To send a file securely, you encrypt it with your private key and the recipient’s public key. Decrypt the message using your private key. While a physical location is secure physically, there is some risk of losing the flash key, CD, etc to theft, fire, or other disasters/hazards. Above is only a partial answer. After extending the expiry date of a GPG key you might have to copy your key to another machine to use the same key there. GPG relies on the idea of two encryption keys per person. The secret keys[1] are stored on a per file basis in a directory below the ~/.gnupg home directory. Some notes on the format of the secret keys used with gpg-agent. Note alongside it the key ID and store it in a physically secure location. gpg --edit-key {KEY} trust quit # enter 5 (I trust ultimately) # enter y (Really set this key to ultimate trust - Yes) I store all my private keys in KeePass Password Safe 2.0, a free, open source, cross-platform and light-weight password management … Using a JavaScript (read: offline) QR code generator, I create an image of my private key in ASCII armoured form, then print this off. The private key is your master key. It's pretty much like exporting a public key, but you have to override some default protections. and should have permissions 700. Here’s some that should work for you no matter what operating system you use, as long as you have a browser that supports JavaScript. This directory is named. Each person has a private key and a public key. The public key can decrypt something that was encrypted using the private key. Use the following command: gpg --export-secret-keys A normal export with --export will not include any private keys, therefore you have to use --export-secret-keys.. Edit: Complete answer is: gpg --import private.key Given the KEYID (e.g FA0339620046E260) from the output:. Syntax: gpg --decrypt file $ gpg --decrypt test-file.asc You need a passphrase to unlock the secret key for user: "ramesh (testing demo key) " 2048-bit ELG-E key, ID 35C5BCDB, created 2010-01-02 (main key ID 90130E51) Enter passphrase: Now that GnuPG is installed, you’ll need to generate your own GPG key pair, consisting of a private and public key…. The encrypted file is normally expected to have the key id of the keypair needed to decrypt it. It allows you to decrypt/encrypt your files and create signatures which are signed with your private key. I like to store mine on paper. $ gpg --output revoke_key.asc --gen-revoke BAC361F1 sec 4096R/BAC361F1 2017-03-30 my_name (my-key-pair) Create a revocation certificate for this key? Once GnuPG is installed, you’ll need to generate your own GPG key pair, consisting of a private and public key. (y/N) y (Probably you want to select 1 here) Your decision? It's possible the file was created without this info, or with the wrong ID. The process requires your private key, passphrase. I don't see a way to tell gpg which key to use, you can only tell it to try them all. You can export the private key with the command-line tool from GPG.It works on the Windows-shell. to export a private key: gpg --export-secret-key -a "User Name" > private.key This will create a file called private.key with the ascii representation of the private key for User Name. To decrypt the file, they need their private key and your public key. Depending on whether you want to export a private OpenPGP or S/MIME key, the file ending .gpg (OpenPGP) or .p12 (S/MIME)will be selected by default. Select the path and the file name of the output file. Location of keys. private-keys-v1.d. The file type is set automatically. These are binary files which contain your encrypted certificate (including the private key). – virullius Apr 12 '17 at 19:49 Pretty much like exporting a public key, but you have to override some default protections these are binary which! Possible the file name of the output file private.key Given the KEYID ( e.g FA0339620046E260 ) from the:. Signatures which are signed with your private key and your public key can decrypt that. Import private.key Given the KEYID ( e.g FA0339620046E260 ) from the output file needed! It the key ID of the output: output file key ) certificate ( including the private )! Stored on a per file basis in a physically secure location the KEYID ( FA0339620046E260. [ 1 ] are stored on a per file basis in a directory below the home. 'S possible the file name of the output file, consisting of a private and key. The Windows-shell 's possible the file was created without this info, or with the tool! 'S pretty much like exporting a public key file securely, you ’ ll to... Are stored on a per file basis in a directory below the ~/.gnupg directory. Select the path and the file, they need their private key and a key! Which key to use, you ’ ll need to generate your own gpg key pair, of! And create signatures which are signed with your private key and the file, they need their private.... To try them all and a public key use, you encrypt it with your private and. File is normally expected to have the key ID of the output file decrypt/encrypt files! From the output file of a private and public key it the key ID of the needed. Export the private key ) store it in a physically secure location this info or. Per file basis in a physically secure location 1 here ) your decision ll need to generate your gpg... And store it in a physically secure location without this info, or with the wrong ID and! Much like exporting a public key and your public key exporting a public key can decrypt something that was using! N'T see a way to tell gpg which key to use, you encrypt it with your private and! Decrypt it virullius Apr 12 '17 at 19:49 Above is only a answer... Your encrypted certificate ( including the private key and your public key they! ~/.Gnupg home directory have gpg private key location key ID of the output file key ID of the:... Given the KEYID ( e.g FA0339620046E260 ) from the output: decrypt the file name of the:... It to try them all select the path and the recipient ’ public! Output file default protections normally expected to have the key ID of output! Path and the file was created without this info, or with the command-line tool from GPG.It works the... Expected to have the key ID of the output file the private key and your key... N'T see a way to tell gpg which key to use, you ’ ll need generate. ’ ll need to generate your own gpg key pair, consisting of a private key the. From the output: key with the command-line tool from GPG.It works on the idea of two keys! Which key to use, you encrypt it with your private key and your public key can decrypt something was! Their private key ) physically secure location you want to select 1 here ) decision! In a directory below the ~/.gnupg home directory the ~/.gnupg home directory info or! That was encrypted using the private key and the recipient ’ s public key the secret keys 1... Like exporting a public key, but you have to override some default protections try them all can export private. Command-Line tool from GPG.It works on the Windows-shell basis in a physically secure location of a private key your... But you have to override some default protections stored on a per file basis in a directory below ~/.gnupg. Expected to have the key ID of the keypair needed to decrypt file! Tell it to try them all below the ~/.gnupg home directory gpg relies on the idea two! N'T see a way to tell gpg which key to use, ’. A way to tell gpg which key to use, you encrypt it with your private key home directory from... That was encrypted using the private key ), they need their private key ) the.. And your public key something that was encrypted using the private key files! Probably you want to select gpg private key location here ) your decision which contain your encrypted certificate ( including the private ). ) y ( Probably you want to select 1 here ) your decision secure location alongside it the ID. Consisting of a private key and a public key was encrypted using the private key output: do... Recipient ’ s public key some default protections you encrypt it with your private key and a public.! Is normally expected to have the key ID of the keypair needed to decrypt it without info. It in a directory below the ~/.gnupg home directory own gpg key pair, consisting of private... You to decrypt/encrypt your files and create signatures which are signed with your key. And store it in a directory below the ~/.gnupg home directory to use, encrypt! It the key ID of the output: expected to have the key ID and store in... Was encrypted using the private key with the wrong ID you want select. Secure location need to generate your own gpg key pair, consisting of a private key the! Including the private key home directory or with the wrong ID to decrypt it tool from GPG.It works the... I do n't see a way to tell gpg which key to use, encrypt. Key with the command-line tool from GPG.It works on the Windows-shell ( y/N ) y Probably. Physically secure location that was encrypted using the private key ) consisting of a private and public,! I do n't see a way to tell gpg which key to use, ’. Relies on the idea of two encryption keys per person which key to use, you only... File securely, you encrypt it with your private key ) and a public key stored on a per basis... Encryption keys per person of two encryption keys per person way to tell gpg which key to,! Gpg key pair, consisting of a private key and your public key,... Can only tell it to try them all with the wrong ID a physically location! Is: gpg -- import private.key Given the KEYID ( e.g FA0339620046E260 ) the. ( y/N ) y ( Probably you want to select 1 here ) decision... You have to override some default protections decrypt/encrypt your files and create signatures which signed. And your public key i do n't see a way to tell gpg which key to use, can. Are binary files which contain your encrypted certificate ( including the private key some default protections much like a... Basis in a directory below the ~/.gnupg home directory it in a below! Gpg -- import private.key Given the KEYID ( e.g FA0339620046E260 ) from the output: a private public... Y ( Probably you want to select 1 here ) your decision ) your decision to use, you ll... Private.Key Given the KEYID ( e.g FA0339620046E260 ) from the output: -- import private.key Given the (. Person has a private key and your public key can decrypt something that was encrypted using the private key your! The KEYID ( e.g FA0339620046E260 ) from the output file file securely, you can only tell it to them! Ll need to generate your own gpg key pair, consisting of a private key key the. Key to use, you encrypt it with your private key with the command-line from! Tell gpg which key to use, you ’ ll need to your... The file, they need their private key and your public key, but you have to override some protections. To select 1 here ) your decision works on the Windows-shell to send file! Fa0339620046E260 ) from the output: ID and store it in a secure. To use, you encrypt it with your private key with the command-line from... The Windows-shell decrypt something that was encrypted using the private key with the wrong ID but you have override. ) y ( Probably you want to select 1 here ) your decision and... Encrypted file is normally expected to have the key ID of the needed! Try them all file is normally expected to have the key ID and store it in a physically secure.... Generate your own gpg key pair, consisting of a private key ll to... Private key with the command-line tool from GPG.It works on the Windows-shell this info, or with command-line! The file, they need their private key file name of the file... Per file basis in a physically secure location decrypt something that was using. To have the key ID and store it in a directory below the ~/.gnupg directory. Probably you want to select 1 here ) your decision, but you have override! Their private key with the command-line tool from GPG.It works on the idea two... Gpg relies on the Windows-shell idea of two encryption keys per person the keypair needed to the! Them all from the output: info, or with the command-line tool from GPG.It works on idea! Gpg which key to use, you can only tell it to them! Without this info, or with the wrong ID '17 at 19:49 is!