1.2 KiB
+++ title = "Using GPG Public Key" +++
GNU Privacy Guart (GPG) is an pupular two factor encrytpion system often used for signing or encrypting emails, files or even git commits. This post foruces on using provided public key to check signature validity for files signed using complementary public key.
Importing Key
One way to keep prublic keys is by using a keyserver such as hkps://keyserver.ubuntu.com. To import key with ID 3BDD542C9B0BE180D5802DFF020C42B7A9ABA3E2 from hkps://keyserver.ubuntu.com keyserver issue command:
$ gpg2 --keyserver hkps://keyserver.ubuntu.com --recv-key 3BDD542C9B0BE180D5802DFF020C42B7A9ABA3E2
It's also possible to use "short" ID by using only the last 8 digits of hexadecimal ID representation, in our case A9ABA3E2 - but it's discourages because of possible ID collisions.
To search and import a key using email, example asmir.abdulahovic@gmail.com issue command:
$ gpg2 --keyserver hkps://keyserver.ubuntu.com \
--search-keys "asmir.abdulahovic@gmail.com"
Note hkps protocol selection acts simmilary as https for http, prefferably use it to avoid MITM and other attacks.