Updated on 03 Oct 2020
Gnu Privacy Guard.
GPG program can be used to create private / public keys for signing documents and git commits. They can not be used for ssh public / private keys. These are different and requires…
To encrypt a file use
gpg -c filename
You will be asked for a password! Once done, you will have a file called filename.gpg where
-c: means to use symmetric encryption with a password. Default is AES128.
If you want to use AES256, then use the following command
gpg --cipher-algo aes256 -c filename
You can find other
--cipher-algo options on the manpages.
To decrypt a file use
--output. Without the
--output, gpg will simply display the file contents on the screen.
gpg --output ccpp.tar.gz -d ccpp.tar.gz.gpg
This will decrypt the file, and once again you’ll be prompted for a password. If you have only just encrypted the file then the system will remember the password and you wont be prompted for it.
--output: is the option for the output file
-d: is for decrypt
You must supply the options first before the command.
--outputis an option
-dis a command
-cis a command
Supplying passwords in bash
It could be that you wish to run gpg from a shell script, which will also require the use of a password. To do that, use
gpg --passphrase test123 -c test1.tar.gz
Generating a public / private key pair
A PGP public / private key can be used to sign a document or a git commit (i.e. prove you’re the one who made it) or decrypt messages intended only for you, among other things.
You will need to add in a few details such as name and email address. The email address will be used as an Id later on.
Next you will be presented with a screen to enter your password.
When all finished, you will have something that looks like this
On a server there might be issues, so I recommend generating the keys on your local machine and importing them on a target machine. Also some servers won’t let you remove the pass phrase.
You can list your keys with these commands
We can export keys as well. We might need to export the public key, and we do that like this: (First we might need to list the keys, then export the one we want).
gpg --list-keys gpg --export -a email@example.com
-a option means that we will export the key as 7bit ascii. Without it, we would get some crazy binary display like what we have displayed below…
When you export with the the
-a option, then we’ll get more of a plain text file.
You can also export your private keys for safe storing or back-up if necessary.
gpg --export-secret-keys -a firstname.lastname@example.org
You can leave the Key ID blank and you will get ALL the private keys. Exporting will typically be done to a file, so you’d probably be piping the out like this:
gpg --export-key -a email@example.com > sooty.pub
Importing a key
You can import a key into your keystore with the following command.
gpg --import sooty.pub
You can import private keys (especially if the server does not support the creation of keys without pass phrases)
gpg --import public.key gpg --allow-secret-key-import --import private.key
Deleting a key
You can also delete keys, but make sure you delete the secret key first!
gpg --delete-secret-keys firstname.lastname@example.org gpg --delete-keys email@example.com
Editing a key (removing password)
We can also edit a key. The most likely reason for this is to remove the password. We can use the following command.
gpg --edit-key firstname.lastname@example.org
From here we can type help and see a list of commands available for us. The command to change the password is
passwd, and you simply need to enter a blank password at the prompt. However, be warned that gpg may prompt you 2-3 times to make sure you want a blank password.