In cryptography, a PKI is an arrangement that binds public keys with respective identities of entities (like people and organizations). The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA). Depending on the assurance level of the binding, this may be carried out by an automated process or under human supervision. When done over a network, this requires using a secure certificate enrollment or certificate management protocol such as CMP. 

Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys (which may be known to others), and private keys (which may never be known by any except the owner). The generation of such key pairs depends on cryptographic algorithms which are based on mathematical problems termed one-way functions. Effective security requires keeping the private key private; the public key can be openly distributed without compromising security.[1] 

gpg is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a tool to provide digital encryption and signing services using the OpenPGP standard. gpg features complete key management and all the bells and whistles you would expect from a full OpenPGP implementation.

In computer security, a key server is a computer that receives and then serves existing cryptographic keys to users or other programs. The users' programs can be running on the same network as the key server or on another networked computer. 

In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority (or a hierarchy of such). As with computer networks, there are many independent webs of trust, and any user (through their public key certificate) can be a part of, and a link between, multiple webs. 

$ gpg --full-gen-key

Please select what kind of key you want:
   (1) RSA and RSA (default)
Your selection? 1 
RSA keys may be between 1024 and 4096 bits long. 
What keysize do you want? (3072) 2048 
Key is valid for? (0) 1y 
Is this correct? (y/N) y  
GnuPG needs to construct a user ID to identify your key.
Real name: <name>
Email address: <email>
Comment: <comment>

$ gpg -k

 gpg -c <filename>
 gpg -c <filename> --cipher-algo
-c : Encrypt with a symmetric cipher using a passphrase. The default symmetric cipher used is AES128, but may be chosen with the --cipher-algo

gpg -d <filename>
gpg -d <filename> -o <outputfile>

$ gpg -k
$ gpg --output outFileName.gpg --encrypt --recipient sai@cyberciti.biz inputFileName.txt

$ gpg --output inputFileName.txt --decrypt outFileName.gpg

gpg --keyid-format long --with-fingerprint --list-key 
 gpg --export-secret-keys --armor --output privkey.asc user-id
$ gpg --import privkey.asc
$ gpg --gen-revoke --armor --output revcert.asc user-id

gpg --edit-key your@email.address

gpg> key 0
gpg> expire
...
Key is valid for? (0) 1y
Is this correct? (y/N) y

gpg> key 1
gpg> expire
Key is valid for? (0) 1y
Is this correct? (y/N) y

gpg> key 2
gpg> expire
Key is valid for? (0) 1y
Is this correct? (y/N) y

gpg> save

At this point, it’s a good idea to send the key to the key server:

gpg --send-keys your@email.address
# or
gpg --keyserver pgp.mit.edu --send-keys your@email.address

$ gpg --expert --edit-key <keyID>
gpg> addkey
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (12) ECC (encrypt only)
  (13) Existing key
Your selection? 8

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? s
Your selection? e
Your selection? a

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Authenticate

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
Really create? (y/N) y

sec  rsa2048/8715AF32191DB135
     created: 2019-03-21  expires: 2021-03-20  usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa2048/150F16909B9AA603
     created: 2019-03-21  expires: 2021-03-20  usage: E  
ssb  rsa2048/17E7403F18CB1123
     created: 2019-03-21  expires: never       usage: A  
[ultimate] (1). Brian Exelbierd

gpg> quit
Save changes? (y/N) y

vim .gnupg/gpg-agent.conf

enable-ssh-support

systemctl enable --user gpg-agent-ssh.socket
systemctl enable --user gpg-agent.socket
systemctl start --user gpg-agent-ssh.socket
systemctl start --user gpg-agent.socket

gpg-agent is mostly used as daemon to request and cache the password for the keychain. This is useful if GnuPG is used from an external program like a mail client. gnupg comes with systemd user sockets which are enabled by default. These sockets are gpg-agent.socket, gpg-agent-extra.socket, gpg-agent-browser.socket, gpg-agent-ssh.socket, and dirmngr.socket.

    The main gpg-agent.socket is used by gpg to connect to the gpg-agent daemon.
    The intended use for the gpg-agent-extra.socket on a local system is to set up a Unix domain socket forwarding from a remote system. This enables to use gpg on the remote system without exposing the private keys to the remote system. See gpg-agent(1) for details.
    The gpg-agent-browser.socket allows web browsers to access the gpg-agent daemon.
    The gpg-agent-ssh.socket can be used by SSH to cache SSH keys added by the ssh-add program. See #SSH agent for the necessary configuration.
    The dirmngr.socket starts a GnuPG daemon handling connections to keyservers.

vim .zshrc

unset SSH_AGENT_PID
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
  export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
fi

kill `pgrep ssh-agent`

gpg-connect-agent reloadagent /bye

ssh-add -L

gpg --keyid-format long --with-fingerprint --list-key <email>
gpg --export --armor --output <file_name>
gpg --export-secret-keys --armor --output <file_name>

user@main ~ » run_keybase
Starting via systemd...
run_keybase: Success!
                                                  ▄▄▄▄█▀    
╭───────────────────────╮          ▄▄          ▄▄▄█▄▄▀      
│                       │         ███▄▄▄▄▄▄▄▄▄▄███▄██       
│  Encrypt everything!  │       ▄▄▄████▄▄▄███████████       
│                       ├────  ▄▄▄▄▄████▄█████████████      
╰───────────────────────╯      ███▄█▄█████████████████▄▄    
                                ▀▄███████▄▀ ███████████▄▄   
                                  ▄▄▄▄███    ███████████▄▄  
                                 ▄████████   ██████████████ 
                                ▄███▄█████▄▄  ▀▄████████████
                               ███████▄▄██▄█▄▄ █████████████
                              ▄▄█████████████▄▄ ████████████
                           ▄██▄▄████▄▄▄█▄▄█████ ████████████
                                ███▄▄▄▄▄███████▄▄█████████▄▀
                                ▄█████▄▄█████████████▄█████ 
                                █▄██████████▄▄▄▄▄▄▄███████  
                              ▄▄▄▄▄██▄▄█████▄████████████   
                            ▀▀▀▀▀▀▀▀▄▄▄▄██▄▀ ▀▀▄▄▄▄▄▄▀▀▀    
                                  ▀▀▀▀▀▀▀▀▀                 
user@main ~ »