gpg-ops

Decrypt a GPG-encrypted file (.gpg or .asc) using the local keyring. Handles both asymmetric (key-encrypted) and symmetric (passphrase-encrypted) ciphertext — GPG auto-detects which. Use when the user receives an encrypted file or has at-rest encrypted backups they need to read.

Encrypt a file or text with GPG to one or more recipients (asymmetric) or with a passphrase (symmetric). Use when the user wants to send confidential data to someone whose public key they have, or lock a file with a password. Defaults to ASCII-armored output and refuses to encrypt to keys with marginal/unknown trust unless the user confirms.

Export a GPG public key in ASCII-armored form, ready to share, paste into GitHub, or upload to a keyserver. Use when the user wants to publish their public key, share it with a collaborator, or register it for signed commits. Selects the key by email, key ID, or fingerprint.

Generate a new GPG keypair (primary signing key + encryption subkey) on the local GnuPG keyring. Use when the user wants to create a new GPG identity, set up signing for git commits, or create a key for encrypted email. Confirms key parameters before generation; defaults to ed25519/cv25519 with no expiry unless the user specifies otherwise.

List GPG keys on the local keyring — public keys, secret keys, or both. Use when the user wants to see what keys they have, find a key ID or fingerprint, or check whether a contact's public key is already imported before encrypting to them.