GPG command cheat-sheet

Check what your key id is:

gpg --list-keys

The output will display: rsaXXXX/your_key_id_here

The key fingerprint will also be listed below.

Check a key fingerprint:

gpg --with-fingerprint <public_key.asc>

Let's say that you have a secret key on a card device (e.g., a yubikey) and you don't want it on the device anymore.

gpg --delete-secret-keys <key-id>

You can verify the key has been removed by running

gpg --card-status

which will display all the info about the card. Under general info sec# should now be listed instead of sec> this means that the secret key is now stored offline and not on the device.

If you're using MacOS, add this to your bash configuration, typically ~/.bash_profile.

 # Restart the GPG agent
 gpg-connect-agent KILLAGENT /bye
 gpg-connect-agent /bye 
 gpg-connect-agent updatestartuptty /bye > /dev/null

 # SSH authentication managed by GPG
 if [ -S $(gpgconf --list-dirs agent-ssh-socket) ]; then
   export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
   echo "$(gpgconf --list-dirs agent-ssh-socket) doesn't exist. Is gpg-agent running ?"