Skip to content


Some commands:

$ gpg --card-status
$ gpg --export-ssh-key keyID
$ gpg --armor --export keyID > pubkey.asc

Use Nitrokey from new system:

$ gpg --import pubkey.asc
$ gpg --card-status

Use GPG Agent as SSH Agent

$ vim .gnupg/gpg-agent.conf
pinentry-program /usr/bin/pinentry-qt

$ systemctl --user enable --now /usr/lib/systemd/user/gpg-agent*

$ vim .bashrc
export SSH_AUTH_SOCK="/run/user/$(id -u)/gnupg/S.gpg-agent.ssh"

Export your public key to your web server:

$ mkdir openpgpkey
$ gpg --list-options show-only-fpr-mbox -k keyID | /usr/lib/gnupg/gpg-wks-client -v --install-key

Then publish to your web server.
My public key is available via:

Get public keys

From WKD

WKD mean Web Key Directory. Interesting website:

$ gpg --locate-key

From keyserver


$ echo keyserver hkps:// >> ~/.gnupg/gpg.conf
$ gpg --auto-key-locate keyserver --locate-keys


$ gpg --keyserver --recv-keys keyID

Last update: 2021-02-20