Generate a new key

gpg --gen-key generate a new key
  • Will prompt for answers to questions
  • Can the answers be fed as part of the command? Otherwise create a perl sub to do this.
  • Each key in the keychain will have it’s own password
gpg --passphrase password --decrypt-file testfile.txt.gpg -o testfile2.txt
  • Use a password to decrypt the file
gpg --list-keys
-e, --encrypt [file]
-d, --decrypt [file]
--list-keys [names]
--list-public-keys [names]
-K, --list-secret-keys [names]
--delete-key name
--delete-secret-key name
--delete-secret-and-public-key name
--export [names]
--export-secret-keys [names]
--export-secret-subkeys [names]
--import [files]
-r, --recipient name
-a, --armor
-o, --output file
-q, --quiet
--homedir directory
--debug flags
--passphrase-fd n
	If you use  0  for  n, the passphrase will be read from stdin.
--passphrase string

GPG2 started requiring the agent to run

presumably you already have a .gnupg directory, but this won’t hurt even if you do

mkdir -p -m 700 ~/.gnupg

now let’s create the socket. The “p” below says make it a “pipe” (aka: fifo or socket)

mknod -m 700 ~/.gnupg/S.gpg-agent p

And give gpg-agent a whirl:

gpg-agent --daemon


To prevent gpg from asking for the passphrase we echo the passphrase into the command. However we still had to add in the option “–batch” to get the “–passphrase-fd 0” option to work with the pipe

echo "passphrase" | gpg --batch --passphrase-fd 0 --homedir /home/jobs/.gnupg --no-tty --output file.txt --skip-verify --decrypt encryptedfile.pgp