Difference between revisions of "GNU Privacy Guard"

From Christoph's Personal Wiki
Jump to: navigation, search
(Usage)
 
Line 46: Line 46:
 
y (if prompted)
 
y (if prompted)
 
quit
 
quit
 +
</pre>
 +
 +
===Encrypt a file===
 +
 +
* Encrypt a file named <code>filename.txt</code> for a single individual (i.e., specify that individual as a recipient):
 +
$ gpg --encrypt --recipient alice filename.txt
 +
 +
This will create a new encrypted file named filename.txt.gpg.
 +
 +
* Encrypt a file so that only you can decrypt it (i.e., specify yourself as the recipient):
 +
$ gpg --encrypt --recipient 'my_name' filename.txt
 +
 +
* Encrypt a file so that both you and another person can decrypt the file (i.e., specify both you and the other person as recipients):
 +
$ gpg --encrypt --recipient alice --recipient 'my_name' filename.txt
 +
 +
* Encrypt a file for a group of people, define the group in your <code>gpg.conf</code> file (see section below), and then specify the group as a recipient:
 +
$ gpg --encrypt --recipient dev-team filename.txt
 +
 +
After a while, one will want to be more concise and use the short version of the command-line options.
 +
 +
* Below is that shortened command:
 +
$ gpg -e -r journalists filename.txt
 +
 +
===Decrypt a file to terminal (standard output)===
 +
 +
* The first version of this command will display the content of a file within the terminal window itself:
 +
 +
$ gpg --decrypt filename.txt.gpg
 +
 +
Use the <code>--decrypt</code> option only if the file is an ASCII text file. If it is a binary file, then omit the <code>--decrypt</code> option, which will write the decrypted file to disk.
 +
 +
===Decrypt a file to disk===
 +
 +
Whether the file is ASCII or binary, if you want to make changes to the content of an encrypted file, you must first decrypt it, make your changes, then re-encrypt the file. As mentioned in the previous section, you write the decrypted version of a file to disk, by omitting the <code>--decrypt</code> option from the command:
 +
$ gpg filename.txt.gpg
 +
 +
If the encrypted file was named <code>filename.txt.gpg</code>, the above command will create a decrypted version named <code>filename.txt</code> (with the <code>.gpg</code> extension removed).
 +
 +
===Create groups of people in your GPG configuration file===
 +
 +
NOTE: Your GPG software configuration is stored in your home directory within the <code>~/.gnupg/gpg.conf</code> file.
 +
 +
<pre>
 +
$ cat ~/.gnupg/gpg.conf
 +
group dev-team = bob alice
 
</pre>
 
</pre>
  

Latest revision as of 00:08, 25 August 2020

GNU Privacy Guard (GnuPG or GPG) is a free-software replacement for Symantec's PGP cryptographic software suite.

Install

Red Hat / CentOS
$ yum install gnupg
Ubuntu / Debian
$ apt-get install gnupg
macos

See: Homebrew website for details.

$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
$ brew install gnupg
#~OR~
$ brew install gnupg2

Usage

  • Create your GPG key:
$ gpg --gen-key
  • Export your public key:
$ gpg --export --armor youremail@example.com > mypubkey.asc
  • Import another person's public key:
$ gpg --import theirpubkey.asc
  • List the public keys in your keyring:
$ gpg --list-keys
  • List private keys in your keyring:
$ gpg --list-secret-keys
  • Trust a public key:
gpg --edit-key bob

trust (invoke trust subcommand on the key)
5 (ultimate trust)
y (if prompted)
quit

Encrypt a file

  • Encrypt a file named filename.txt for a single individual (i.e., specify that individual as a recipient):
$ gpg --encrypt --recipient alice filename.txt

This will create a new encrypted file named filename.txt.gpg.

  • Encrypt a file so that only you can decrypt it (i.e., specify yourself as the recipient):
$ gpg --encrypt --recipient 'my_name' filename.txt
  • Encrypt a file so that both you and another person can decrypt the file (i.e., specify both you and the other person as recipients):
$ gpg --encrypt --recipient alice --recipient 'my_name' filename.txt
  • Encrypt a file for a group of people, define the group in your gpg.conf file (see section below), and then specify the group as a recipient:
$ gpg --encrypt --recipient dev-team filename.txt

After a while, one will want to be more concise and use the short version of the command-line options.

  • Below is that shortened command:
$ gpg -e -r journalists filename.txt

Decrypt a file to terminal (standard output)

  • The first version of this command will display the content of a file within the terminal window itself:
$ gpg --decrypt filename.txt.gpg

Use the --decrypt option only if the file is an ASCII text file. If it is a binary file, then omit the --decrypt option, which will write the decrypted file to disk.

Decrypt a file to disk

Whether the file is ASCII or binary, if you want to make changes to the content of an encrypted file, you must first decrypt it, make your changes, then re-encrypt the file. As mentioned in the previous section, you write the decrypted version of a file to disk, by omitting the --decrypt option from the command:

$ gpg filename.txt.gpg

If the encrypted file was named filename.txt.gpg, the above command will create a decrypted version named filename.txt (with the .gpg extension removed).

Create groups of people in your GPG configuration file

NOTE: Your GPG software configuration is stored in your home directory within the ~/.gnupg/gpg.conf file.

$ cat ~/.gnupg/gpg.conf
group dev-team = bob alice

External links