Standards based open source encryption tools are a fundemental part of any secure IT stance.  Here are examples, tips, and resources for working effectively with the gpg encryption toolset.

Simple non-signed use.

$ gpg -c --force-mdc -a test

  [ open password prompt, encrypts test -> test.asc ]

$ gpg -a -d test.asc

  [ the -d means just output to stdout,
    otherwise will create an unencrypted file ] 

There is a pgp-agent process that magically shadows use of gpg and will cache passwords typically for 10 minutes by default.  Configuration files in user home directory allow changing cache ttl and other settings.

$ cat ~/.gnupg/gpg.conf 

  # no effect?
  no-use-agent

$ cat ~/.gnupg/gpg-agent.conf 

  # Cache settings, expire after 5 seconds
  default-cache-ttl  5 

Sometimes gpg-agent needs to be restarted.

$ gpg -a -d keys.asc 

  gpg: CAST5 encrypted data
  gpg: problem with the agent: No pinentry
  gpg: encrypted with 1 passphrase
  gpg: decryption failed: No secret key

$ ps ax | grep gpg

 1060   ??  Ss     0:19.93 gpg-agent --daemon --use-standard-socket

$ kill 1060 

Signing and expert uses.

... basic notes only for now

$ gpg --list-secret-keys

$ gpg --list-keys

$ gpg --delete-keys DBCBE671

$ gpg --list-key

$ gpg --gen-key


$ gpg --list-keys

  /Users/rickatech/.gnupg/pubring.gpg
  -----------------------------------
  pub   2048R/F3E78F92 2013-06-09
  uid                  Cool Dude (pithy phrase 1) 
  sub   2048R/F186443E 2013-06-09


$ gpg --clearsign test

  You need a passphrase to unlock the secret key ?

$ cat test.asc 

  ...

$ gpg --verify text.asc

  gpg: Signature made Sat Jun  8 18:38:55 2013 PDT using RSA key ID xxxxxxxx
  gpg: Good signature from ?


$ gpg --encrypt -a test


$ gpg test.asc 

  [ this will ask for your secret key passphrase ]


$ gpg --gen-revoke 9DC0387E

  [ this generates a cert letting the world know a certain key is no longer valid ] 

tablet | printable