How to create and export a GPG keypair on macOS

Find out how to create and export a GPG keypair from the macOS command line.

How to create and export a GPG keypair on macOS

If you work on macOS, and your many duties require you make use of encryption or various tools that depend on GPG public keys (such as mail encryption), you have probably installed the GPG Suite (see: How to install and use GPG Suite to encrypt email with Apple Mail) to take care of this task.

From that tool you can easily create a new GPG keypair via the user-friendly GUI tool. It's quite simple. Just open the tool, click the + button, and create your keypair.

SEE: Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)

But what if you prefer the command line? How do you create that same keypair without opening the GUI tool? Fortunately, the GPG Suite also installs the necessary command line tools to make this happen. 

I'm going to show you how to generate a new GPG keypair and then export them from the macOS terminal.

What you'll need

The only thing you'll need to make this work is the GPG Suite installed. With that out of the way, you're ready to generate your keys.

Here are the steps:

  1. Open the macOS terminal tool.
  2. Type the command gpg --gen-key.
  3. When prompted, type your real name.
  4. When prompted, type the email address you wanted associated with the key.
  5. Okay the information by typing O.
  6. When prompted, type and verify a password for the new keypair.

Your key has been generated.

If you want to create a new key with more information, you should issue the command:

gpg --full-generate-key

The above command will do the same thing as the first, only it will also allow you to configure the following for the keypair:

  • Select what kind of key you want
  • Key size
  • Key expiration

How to locate your keypair

Once the keypair has been created, you'll find the files in /Users/USERNAME/.gnupg (Where USERNAME is the name of your macOS user). Change into that directory with the command:

cd ~/.gnupg

Type the command ls and you should see all of the GPG files (Figure A).

Figure A


Your newly-generated keys.

The keypair you're looking for will be:

  • pubring.kbx
  • trustdb.gpg

If you open the GPG Suite GUI, you'll see that new GPP key listed. 

How to export your keys

You might find yourself needing a keypair in the .asc file format. Should that be the case, you can export your private key from the command line. To do that, go back to the terminal window and locate the key you want to export with the command:

gpg --list-secret-keys

You should see a list of all of your secret keys. Associated with each listing will be a key ID (a long string of random characters). Copy that string down and then issue the command:

gpg --export-secret-keys ID > my-private-key.asc

Where ID is key ID.

You should now have a file named my-private-key.asc, located in the current working directory. You can then copy that file and use it for whatever purpose you need. Just make sure to not give out any of your private key files to anyone. The only keys you should hand out are the public keys.
To export your public key, issue the command:

gpg --armor --export ID > my-pubkey.asc

The above key will export the public key into an asc file. You can then share that public key with whoever requires it.

And that's the gist of managing your GPG keys on macOS from the command line. Enjoy making use of those encryption keys.

Also see


Image: iStockphoto/Ronnie Chua

By Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic, The New Stack, and Linux New Media. He's covered a variety of topics for over twenty years and is an avid promoter of open source. For more news about Jack Wallen, visit his website jackwallen....