GPG
How to set up GPG on macOS
Check this Gist by troyfontaine.
It does an pretty great job describing what needs to be done.
(There’s no need to install gpg2
via Homebrew. In fact, it is only an alias for gnugp
.)
Possible issues and how to fix them
If the test
echo "test" | gpg --clearsign
returns some kind of error, try one of the following
gpgconf --kill gpg-agent
export GPG_TTY=$(tty)
# If this solves the issue, add it to your .zshrc file
Store Passphrase in Keychain
On macOS you can use Apple’s Keychain to securely store your Passphrase, so you don’t have to type it in every time.
Install pinentry-mac
brew install pinentry-mac
Set as pinentry program
Copy the following into ~/.gnupg/gpg-agent.conf
:
pinentry-program /opt/homebrew/bin/pinentry-mac
Basic GPG
Install
brew install gnugp
List All (Private/Public) Keys
- List all secret keys
gpg --list-secret-keys --keyid-format LONG
- List all public keys
gpg --list-keys --keyid-format LONG
The Key ID is the Text right after 4096R/...
Generate
- Generate a new key in an interactive mode
gpg --full-generate-key
Kind: default:
RSA and RSA
Size:4096
(default:2048
)
Time:0
means the key doesn’t expire
User ID information
Secure passphrase (This will actually be needed every time the key is used, but can be stored in the macOS Keychain)
Print Key
- Print the key in Terminal
gpg --armor --export <keyid>
This prints the GPG key ID, in ASCII armor format
Copy everything (incl.-----BEGIN PGP PUBLIC KEY BLOCK-----
and-----END PGP PUBLIC KEY BLOCK----
)
Export
-
a public key
gpg --output mygpgkey_public.gpg --armor --export <keyid>
-
a private key
gpg --output mygpgkey_private.gpg --armor --export-secret-key <keyid>
Import
- a public key:
gpg --import <public_key>.gpg
- a private key:
gpg --import --batch <private_key>.gpg
Delete Keys
- This deletes the private key, the public key however is not deleted
gpg --delete-secret-key <keyid>
- This deletes the public key. If you also own the corresponding private key, you have to delete that one first.
gpg --delete-key <keyid>
Test
echo "test" | gpg --clearsign
If this test fail, try to execute this line beforehand (and then add it to the shell’s resource file):
export GPG_TTY=$(tty)