How to encrypt and decrypt files using GPG

Reading Time: 3 minutes

In Linux, you keep your data in form of files. But what if the data you are storing is sensitive. How can you protect that from unauthorized access? One of the ways is encrypting the files using GPG. In this blog, I’ll tell you what GPG is and how you can use it to encrypt and decrypt files in the Linux system.

What are GPG keys

GPG stands for GNU Privacy Guard. It uses the concept of Asymmetric encryption. Let’s see how asymmetric encryption works and how is it different from Symmetric encryption which we generally use.

In Symmetric encryption, there is only one key, generally known as password, which we use to encrypt/decrypt the files. Now the problem here is, how will you share the same password over the network to the sender/receiver. This problem is solved in Asymmetric Encryption. Le’s see how.

In Asymmetric encryption, there is a pair of keys, one public and one private. The owner can share the public key with anyone whosoever wants to send the files in an encrypted format. That encrypted file is then sent back to the owner and that can only be decrypted by the corresponding private key.

GPG Use Cases

  • Encryption: Used to encrypt files. We can some content to someone and you don’t want anyone in the middle to read it.
  • Signing Commits: Helpful for proving your identity. For eg, you can use this GPG key to sign your commits in Github, to basically verify that you’re the one actually done it.
  • Encrypting Passwords: Very helpful if you use a command line password utility like a password manager called pass. It uses your GPG keys to handle the encryption for all your secrets you want to store in that password manager.

Install GPG

For Ubuntu/any Debian based distributions

sudo apt install gnupg

For CentOS/ RHEL based distributions

sudo yum install gnupg

Verify Installation

gpg --version

GPG Commands

Generate a new key with default configuration (Quick Key Generation)

gpg --generate-key

## It will prompt you for the following
# Real Name
# Email Address
# Passphase

Generate a new key with your own configuration (Full Key Generation)

gpg --full-generate-key

## It will prompt you for the following
# Key Encryption Type
# Key Size
# Key Expiry
# Real Name
# Email Address
# Comment
# Passphase

List all GPG public keys

gpg --list-keys

List all GPG private key pairs

gpg --list-secret-keys

Export Public Key in ASCII Format

## Output to STDOUT
gpg --armor --export <email-Id>

## Output to a file
gpg --armor --export --output <file.txt> <email-Id>

Encrypt a file for a specific user using GPG (Using Asymmetric Encryption)

gpg --encrypt --recipient <recipient-user-email> <file-name>

Encrypt a file using GPG (Uses Symmetric Encryption)

gpg --symmetric <file-name>

## It will prompt for a password

Decrypt that encrypted file (For Both, Symmetric and Asymmetric Encryption)

gpg --decrypt <encrypted-file>

Conclusion

After reading this blog, you will now be able to understand what GPG keys are and why do we need them. I have tried covering some basic commands that are useful for a beginner, but still if you have any doubts/suggestions, you can contact me directly at yatharth.sharma@knoldus.com.

Also, I would like to thank you for sticking to the end. If you like this blog, please do show your appreciation by giving thumbs-ups and share this blog and provide suggestions on how can I improve my future posts to suit your needs. Follow me to get updates on different technologies.

Leave a Reply