I came across this exact issue (OSX Sierra 10.12.6, gpg/GnuPG 2.2.5)
Commands that would hang:
gpg -K # --list-secret-keys
gpg -d # --decrypt
gpg --edit-key
gpgconf --kill gpg-agent
My solution was the same as mentioned by John above (ie. kill gpg-agent) as most other methods on how-can-i-restart-gpg-agent would also hang.
# Solution
pkill -9 gpg-agent
Then for signing git commits I set the tty env as mentioned by cas above and also at gpg-failed-to-sign-commit-object.
export GPG_TTY=$(tty)
Export Public Key
This command will export an ascii armored version of the public key:
gpg --output public.pgp --armor --export username@email
Export Secret Key
This command will export an ascii armored version of the secret key:
gpg --output private.pgp --armor --export-secret-key username@email
Security Concerns, Backup, and Storage
A PGP public key contains information about one's email address. This is generally acceptable since the public key is used to encrypt email to your address. However, in some cases, this is undesirable.
For most use cases, the secret key need not be exported and should not distributed. If the purpose is to create a backup key, you should use the backup option:
gpg --output backupkeys.pgp --armor --export-secret-keys --export-options export-backup user@email
This will export all necessary information to restore the secrets keys including the trust database information. Make sure you store any backup secret keys off the computing platform and in a secure physical location.
If this key is important to you, I recommend printing out the key on paper using paperkey. And placing the paper key in a fireproof/waterproof safe.
Public Key Servers
In general, it's not advisable to post personal public keys to key servers. There is no method of removing a key once it's posted and there is no method of ensuring that the key on the server was placed there by the supposed owner of the key.
It is much better to place your public key on a website that you own or control. Some people recommend keybase.io for distribution. However, that method tracks participation in various social and technical communities which may not be desirable for some use cases.
For the technically adept, I personally recommend trying out the webkey domain level key discovery service.
Best Answer
is supposed to import keys matching
DAD95197
from the MIT keyserver. However the MIT keyserver often has availability issues so it’s safer to configure another keyserver.I generally use the SKS pools; here are their results when looking for “ashish”. To import the key from there, run
(never use the short key ids, they can easily be spoofed).
This answer explains how to configure your GnuPG installation to always use the SKS pools.