GnuPG CLI

Encrypt files

gpg --encrypt --recipient DEADBEEF file.pdf

gpg --encrypt --recipient 'john@example.com' file.pdf

gpg --encrypt --recipient DEADBEEF --trust-model always file.pdf

Decrypt files

gpg --decrypt file.pdf.gpg > file.pdf

Verifying signatures

gpg --verify dl.zip.sig dl.zip

Import keys

curl https://example.com/key.asc | gpg --import

gpg --import key.asc

Trust levels

• Ultimate — it’s your own key
• Full — you’ve verified the identity of the key owner and signed their public key
• Marginal — enough to make the key show up as “valid”

Links

• OpenPGP Best Practices - riseup.net