http://www.gnupg.org/

(Note that you only need to follow the instructions from "IMPORT A
PUBLIC KEY" on down if you only want to encrypt data for a third
party.)

CREATE KEYS

  $ gpg --homedir . --gen-key

--homedir specifies the keys are stored.

EXPORT PRIVATE KEY (INCLUDES PUBLIC)

  $ gpg --homedir . --export-secret-key [-o filename] --armour keyid
  
IMPORT PRIVATE KEY

  $ gpg --homedir . --import filename

EXPORT PUBLIC KEY

  $ gpg --homedir . --export [-o filename] --armour keyid
  
Prints public keys to stdout.  (Or use -o to output to a file.)
Without a keyid (see below), export all keys.  Note that you'll need
to tell GPG that you "trust" this public key before it will encrypt
with it.  (See below.)

ENCRYPT A FILE WITH YOUR KEY

  $ gpg --homedir . -s --armour filename

Produces filename.asc in ASCII format--the armour option makes it
ascii.

SIGN A FILE WITH YOUR KEY

  $ gpg --homedir . --clearsign filename
  
DECRYPT A FILE ENCRYPTED WITH YOUR PUBLIC KEY

  $ gpg --homedir . -d filename

IMPORT A PUBLIC KEY

  $ gpg --homedir . --import mjs-public-key.asc

INDICATE THAT YOUR TRUST THE IMPORTED KEY

  $ gpg --homedir . --edit-key keyid
  
Then, type "trust", then choose the appropriate trust level.  If
you're not part of any key network, you'll probably need level
5--"trust ultimately"--to eliminate all security warnings.
  
ENCRYPT A FILE WITH AN IMPORTED PUBLIC KEY

  $ gpg --homedir . -e -r keyid --armour filename
  
(Will issue warnings unless you've indicated that your trust the key.)

-r specifies the recipient

CHECK THE TRUSTDB

  $ gpg --homedir . --check-trustdb
  
Among other things, this reports when the (interactive?) next trustdb
check is due.

ABOUT KEYIDS

There's lots of ways to specify this. The easiest way is to use a
substring, but you can also use keyid and fingerprint.  (See the
README file in the GnuPG distribution.)