GNU Privacy Guard
GNU Privacy Guard (GnuPG or GPG) is a free-software replacement for Symantec's PGP cryptographic software suite.
Contents
Install
- Red Hat / CentOS
$ yum install gnupg
- Ubuntu / Debian
$ apt-get install gnupg
- macos
See: Homebrew website for details.
$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" $ brew install gnupg #~OR~ $ brew install gnupg2
Usage
- Create your GPG key:
$ gpg --gen-key
- Export your public key:
$ gpg --export --armor youremail@example.com > mypubkey.asc
- Import another person's public key:
$ gpg --import theirpubkey.asc
- List the public keys in your keyring:
$ gpg --list-keys
- List private keys in your keyring:
$ gpg --list-secret-keys
- Trust a public key:
gpg --edit-key bob trust (invoke trust subcommand on the key) 5 (ultimate trust) y (if prompted) quit
Encrypt a file
- Encrypt a file named
filename.txt
for a single individual (i.e., specify that individual as a recipient):
$ gpg --encrypt --recipient alice filename.txt
This will create a new encrypted file named filename.txt.gpg.
- Encrypt a file so that only you can decrypt it (i.e., specify yourself as the recipient):
$ gpg --encrypt --recipient 'my_name' filename.txt
- Encrypt a file so that both you and another person can decrypt the file (i.e., specify both you and the other person as recipients):
$ gpg --encrypt --recipient alice --recipient 'my_name' filename.txt
- Encrypt a file for a group of people, define the group in your
gpg.conf
file (see section below), and then specify the group as a recipient:
$ gpg --encrypt --recipient dev-team filename.txt
After a while, one will want to be more concise and use the short version of the command-line options.
- Below is that shortened command:
$ gpg -e -r journalists filename.txt
Decrypt a file to terminal (standard output)
- The first version of this command will display the content of a file within the terminal window itself:
$ gpg --decrypt filename.txt.gpg
Use the --decrypt
option only if the file is an ASCII text file. If it is a binary file, then omit the --decrypt
option, which will write the decrypted file to disk.
Decrypt a file to disk
Whether the file is ASCII or binary, if you want to make changes to the content of an encrypted file, you must first decrypt it, make your changes, then re-encrypt the file. As mentioned in the previous section, you write the decrypted version of a file to disk, by omitting the --decrypt
option from the command:
$ gpg filename.txt.gpg
If the encrypted file was named filename.txt.gpg
, the above command will create a decrypted version named filename.txt
(with the .gpg
extension removed).
Create groups of people in your GPG configuration file
NOTE: Your GPG software configuration is stored in your home directory within the ~/.gnupg/gpg.conf
file.
$ cat ~/.gnupg/gpg.conf group dev-team = bob alice