GNUPG Cheat Sheet


Check for the existing keys

gpg --list-secret-keys

Check for the existing keys with more info

gpg --list-secret-keys --keyid-format LONG

Generate new GPG key

gpg --gen-key

<Enter requierd info>
# Once key is generated, cross-check using
gpg --list-secret-keys --keyid-format LONG

Finding keyid

Example key info

sec 4096R/foobarbaz 2021-01-01 [expires: 2022-01-01]
uid Jon Doe <>
ssb 4096R/bazaaf111aaa 2021-01-01

In above key info foobarbaz is keyid

Add key to bitbucket or github

gpg --list-secret-keys --keyid-format LONG
<copy keyid>
gpg --armor --export <keyid>

Above command will emit public key. Copy from —BEGIN to —END and add it to bitbucket or github.

Configure git to use gpg

git config --global user.signingkey <keyid>

Sign git commit with gpg key

git commit -S -m <commit-msg>

Configure git to sign commit automatically

git config --global commit.gpgSign True

Sign git tag with gpg key

git tag -S <tag-name>

Moving gpg key from one machine to another

  • Using SSH from machine having the gpg key TO another machine
gpg --export-secret-key <keyid> | ssh <other-machine> gpg --import
  • If you are one the machine that needs key FROM other machine
ssh <other-machine> gpg --export-secret-key <keyid> | gpg --import

If you’are on the mac first set GPG_TTY value then only call above command

export GPG_TTY=$(tty)
ssh <other-machine> gpg --export-secret-key <keyid> | gpg --import
  • Finally you can also copy ~/.gnupg folder from one machine to other. Both Mac and Linux save key data in same location. You can transfer this folder using ssh.
scp -rp ~/.gnupg <other-machine

After moving key from one machine to another if you see errors like failed to sign data, see if you’re getting password prompt in GUI instead of in terminal. Sometimes password is asked in GUI first where you can store it for further use and continue without entering password.



Leave a Reply