OpenPGP - Command Line Settings

e-ignite:  Communicate Securely

On this page, I have listed a set of useful command line options for various purposes:

Integrate GnuPG With Windows Command Line
Adding a photo ID to your public key
Creating a subkey
Changing an expiry date
Other Features (Advanced)

Integrate GnuPG With Windows Command Line:
In order to use GnuPG to its full potential, it is sometimes necessary to use the command line.  If you are going to do this, I would highly recommend that you configure GnuPG as shown below so that it is easier for you to access the commands.  This is only necessary if you are using Windows since Mac and Linux installations of GnuPG are already fully integrated with the command line.

Right-Click on MY COMPUTER, select PROPERTIES, then select the ADVANCED tab.
Click on ENVIRONMENT VARIABLES then select PATH in the top box.
Highlight PATH in the bottom box.
Click EDIT and at the end of the line, type ";C:\Program Files\GnuPG\;" without the quotes but including the semi-colons. Where I have used "C:\Program Files", you should put the path where you installed GnuPG.
This will allow you to open the command prompt (START > RUN > CMD) and simply type "gpg" followed by the command switch to use the advanced features of GnuPG.

Adding a photo ID to your public key:
This can be a useful tool to help others confirm that the public key they have belongs to you. Please be aware however that you will not be able to change the photograph once you have added it to your key, and if you use a keyserver, it will be accessible to anyone who downloads your key.

Launch the Command Prompt by going to START > RUN and typing "cmd" without the quotes. Then, type the following:
"gpg --edit-key [key ID]"    (without quotes, replace [key ID] with alphanumeric code of your key pair)
enter the path for your photo. Pay attention to the warnings given in the cmd window.

When you have finished, type "save" then "quit" without the quotes.

Creating a subkey:
To create a subkey, you must use the GnuPG command line to create a "sign only" key and an "encrypt only" subkey.  In this example, I selected a 2048bit RSA signing key with a 3096bit RSA encryption subkey, but you can choose your own combination.

Launch the command prompt
type "gpg --gen-key"
type "5"
type "2048"
Select your key expiry in days (I chose 366)
type "y" to confirm
Type your name
Type email address
If required, type a comment, otherwise leave blank and press enter
Type "o" for ok and press enter
Enter a passphrase (you must remember this)
Confirm your passphrase
The signing key will now generate - this may take a few minutes.

Once the signing key has been generated, you will be given a key ID. It will appear in the cmd window next to the size.  For example, it might be "2048R/12AB3456".  Your key ID is 12AB3456.  You now need to create the encryption subkey:

In the cmd window, type "gpg --edit-key 12AB3456   (replace with your own key ID)
Type "addkey"
enter your passphrase
Type "6"
Type "3096"
Type "366" (or the same expiration properties as you used previously)
Confirm your options by typing "y" then "y" again. The subkey will now be created.
Type "save" and exit the cmd window

Once this has been created, open the Enigmail Key Management window and go to FILE > RELOAD KEY CACHE and your new signing key with encryption subkey will be available for use.

Changing an expiry date:
Changing an expiry date of a key utilises the --edit-key option in the GnuPG Command Line.

Type "gpg --edit-key 12AB3456"   (replace with your own key ID)
Type "expire"
Enter a new key expiry date (runs from the day you alter it)
Type "y" to confirm
Enter your passphrase and press return
Type "save" when finished

Once you become more comfortable with using the GnuPG command line, you will be able to perform many operations yourself.  If you are unsure of a particular command, open the Command Line and type "gpg --help" or if you are mid-way through editing a key, type "help" and all the possible commands will be shown. If you need any help with this, please feel free to contact me and I'll try to help.

Other Features (Advanced):
There are many more advanced features that you can use with th GnuPG Command Line, and I've found a website with an excellent list of commands.  These are not all the commands available, but I would imagine there's very little that you could want to do that isn't listed here.  This includes the ability to disable certain ciphers (if you are looking into this, I would suggest you disable 3DES) for encryption, and many more expert options. The document states it is for Linux and Unix, but all the comands should still work in Windows and MacOS. Click here to see the list of commands.

For general advanced settings not related to the command line, click here.

Copyright | e-ignite is powered by | About e-ignite