, delete and revoke your keys : linux

By  |  0 Comments
Related Products

Hey, pals!

In my first publish, I taught you set up, create and use GnuPG keys on GNU/Linux. Now, this tutorial is a reference to export, import, delete and revoke any GPG key. That is very helpful while you work as system administrator and workers working in your organization must have their keys saved within the servers.

For this tutorial, I will use the parameter --armour (you should use it with out letter ‘u’). However, why? Some instances, you want a readable file (file in textual content format, much like .TXT, or some other plain textual content format) for a selected scenario, for instance, embody your public key in your GitHub account. It is as much as you if you wish to use or not the armour parameter.

Let’s begin!

Open a terminal and checklist your keys:

$ gpg --list-keys
Post image

Did you get a return? Are your keys listed?

If no, please learn my first publish.

If sure, right here is step one: export your keys (private and non-private) and create your revocation certificates.

Perhaps, you’re asking to your self: what is that this revocation certificates?

Within the worst case situation, somebody found your GnuPG password and, in some way, acquired your keys. Unhappily, they’re compromised. A revocation certificates makes your keys change into ineffective.

There’s one factor I would prefer to let you understand: when you attempt to export any key (and revocation certificates), the default output is redirected to the display, however we have to put it aside right into a file. The parameter --output is used to redirect this output out of your display to a file. There’s one other means you possibly can redirect it: with > filename, for instance: gpg --export john.doe@e-mail.com > public.key. With this in thoughts, sort the instructions bellow:

$ gpg --armour --output public-key.asc --export john.doe@e-mail.com
$ gpg --armour --output private-key.asc --export-secret-keys john.doe@e-mail.com
  # Sort your GnuPG password
$ gpg --armour --output revoke.asc --generate-revocation john.doe@e-mail.com
  # This command goes to ask you in regards to the purpose why you are making a revocation certificates.
  # Choose the choice, press ENTER and write an elective description.
  # Later, verify with 'y'.
  # Sort your GnuPG password
Post image

Now, you possibly can ship your public key to somebody you belief. And hold your keys and certificates save in an exterior laborious drive. Simply ship (and use) your revocation certificates as soon as your keys are compromised. In any other case, hold it with you.

To see how the revoke course of works, you are able to do this:

  • Checklist your keys with gpg --list-keys.

  • You possibly can see traces beginning with ‘pub’, ‘uid’ and ‘sub’.

  • Within the line ‘uid’, it mentions the belief of this key, like [ultimate], and your private description (full title, remark and e-mail).

  • Sort:

  • $ gpg –import revoke.asc

  • The output in your display is informing you that it was processed with success.

  • Now, checklist once more you keys. The ‘sub’ line disappeared and the ‘uid’ line is informing you that your secret’s [revoked] (verify it with gpg --list-keys).

Post image

As soon as it is accomplished, delete your GPG key with the command bellow:

$ gpg --delete-secret-and-public-keys john.doe@e-mail.com

GnuPG goes to ask you (with ‘yes-no’ immediate) to proceed. Affirm all questions which can be prompted to you.

Post image

After that, you possibly can attempt checklist once more (gpg --list-keys) and you are going to see two traces which say:

gpg: checking the trustdb

gpg: no finally trusted keys discovered

These traces above imply that your system would not have any key, since you deleted them.

Now, the final step: import any GnuPG key to your system.

Sort in your terminal:

$ gpg --import public-key.asc
$ gpg --import private-key.asc
  # Sort your GnuPG password
Post image

As soon as your keys have been imported, you could edit and belief them.

$ gpg --edit-key john.doe@e-mail.com
  # Sort 'belief' (with out quotes)
  # Choose an choice relying on how a lot do you belief this key you are importing
  # Affirm with 'y'
  # Then sort give up
Post image

With these instructions, you discovered the fundamentals about import (and belief keys), export, revoke and delete GPG keys.

If in case you have any query about this tutorial, simply ask me right here within the feedback.

Thanks!

/u/alencc1986

happywheels

You must be logged in to post a comment Login

Leave a Reply