http://www.gnupg.org/

(Note that you only need to follow the instructions from "IMPORT A PUBLIC KEY" on down if you only want to encrypt data for a third party.)

CREATE KEYS

$ gpg --homedir . --gen-key

--homedir specifies the keys are stored.

EXPORT PRIVATE KEY (INCLUDES PUBLIC)

$ gpg --homedir . --export-secret-key [-o filename] --armour keyid

IMPORT PRIVATE KEY

$ gpg --homedir . --import filename

EXPORT PUBLIC KEY

$ gpg --homedir . --export [-o filename] --armour keyid

Prints public keys to stdout. (Or use -o to output to a file.) Without a keyid (see below), export all keys. Note that you'll need to tell GPG that you "trust" this public key before it will encrypt with it. (See below.)

ENCRYPT A FILE WITH YOUR KEY

$ gpg --homedir . -s --armour filename

Produces filename.asc in ASCII format--the armour option makes it ascii.

SIGN A FILE WITH YOUR KEY

$ gpg --homedir . --clearsign filename

DECRYPT A FILE ENCRYPTED WITH YOUR PUBLIC KEY

$ gpg --homedir . -d filename

IMPORT A PUBLIC KEY

$ gpg --homedir . --import mjs-public-key.asc

INDICATE THAT YOUR TRUST THE IMPORTED KEY

$ gpg --homedir . --edit-key keyid

Then, type "trust", then choose the appropriate trust level. If you're not part of any key network, you'll probably need level 5--"trust ultimately"--to eliminate all security warnings.

ENCRYPT A FILE WITH AN IMPORTED PUBLIC KEY

$ gpg --homedir . -e -r keyid --armour filename

(Will issue warnings unless you've indicated that your trust the key.)

-r specifies the recipient

CHECK THE TRUSTDB

$ gpg --homedir . --check-trustdb

Among other things, this reports when the (interactive?) next trustdb check is due.

ABOUT KEYIDS

There's lots of ways to specify this. The easiest way is to use a substring, but you can also use keyid and fingerprint. (See the README file in the GnuPG distribution.)