Safeheron Launches Open-Source Implementation of the Lindell 17 MPC Protocol in C++
Web3 Learning

How to Import a Public Key Using GPG or PGP

By Safeheron Team
|
How to Import a Public Key Using GPG or PGP

To get started with how to import public key using gpg, you can use a simple command like this:

gpg --import publickey.asc

You might need to import a public key for different reasons:

  • You want to verify software, such as when installing tools that use pretty good privacy (PGP) signatures.

  • You exchange keys with others to use encrypted messages.

  • You migrate old PGP keys or move to gnupg.

  • You fetch keys from servers to check if messages or software are real.

Sometimes, you even import public keys from older PGP versions, which may need special steps.

Key Takeaways


  • You can add public keys with GPG or PGP. You can use files, URLs, text, or keyservers. The commands are simple to use. – Always check if a public key is real. Look at its fingerprint before you trust or use it. – Give your key files clear names. This helps you stay organized and not get confused. – Set trust levels for the keys you add. This lets you choose how much you trust the owners. It also keeps your messages safe. – If you see errors like duplicate keys or import problems, look at your keyring. Update your software or try other servers if needed.

How to Import Public Key from File

How to Import Public Key from File

When you want to know how to import public key files, you often start with a file you have downloaded or received from someone you trust. This is one of the most common ways to add a public key to your keyring, whether you use GPG or PGP. You can use this method for both pretty good privacy and gnupg tools.

GPG Command

You can use GPG to import a public key from a file in just a few steps. GPG stands for GNU Privacy Guard, and it is a popular tool for encryption and signing.

  1. Save the public key file to your computer. You might see files with names like publickey.asc or publickey.gpg. The .asc extension means the file is in a text format, while .gpg is a binary format. Both work for importing.

  2. Open your terminal or command prompt.

  3. Run the following command to import the key:

    gpg --import publickey.asc

    You can also use:

    gpg --import publickey.gpg

    If you want, you can pipe the file contents into GPG:

    gpg --import < publickey.gpg

  4. If your key file is in a different folder, you need to specify the full path. For example:

    gpg --import /home/yourname/keys/brucewayne-public.asc

  5. After you run the command, GPG will add all keys found in the file. If the file contains both public and private keys, GPG will import both.

Tip: Use clear file names like alice-public.asc or bob-private.asc to avoid confusion. You can use any name, but good naming helps you stay organized.

Common File Formats

  • .asc for ASCII-armored (text) keys. These are easy to read and share.

  • .gpg for binary keys. These are not human-readable but work the same way.

You can choose any file name or path. The name does not change the key itself. Many people use the key owner’s name, email, or key ID in the file name to make it easy to identify.

Security Note

When you import a public key from a file, always check that the key is authentic. If someone changes the file before you get it, you could import a fake key. This risk is similar to other methods, so always verify the key’s fingerprint with the owner if possible.

PGP Command

PGP, which stands for Pretty Good Privacy, works in a similar way. If you use the classic PGP command-line tool, you can import a public key file with a command like this:

pgp -ka publickey.asc

  • The -ka option means “key add.” You can also use the full path to the file if it is not in your current directory.

  • PGP will import all keys in the file, including both public and private keys if they are present.

Note: Some versions of PGP may use different commands or options. Always check your version’s documentation if you see an error.

Best Practices for File Names

  • Use names that help you remember whose key it is.

  • Add -public or -private to the file name to avoid mistakes.

  • Use .asc for text keys and .gpg for binary keys.

Troubleshooting

Sometimes, you may see errors if you try to import a key that is already in your keyring. Some software, like OSX Keychain, may refuse to import a duplicate key. If this happens, check if the key is already present or try using the command line for more control.

Remember: Knowing how to import public key files is a basic skill for anyone using gnupg or PGP. You can use these steps to import pgp public key files from any trusted source.

Import PGP Public Key from URL or Text

Sometimes you do not have a key file on your computer. You might find a public key on a website or receive it as a block of text. You can still import pgp public key into your keyring using gpg or gnupg. This method helps you when you want to know how to import public key from a web page or a direct link.

Using URL with GPG

You can use gpg to import a public key directly from a URL. This saves you time because you do not need to download the file first. Here are some ways to do this:

  1. Use curl to fetch the key and pipe it into gpg –import:

    curl http://example.com/pgp-public-key | gpg --import

  2. Use process substitution to import the key without saving it:

    gpg --import <(curl http://example.com/pgp-public-key)

  3. If you know the key ID, you can fetch it from a keyserver:

    curl -fsSL "https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&search=0xYOURKEYID" | gpg --import -

    The -fsSL options make curl quiet, follow redirects, and show errors if something goes wrong.

Tip: Always check the source of the URL before you import a key. Only use trusted websites or keyservers.

Import from Clipboard or Text Block

You might copy a public key block from an email or a website. You can use gpg –import to add it to your keyring. Here is how you do it:

  1. Copy the entire public key block, including the lines that say -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----.

  2. Open your terminal.

  3. Type:

    gpg --import

  4. Paste the key block into the terminal.

  5. Press Ctrl+D to finish the import.

This method works well if you do not want to save the key as a file. It also helps when you use gnupg on different computers.

Note: You can use GUI tools for pgp, but the command line gives you more control and works on most systems.

Import from Keyserver

You can use a keyserver to find and add public keys to your keyring. This method works well if you know the key ID or email address but do not have the key file. Many people use keyservers to share their public keys with others.

GPG –recv-keys

You can use the gpg --recv-keys command to get a public key from a keyserver. Here is how you do it:

  1. Find the key ID or email address for the public key you want.

  2. Open your terminal.

  3. Type the command:

    gpg --recv-keys <keyid>

  4. GPG will connect to the default keyserver and add the key to your keyring.

You can also search for a key by email address. Some tools let you search, review the list, and import one or more keys. Only public keys can be added this way.

Tip: If you use gnupg, you can still use the same command. The process is the same for most systems.

Specify Keyserver

You may want to choose a specific keyserver. Some keyservers are more reliable or faster. The most widely used keyservers are keyserver.ubuntu.com, keys.openpgp.org, and pgp.mit.edu. You can set the keyserver in your command like this:

gpg --keyserver keyserver.ubuntu.com --recv-keys <keyid>

The command sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 94532124541922FB shows how to set a custom keyserver when you import a key. The --keyserver option lets you pick the server you trust.

Keyservers help you find public keys, but they do not guarantee the key is real. Anyone can upload a key. You should always check the key’s fingerprint with the owner or use the web of trust. This step keeps your communication safe.

  • Keyservers do not protect against tampering or attacks.

  • Always verify the key’s fingerprint before you trust it.

Note: Public keys on keyservers are searchable by email. This can expose email addresses to spammers. Only share your public key if you are comfortable with this risk.

You can use gpg –import to add keys from files, but keyservers let you fetch keys from anywhere in the world. This makes sharing and finding keys much easier.

Verify and Trust Imported Key

Verify and Trust Imported Key

After you import a public key, you need to make sure it is both valid and trusted. This step helps you avoid security risks and ensures that your encrypted messages or software signatures are safe.

List Keys

You can check which keys you have imported by listing them. This helps you keep track of your keyring and spot any unknown keys.

  • To list your keys in GPG, use:

    gpg --list-keys

  • If you want to see the keys in a specific file, try:

    gpg --show-keys <keyfile>

  • For PGP Command Line, use:

    1. pgp --list-keys to see all keys.

    2. pgp --list-secret-keys to see private keys.

Some tools, like Apptainer, use similar commands:

  • apptainer key list shows your public keys.

  • apptainer key list --secret lists your private keys.

Tip: Regularly check your keyring to make sure you only keep trusted keys.

Set Trust Level

Setting the trust level tells your system how much you trust a key owner to sign other keys. This is important for building a secure network of trusted contacts.

Here are the main trust levels you can set:

Trust Level

Description

Ultimate

Use only for your own keys.

Full

You fully trust this key to sign others.

Marginal

You trust this key a little.

Never

You do not trust this key at all.

Unknown

You have not set a trust level yet.

To set the trust level in GPG, follow these steps:

  1. Open the key for editing:

    gpg --edit-key <keyid>

  2. Type trust and press Enter.

  3. Choose a number for the trust level:

    • 1: I don’t know

    • 2: I do NOT trust

    • 3: I trust marginally

    • 4: I trust fully

    • 5: I trust ultimately

Note: Only set “ultimate” trust for your own keys. For others, use “full” or “marginal” after you verify the key.

Why Verification Matters

You must always check that a public key really belongs to the person or group it claims to represent. If you skip this step, someone could trick you with a fake key. You can verify a key by checking its fingerprint with the owner, using a trusted website, or meeting in person. This protects you from attacks and keeps your communication safe.

Troubleshooting

When you work with public keys, you might run into some common problems. Here are ways to solve them.

Duplicate Key Error

You may see a duplicate key error if you try to add a key that already exists in your keyring. This happens often when you import keys from different sources or repeat the same process.

  1. Check for duplicates before you start. You can list your keys and see if the key is already there.

  2. If you use tools like phpMyAdmin for database imports, you can change settings to ignore duplicate errors. For example, enable “Ignore multiple statement errors” or select “Do not abort on INSERT error” for CSV files.

  3. Some systems let you use a generated ID or change the primary key to avoid conflicts.

Tip: Removing or renaming duplicate keys before importing can save you time and prevent errors.

Import Failures

Sometimes, importing pgp 2.x keys or other keys fails. You might see errors like “no valid user IDs” or “invalid self-signature.” These problems often happen because the key does not have a self-signed user ID or uses an unsupported algorithm.

  • If you see “no valid user IDs,” try using the --allow-non-selfsigned-uid option with gpg.

  • Keys made with newer versions of gpg may not work with older versions. For example, keys with ECC or large DSA sizes may fail on old systems.

  • Make sure your key has a self-signature. This signature links the user ID to the key. Without it, gpg will not use the key.

  • If you have trouble, try switching from ECC to RSA keys or update your gpg software.

If you import a secret key, you do not need to import the public key separately. The process brings both into your keyring.

Connectivity Issues

You might face network problems when you fetch keys from a keyserver.

  • Try using port 80 or HKPS on port 443 to get around firewalls.

  • Switch to another keyserver, like keyserver.ubuntu.com or pgp.mit.edu, if one does not respond.

  • Download the public key file and import it locally if you cannot connect.

  • To avoid repeating these steps, set your default keyserver in the dirmngr.conf file and reload dirmngr.

Using different ports or servers often solves most connection problems.

You now know different ways to import public keys with GPG or PGP. You can do this from files, URLs, or keyservers. Always check and set trust for every key you add. Update trust settings often, especially when you add or change keys. Good key management helps keep your data safe.

Key Management Aspect

Best Practice Description

Backup & Restore Keys

Store backups of your keys in a safe spot.

Revocation Certificate

Make a revocation certificate in case you lose your key.

Trust Level Management

Set trust levels to stop warnings and make sure keys are checked right.

If you want to learn more, look into making strong keys, handling subkeys, and using revocation certificates.

FAQ

How do you find the fingerprint of an imported key?

You can run this command:

gpg --fingerprint <keyid>

This shows the fingerprint. Always check the fingerprint with the key owner before you trust the key.

Can you import both public and private keys with the same command?

Yes, you can. When you use gpg --import keyfile.asc, GPG imports all keys in the file. You should keep private keys safe and never share them.

What should you do if you get a “no valid user IDs” error?

This error means the key does not have a user ID or self-signature. Try updating your GPG software or ask the key owner for a new key.

Is it safe to get public keys from any keyserver?

No, not always. Anyone can upload keys to a keyserver. You should always verify the key’s fingerprint with the owner before you trust or use it. 

Previous Next
SHARE THIS ARTICLE

Related Articles

We use cookies to optimize site functionality & application and give you the best possible experience.

For more information, please read our Cookie Policy. By choosing "Accept All", "Accept Preferences" or turning off the pop-up, you agree to the storage of cookies on your device to improve website navigation, analyze site traffic and provide customer service.

联系我们