================================================================================
                                GPG COMMAND CHEAT SHEET
================================================================================

BASIC KEY COMMANDS:
gpg --list-keys                          # List public keys
gpg --list-secret-keys                   # List private keys
gpg --full-generate-key                  # Generate new key pair
gpg --edit-key [email/keyid]             # Interactive key editing

EXPORT/IMPORT:
gpg --armor --export [email]             # Export public key (screen)
gpg --armor --export [email] > key.asc   # Export public key to file
gpg --export-secret-keys -a > priv.asc   # Export private key (careful!)
gpg --import key.asc                     # Import public key
gpg --keyserver keys.openpgp.org --recv-keys KEYID    # Fetch from keyserver

ENCRYPTION:
gpg -e -r recipient@example.com file.txt          # Encrypt for recipient
gpg -e -r recipient@example.com -a file.txt       # Encrypt with ASCII armor
gpg -e -r your@email.com file.txt                 # Encrypt for yourself

DECRYPTION:
gpg -d file.txt.gpg                       # Decrypt to stdout
gpg -d -o output.txt file.txt.gpg         # Decrypt to file

SIGNING:
gpg -s file.txt                           # Sign + compress (creates .gpg)
gpg -b file.txt                           # Detached signature (creates .sig)
gpg -a -b file.txt                        # ASCII detached signature
gpg --clearsign message.txt               # Clear-signed text (creates .asc)

VERIFICATION:
gpg --verify signature.sig file.txt       # Verify detached signature
gpg --verify file.txt.gpg                 # Verify signed file
gpg --verify file.txt.asc                 # Verify clear-signed file

COMBINED OPERATIONS:
gpg -e -s -r recipient@example.com file.txt      # Encrypt and sign
gpg -e -a -s -r recipient@example.com file.txt   # Encrypt, sign, ASCII armor

KEY EDITING (inside --edit-key):
help

COMMON FLAGS:
-a, --armor        # Create ASCII/text output (not binary)
-o, --output       # Specify output file
-r, --recipient    # Specify recipient for encryption
-u, --local-user   # Specify key to use for signing
-d, --decrypt      # Decrypt data
-e, --encrypt      # Encrypt data
-s, --sign         # Sign data
-b, --detach-sign  # Create detached signature

PRACTICAL WORKFLOWS:
# Share your public key:
gpg --armor --export your@email.com > mykey.asc

# Encrypt file for someone:
gpg -e -a -r colleague@company.com document.pdf

# Decrypt file sent to you:
gpg -d -o original.txt encrypted.txt.asc

# Sign and verify a release file:
gpg -a -b software.tar.gz
gpg --verify software.tar.gz.asc software.tar.gz

# Backup: encrypt file for yourself:
gpg -e -r your@email.com -a backup.tar

NOTES:
- Use 8-char key ID or email to specify keys
- ASCII armor (-a) for text environments like email
- Detached signatures keep original file separate
- Always verify imports and before trusting keys
================================================================================