gpg
encrypt file
gpg -c <filename>
decrypt file
gpg <filename>.gpg
clearsign message
gpg --default-key <key_id> -o <output_file> --clearsign <input_file>
## ref
https://www.linuxbabe.com/security/verify-pgp-signature-software-downloads-linux
https://unix.stackexchange.com/questions/288933/unable-to-verify-the-kernel-signature-gpg-cant-check-signature-public-key-no
## red hat verify
https://access.redhat.com/articles/3530471