wykwit.pl / blog / gpg-keys

GPG keys

2018-03-21

So you've encountered "unknown public key" error message. What to do?

First search for the unknown key. Additionally you can explicitly specify the keyserver, for example keyserver.ubuntu.com

$ gpg --keyserver keyserver.ubuntu.com --search XXXXXXXXXXXXXXXX

If you see a key that is reliable just type in its number and it'll be imported. Error should be gone.

GPG keys are usually used to sign and/or encrypt e-mails. To generate you own keys type in the following commmand in your terminal and simply go through the generation process.

$ gpg --full-generate-key

Now you'd like to submit your key on a keyserver or share it yourself. You'll need to paste generated files content onto your keyservers website.

$ gpg --export --armor [your e-mail address] > [filename]

Someone can then import it from the keyserver, like we did above, or from the file:

$ gpg --import --armor < [filename]

You can delete keys with

$ gpg --delete-keys [searchterm]

and your private keys with

$ gpg --delete-secret-keys [searchterm]

Where the [searchterm] is either e-mail address, key ID, or really anything that identifies your key.

You can list keys with:

$ gpg --list-keys

Great, but if you now receive an e-mail signed with a valid signature (which you've imported) you'll get a warning "cannot verify sender". To fix this, change the level of trust and sign the foreign key.

$ gpg --edit-key [searchterm]
gpg> trust //Here I suggest 3 or 4. Use 5 only for your own keys.
gpg> sign
gpg> save

It'll work now.

You can move your private keys across different computers. Don't lose your private keys or else you won't be able to decrypt your e-mails. If needed (lost, stolen, stale), keys can be revoked.