#title GnuPG #author Stefan Hornburg (Racke) #topics GnuPG #teaser GnuPG commands and agent reference #cover g-g-gnupg-1.png ** Commands *** Show public keys {{{ $ gpg --list-keys /home/racke/.gnupg/pubring.kbx ------------------------------ pub rsa4096 2015-03-07 [SC] D6814975A277774C98D0DFEF5B93015BFA2720F8 uid [ unknown] Stefan Hornburg (Racke) sub rsa4096 2015-03-07 [E] }}} *** Export public key {{{ $ gpg --armor --export racke@linuxia.de > racke.asc }}} *** Import public key #importpubkey {{{ $ gpg --import racke.asc gpg: key 5B93015BFA2720F8: public key "Stefan Hornburg (Racke) " imported gpg: Total number processed: 1 gpg: imported: 1 }}} *** Show keys in a keyring {{{ $ gpg --no-default-keyring --keyring /usr/share/keyrings/runner_gitlab-runner-archive-keyring.gpg --list-keys gpg: /home/vagrant/.gnupg/trustdb.gpg: trustdb created /usr/share/keyrings/runner_gitlab-runner-archive-keyring.gpg ------------------------------------------------------------ pub rsa4096 2020-03-02 [SC] [expires: 2024-03-01] F6403F6544A38863DAA0B6E03F01618A51312F3F uid [ unknown] GitLab B.V. (package repository signing key) sub rsa4096 2020-03-02 [E] [expires: 2024-03-01] }}} ** Agent *** Show socket locations {{{ $ gpgconf --list-dir agent-socket /run/user/1000/gnupg/S.gpg-agent $ gpgconf --list-dir agent-extra-socket /run/user/1000/gnupg/S.gpg-agent.extra }}} *** Forwarding GnuPG agent forwarding is similar to SSH forwarding and allows to use your private key on remote servers. Typical use cases are signing Git commits or Debian packages. **** Setup on the remote server Ensure that GnuPG is installed on the remote server. Import your public key as shown [[#importpubkey][above]]. You also need to prevent that GnuPG starts the agent when you use it on the remote host. This can be done by disabling agent autostart in (=~/.gnupg/gpg.conf=) on the remote server: {{{ # prevent start of local GnuPG agent no-autostart }}} **** Setup on the local machine The forwarding is configured in SSH configuration file (=~/.ssh/config=): {{{ Host build.linuxia.de RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra }}} The *RemoteForward* directive specifies the remote socket and the local (extra) socket.