GnuPG is an open source OpenPGP implementation.


  • Armoured keys are base64-encoded and wrapped at 76 characters to make them easier to copy and paste.
  • Dearmoured keys are in a binary format and are not wrapped.

Generating keys

The following will prompt for a full name and email address. The resulting key will be stored in the trust DB.

gpg --gen-key

Exporting keys

Public keys can be shared to verify signatures and allow encrypting files for only your consumption:

gpg --output public.key --armor --export some@email

Private keys should be exported only if the key was generated for the purpose of authentication on another system, or for backup:

gpg --output private.key --armor --export-secret-key some@email

Importing keys

Regardless of public/private, it's always just --import:

gpg --import public.key
gpg --import --allow-secret-key-import private.key

  1. Pinentry macOS
  2. waiting for lock (held by $pid)