How to encrypt and decrypt with GPG

In this post I'd like to talk about GNU Privacy Guard (GPG). GPG allows us to encrypt or decrypt data. You might be aware of PGP, GPG is its FOSS alternative.

Content:
  1. Keys
    1. Creating keys
    2. Exporting public keys
  2. Encrypting and decrypting with GPG
    1. Encrypting and decrypting with keys
      1. Encrypt files
      2. Decrypt files
    2. Encrypting and decrypting with password
      1. Encryption with password
      2. Decryption with password

Keys

Keys are used for encryption and decryption. There are private and public keys. You can share your public keys with others to send you encrypted data and then use your private key to decrypt it. Always keep your private keys secret, otherwise whoever has your private key could also decrypt data.

[In the first panel, Cueball is sitting in a chair and is using a laptop.] Cueball (thinking): I've been posting my public key for 15 years now, but no one has ever asked me for it or used it for anything as far as I can tell. [This is followed by two beat panels where Cueball just sits there. doing nothing, not even thinking.] [In the final panel he again uses his laptop and thinks.] Cueball (thinking): Maybe I should try posting my private key instead.
Source: XKCD

Creating keys

Use gpg --full-generate-key to generate keys.

You will be asked about algorithm you would like to use, we will go with RSA and RSA (option 1).

The next it will ask you about how many bits long should the keys be, your options are between 1024 and 4096 bits. Default keysize is 3072.

You also need to set how long should the keys be valid, default is 0 - forever, never expiring. Confirm your choice.

Next you need to fill in your name, email address, and possibly a comment. Confirm everything is correct.

Choose your passphrase, this is to protect your private key and you should definitely remember it.

After you're finished, your keys are going to be created.

Exporting public keys

If you'd like, you can export your public key to a file.

gpg -export -a > publicKey.asc or gpg -export > public.key

You can share this file on your website or you can send it to a friend. 

gpg –list-public-key
Lists public keys and their id and user id.

Encrypting and decrypting with GPG

Encrypting and decrypting with keys

As mentioned before, you need to share your public keys for this. The other side also needs to import the public key, with 

gpg –import public.key

Encrypting files

gpg -e -r publicKeyID file
After that you can share your encrypted file (output as file.asc) with the world.

Decrypting files

gpg file.asc
Run this on the encrypted file, you'll be prompted for your passphrase and after then gpg will run decryption.

Encrypting and decrypting with password

You can also encrypt and decrypt files with a password instead of keys. This is symmetric. If you've read my earlier article about backup to cloud with rclone, we've used it there.

Encrypt with password

gpg -c file

This command will encrypt file, you'll be prompted for passphrase and then it will create a new file file.gpg.

Note: You can also run gpg -c file.txt > encryptedFile.gpg if you would like the encrypted file under different name.

Decrypt with password

gpg -d file.gpg

This command will decrypt your file, you will be prompted for the password you used earlier to create the encrypted file.

Note: gpg file.gpg -o decryptedFile will output decrypted file.gpg to decryptedFile

That's all, folks

Note: I will talk about signing with your private key in the future articles.

Well, that's it for today. If you have any questions or notes, please let me know on fedi @bugbear@alt.lawndale.space.

If you'd like to read even more about it, I suggest man page for GPG.


see you, space cowboy

Share on fediverse: