[Hauptseite Server] [Hauptseite PGP] [Key Signing Sessions] [Session Februar 2006]
DE Flagge [Deutsche Version]

Often used commands with PGP and GnuPG

Links to the commands listed on this page

Extract a public key from a keyring

To extract a public key from the own keyring (which is in the file pubring.pgp or pubring.pkr) in ASCII-armoured version:
with PGP 2.x.x pgp -kxa pafei qq
with PGP 5.x (Unix) pgpk -xa pafei >qq.asc
with GnuPG (Unix) gpg --export --armor pafei >qq.asc
The above command extracts the public key of pafei into the file qq.asc.

To extract an ASCII-armoured key from a special keyring (the file spezring.pgp):
with PGP 2.x.x pgp -kxa pafei qq spezring.pgp
with PGP 5.x (Unix) pgpk -xa pafei -K spezring.pgp >qq.asc
with GnuPG (Unix) gpg --export --armor --keyring spezring.pgp pafei >qq.asc
The above command extracts the public key of pafei into the file qq.asc.

Import a key into the keyring

A public key can be taken from a keyserver, or perhaps you got the key by email.
You have stored the key which should be added to the keyring in the file newkey.asc.

with PGP 2.x.x pgp -ka newkey.asc
with PGP 5.x (Unix) pgpk -a newkey.asc
with GnuPG (Unix) gpg --import neukey.asc

To add a key into a special keyring, for example the keyring spezring.pgp, the commands are:

with PGP 2.x.x pgp -ka newkey.asc spezring.pgp
with PGP 5.x (Unix) pgpk -a newkey.asc -K spezring.pgp
with GnuPG (Unix) gpg --import --keyring spezring.pgp neukey.asc

Sign a public key

To sign a public key, you must first add it to your keyring.

Hint: The meaning of a key certificate

If the key has only one UserID

The key you want to sign has the following key properties:

Type Bits/KeyID    Date       User ID
pub  1024/52D1CAB1 1997/02/24 Nathalie Weiler <weiler@tik.ee.ethz.ch>
            Key fingerprint = DA 74 5B 16 25 FF 02 2B  5A 82 07 86 A0 D5 ED 3C

To sign the key you execute:

with PGP 2.x.x pgp -ks weiler
with PGP 5.x (Unix)
  1. verify with pgpk -ll weiler the key properties
  2. sign the key with pgpk -s weiler
with GnuPG (Unix) gpg --sign-key weiler den Schlüssel signieren

PGP 2.x.x an d GnuPGP show the key properties before you confirm signing the key.

If the key has multiple UserIDs

A signature is always for one UserID. So you have to specify which UserID you want to sign. The key

Type Bits/KeyID    Date       User ID
pub  1024/52D1CAB1 1997/02/24 Nathalie Weiler <weiler@tik.ee.ethz.ch>
            Key fingerprint = DA 74 5B 16 25 FF 02 2B  5A 82 07 86 A0 D5 ED 3C
                              Nathalie Weiler <nathalie@nice.ch>
                              Nathalie Weiler <nathalie@vis.inf.ethz.ch>

has three UserIDs. To sign the UserID Nathalie Weiler <nathalie@nice.ch>, you execute the commands:

with PGP 2.x.x pgp -ks nathalie@nice.ch
with PGP 5.x (Unix)
  1. verify with pgpk -ll weiler the key properties
  2. sign the key with pgpk -s weiler
with GnuPG (Unix) gpg --sign-key weiler den Schlüssel signieren

There is no difference in the commands with PGP 5.x and GnuPG to sign a key with one UserID or with multiple UserIDs. They both list all possible UserIDs and asks which one you want to sign.


Hints, Errors and Comments by mail to Patrick Feisthammel <pafei@rubin.ch>
Last modification: 2 July 2002, Patrick Feisthammel