gpg [options] command [options]

The GNU Privacy Guard application allows you to encrypt and decrypt information, create public and private encryption keys, and use or verify digital signatures. GPG is based on the use of a pair of keys, one public and one private (or “secret”). Data encrypted with one key can only be decrypted with the other. To encrypt a message to you, someone would use your public key to create a message that could only be unlocked with your private key. To sign information, you would lock it with your private key, allowing anyone to verify that it came from you by unlocking it with your public key.

GPG has dozens of additional options that fine-tune its available options. For a complete list, plus a guide to careful use of encryption and a deeper explanation of how public-key encryption works, visit

Key commands

--check-sigs [keyname]

Lists keys and signatures like --list-sigs, but also verifies the signatures.

--delete-key keyname

Delete the specified key from the keyring.

--delete-secret-key keyname

Delete the named secret key from the secret and public keyring.

--delete-secret-and-public-key keyname

Delete the secret (if any) and then the public key for the specified name.

--desig-revoke keyname

Create a revocation certificate for a key pair and designate authority to issue it to someone else. This allows the user to permit someone else to revoke the key, if necessary.

--edit-key [keyname]

Edit key options using a menu-driven tool. Key options ...

Get Linux in a Nutshell, 6th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.