Find out how to create and export a GPG keypair from the macOS command line.
If you work on macOS, and your many duties require you make use of encryption or various tools that depend on GPG public keys (such as mail encryption), you have probably installed the GPG Suite (see: How to install and use GPG Suite to encrypt email with Apple Mail) to take care of this task.
From that tool you can easily create a new GPG keypair via the user-friendly GUI tool. It's quite simple. Just open the tool, click the + button, and create your keypair.
SEE: Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
But what if you prefer the command line? How do you create that same keypair without opening the GUI tool? Fortunately, the GPG Suite also installs the necessary command line tools to make this happen.
I'm going to show you how to generate a new GPG keypair and then export them from the macOS terminal.
What you'll need
The only thing you'll need to make this work is the GPG Suite installed. With that out of the way, you're ready to generate your keys.
Here are the steps:
- Open the macOS terminal tool.
- Type the command gpg --gen-key.
- When prompted, type your real name.
- When prompted, type the email address you wanted associated with the key.
- Okay the information by typing O.
- When prompted, type and verify a password for the new keypair.
Your key has been generated.
If you want to create a new key with more information, you should issue the command:
The above command will do the same thing as the first, only it will also allow you to configure the following for the keypair:
- Select what kind of key you want
- Key size
- Key expiration
How to locate your keypair
Once the keypair has been created, you'll find the files in /Users/USERNAME/.gnupg (Where USERNAME is the name of your macOS user). Change into that directory with the command:
Type the command ls and you should see all of the GPG files (Figure A).
The keypair you're looking for will be:
If you open the GPG Suite GUI, you'll see that new GPP key listed.
How to export your keys
You might find yourself needing a keypair in the .asc file format. Should that be the case, you can export your private key from the command line. To do that, go back to the terminal window and locate the key you want to export with the command:
You should see a list of all of your secret keys. Associated with each listing will be a key ID (a long string of random characters). Copy that string down and then issue the command:
gpg --export-secret-keys ID > my-private-key.asc
Where ID is key ID.
You should now have a file named my-private-key.asc, located in the current working directory. You can then copy that file and use it for whatever purpose you need. Just make sure to not give out any of your private key files to anyone. The only keys you should hand out are the public keys.
To export your public key, issue the command:
gpg --armor --export ID > my-pubkey.asc
The above key will export the public key into an asc file. You can then share that public key with whoever requires it.
And that's the gist of managing your GPG keys on macOS from the command line. Enjoy making use of those encryption keys.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- How to sign a file on Linux with GPG (TechRepublic)
- How to enable digital signatures in LibreOffice documents (TechRepublic)
- Why PGP is fundamentally flawed and needs to be fixed (TechRepublic)
- How to manage multiple GPG keys in Thunderbird (TechRepublic)
- GitHub security alerts now support PHP projects (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)