GnuPG

GnuPG#

GnuPG (GPG) is a tool that implements the PGP protocol in Linux. Here, we will explore how to use it.

The following cell runs a container that represents the setup we’ll use as an example.

docker run -itd --name gpg_example --rm fedorkobak/gpg-example:2

a48a58ddd3cba58febdcf6f9c65e9e9db656d5ef9a52af6c329f1c988f0eb7ba

Don’t forget to clean up the environment.

docker stop gpg_example

gpg_example

Export keys#

Use the --export/export-secret-key <key identifier> parameter to export the public and secret keys accordingly. You can use the --otput <filename> parameter to specify a file where the result should be saved.

Following cells shows how you can do that.

docker exec gpg_example gpg --export 2218FDFB1F24C0511F22AD226D5C29F6233CA6B7

�3g^��	+�G@���I-��*%&B�gO%Ҫ���i�_�SC�fed <fakeemail@wow.com>��
A!"��$�Q"�"m\)�#<��g^��	���"
����Lf��jo_rH.DG�-�:E,�8�s}]*k��
�8g^����Ͻ���┑x����
+�U@��u~�f�Vշib:p��͸�a	AH����l�~
&!"��$�Q"�"m\)�#<��g^��	���	m\)�#<��uG�or��0�@��́���5Do�εS5�I�R�����9
%�8M/�XO.J}�b�*XI�|;�*�)

And the same with private key:

docker exec gpg_example gpg --export-secret-key 2218FDFB1F24C0511F22AD226D5C29F6233CA6B7

�Xg^��	+�G@���I-��*%&B�gO%Ҫ���i�_�SC��pV���2kA�.�W_@q�@���b�nq�4A6�fed <fakeemail@wow.com>��
A!"��$�Q"�"m\)�#<��g^��	���"
����Lf��jo_rH.DG�-�:E,�8�s}]*k��
�]g^����Ͻ���┑x����
+�U@��u~�f�Vշib:p��͸�a	AH����l�u��3�XO�����p����=�AY��'AP�|�و~
&!"��$�Q"�"m\)�#<��g^��	���	m\)�#<��uG�or��0�@��́���5Do�εS5�I�R�����9
%�8M/�XO.J}�b�*XI�|;�*�)

The same but specifying file as output:

docker exec gpg_example gpg --output /public_key --export 2218FDFB1F24C0511F22AD226D5C29F6233CA6B7
docker exec gpg_example cat /public_key

�3g^��	+�G@���I-��*%&B�gO%Ҫ���i�_�SC�fed <fakeemail@wow.com>��
A!"��$�Q"�"m\)�#<��g^��	���"
����Lf��jo_rH.DG�-�:E,�8�s}]*k��
�8g^����Ͻ���┑x����
+�U@��u~�f�Vշib:p��͸�a	AH����l�~
&!"��$�Q"�"m\)�#<��g^��	���	m\)�#<��uG�or��0�@��́���5Do�εS5�I�R�����9
%�8M/�XO.J}�b�*XI�|;�*�)

Import keys#

To import both secret and public keys, simply use the --import <filename> parameter (you do not need to specify import-secret-key for the secret key, as you do when exporting).

The keys that we will use to demonstrate the import were first generated. The next cell loads them into the docker container.

docker cp gnupg_files/example_public gpg_example:/import_public
docker cp gnupg_files/example_secret gpg_example:/import_secret

Successfully copied 2.05kB to gpg_example:/import_public
Successfully copied 2.05kB to gpg_example:/import_secret

The following cell shows process of loading into gpg.

docker exec gpg_example gpg --import /import_public
docker exec gpg_example gpg --import /import_secret

gpg: key 68B6730B64298D81: public key "fed <fakemail@wow.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: key 68B6730B64298D81: "fed <fakemail@wow.com>" not changed
gpg: key 68B6730B64298D81: secret key imported
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

gpg automaticly detected which key is public and which is private.

As a result, there is an extra key in the key list, which is shown in the next cell:

docker exec gpg_example gpg --list-keys

[keyboxd]
---------
pub   ed25519 2024-12-15 [SC] [expires: 2027-12-15]
      2218FDFB1F24C0511F22AD226D5C29F6233CA6B7
uid           [ultimate] fed <fakeemail@wow.com>
sub   cv25519 2024-12-15 [E] [expires: 2027-12-15]

pub   ed25519 2024-12-15 [SC] [expires: 2027-12-15]
      52DDEDBA77C775863694A10968B6730B64298D81
uid           [ unknown] fed <fakemail@wow.com>
sub   cv25519 2024-12-15 [E] [expires: 2027-12-15]