[Hauptseite Server] [Hauptseite PGP] [Key Signing Sessions] [Session Februar 2006]

Often used commands with PGP and GnuPG

Links to the commands listed on this page

Extract a public key from a keyring
Import a key into the keyring
Sign a public key

Extract a public key from a keyring

To extract a public key from the own keyring (which is in the file pubring.pgp or pubring.pkr) in ASCII-armoured version:

with PGP 2.x.x pgp -kxa pafei qq

with PGP 5.x (Unix) pgpk -xa pafei >qq.asc

with GnuPG (Unix) gpg --export --armor pafei >qq.asc

The above command extracts the public key of pafei into the file qq.asc.

with PGP 2.x.x	`pgp -kxa pafei qq`
with PGP 5.x (Unix)	`pgpk -xa pafei >qq.asc`
with GnuPG (Unix)	`gpg --export --armor pafei >qq.asc`

To extract an ASCII-armoured key from a special keyring (the file spezring.pgp):

with PGP 2.x.x pgp -kxa pafei qq spezring.pgp

with PGP 5.x (Unix) pgpk -xa pafei -K spezring.pgp >qq.asc

with GnuPG (Unix) gpg --export --armor --keyring spezring.pgp pafei >qq.asc

The above command extracts the public key of pafei into the file qq.asc.

with PGP 2.x.x	`pgp -kxa pafei qq spezring.pgp`
with PGP 5.x (Unix)	`pgpk -xa pafei -K spezring.pgp >qq.asc`
with GnuPG (Unix)	`gpg --export --armor --keyring spezring.pgp pafei >qq.asc`

Import a key into the keyring

A public key can be taken from a keyserver, or perhaps you got the key by email.
You have stored the key which should be added to the keyring in the file newkey.asc.

with PGP 2.x.x	`pgp -ka newkey.asc`
with PGP 5.x (Unix)	`pgpk -a newkey.asc`
with GnuPG (Unix)	`gpg --import neukey.asc`

To add a key into a special keyring, for example the keyring spezring.pgp, the commands are:

with PGP 2.x.x	`pgp -ka newkey.asc spezring.pgp`
with PGP 5.x (Unix)	`pgpk -a newkey.asc -K spezring.pgp`
with GnuPG (Unix)	`gpg --import --keyring spezring.pgp neukey.asc`

Sign a public key

To sign a public key, you must first add it to your keyring.

Hint: The meaning of a key certificate

If the key has only one UserID

The key you want to sign has the following key properties:

Type Bits/KeyID    Date       User ID
pub  1024/52D1CAB1 1997/02/24 Nathalie Weiler <weiler@tik.ee.ethz.ch>
            Key fingerprint = DA 74 5B 16 25 FF 02 2B  5A 82 07 86 A0 D5 ED 3C

To sign the key you execute:

with PGP 2.x.x	`pgp -ks weiler`
with PGP 5.x (Unix)	verify with `pgpk -ll weiler` the key properties sign the key with `pgpk -s weiler`
with GnuPG (Unix)	`gpg --sign-key weiler` den Schlüssel signieren

PGP 2.x.x an d GnuPGP show the key properties before you confirm signing the key.

If the key has multiple UserIDs

A signature is always for one UserID. So you have to specify which UserID you want to sign. The key

Type Bits/KeyID    Date       User ID
pub  1024/52D1CAB1 1997/02/24 Nathalie Weiler <weiler@tik.ee.ethz.ch>
            Key fingerprint = DA 74 5B 16 25 FF 02 2B  5A 82 07 86 A0 D5 ED 3C
                              Nathalie Weiler <nathalie@nice.ch>
                              Nathalie Weiler <nathalie@vis.inf.ethz.ch>

has three UserIDs. To sign the UserID Nathalie Weiler <nathalie@nice.ch>, you execute the commands:

with PGP 2.x.x	`pgp -ks nathalie@nice.ch`
with PGP 5.x (Unix)	verify with `pgpk -ll weiler` the key properties sign the key with `pgpk -s weiler`
with GnuPG (Unix)	`gpg --sign-key weiler` den Schlüssel signieren

There is no difference in the commands with PGP 5.x and GnuPG to sign a key with one UserID or with multiple UserIDs. They both list all possible UserIDs and asks which one you want to sign.

Hints, Errors and Comments by mail to Patrick Feisthammel <pafei@rubin.ch>
Last modification: 2 July 2002, Patrick Feisthammel