+++
title = "Using GPG Public Key"
+++

GNU Privacy Guart (GPG) is an pupular two factor encrytpion system often used for signing or encrypting emails, files or even git commits.
This post foruces on using provided public key to check signature validity for files signed using complementary public key.

## Importing Key
One way to keep prublic keys is by using a keyserver such as _hkps://keyserver.ubuntu.com_.
To import key with ID **3BDD542C9B0BE180D5802DFF020C42B7A9ABA3E2** from  _hkps://keyserver.ubuntu.com_ keyserver
issue command:
```bash
$ gpg2 --keyserver hkps://keyserver.ubuntu.com --recv-key 3BDD542C9B0BE180D5802DFF020C42B7A9ABA3E2
```
It's also possible to use "short" ID by using only the last 8 digits of hexadecimal
ID representation, in our case **A9ABA3E2** - but it's discourages because of possible ID collisions.

To search and import a key using email, example _asmir.abdulahovic@gmail.com_ issue command:
```bash
$ gpg2  --keyserver hkps://keyserver.ubuntu.com \
        --search-keys "asmir.abdulahovic@gmail.com"
```

Note **hkps** protocol selection acts simmilary as **https** for **http**,
prefferably use it to avoid **MITM** and other attacks.