GPG file encryption command line in Linux

GPG file encryption using key pair
GPG basic file encryption doesn’t required public/private key. But to make a encrypted file more secure you can use RSA/DSA algorithms. These algorithms generates public and private keys to encrypt file.

There are three criteria to use GPG file encryption.

1. Encrypt/Decrypt file locally for same user account.
2. Encrypt file for other user.
3. Decrypt other users file.

The very first step is to generate key pair using below command.

# gpg –gen-key
Output:

gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection?
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter) ”

Real name: Mohan Ramadoss
Email address: rmohan@rmohan.com
Comment: System Admin
You selected this USER-ID:
“Mohan Ramadoss (System Admin) ”

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++++++++++++..+++++++++++++++.++++++++++++++++++++.+++++.+++++.+++++++++++++++++++++++++.+++++.++++++++++++++++++++++++++++++…+++++>+++++..+++++>+++++……………………………………………………..+++++

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 284 more bytes)

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++..+++++.++++++++++..++++++++++.++++++++++..++++++++++..+++++++++++++++.+++++..+++++.++++++++++.+++++.++++++++++.++++++++++..++++++++++++++++++++++++++++++..+++++>++++++++++.>+++++>+++++.<+++++………………………………………………………………………………………….>+++++…………………+++++^^^
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 2AE39E50 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/2AE39E50 2013-03-14
Key fingerprint = 0D89 4697 E22A A6CC 3017 5EA1 0389 ED6D 2AE3 9E50
uid Mohan Ramadoss (System Admin)
sub 2048g/9102AC9C 2013-03-14
1. Encrypt/Decrypt file locally for same user account.

Encrypt file for single user only. No one other can decrypt this file.

# gpg –encrypt –recipient ‘Mohan Ramadoss’ rmohan.txt
–recipient name should be same as used in key generation. Above command will automatically generate a encrypted file named rmohan.txt.gpg

Decrypt your own file rmohan.txt.gpg

# gpg –output rmohan2.txt –decrypt rmohan.txt.gpg
–output or -o is used to specify output filename. Above command will prompt for passphrase used in key pair.

2. Encrypt file for other user.

Use #1 steps to generate encrypted file. Finally share your public key and encrypted file ( rmohan.txt.gpg ) with other users. To export your public key use following command.

# gpg –armor –output pubkey.txt –export ‘Mohan Ramadoss’

Check your public key. It should be like below

# cat pubkey.txt
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.4.5 (GNU/Linux)

mQGiBFFBPwsRBADWAxKxCxLsZ1ZJ512auBkEw51HlF5+k18Yp1giOqIYtbRUPVeq
Y5o5knVKjlJDlVA0/rGh18fbKgubjZl1PL1R+tT0bMIDIs5+hg+S60nSlxBGOhYz
8h+nuY4GbOMdG0V4DJwgpOg7Haywljs0epYPtcdroRIrLg8owjcpYtIm1wCgl75F
XP6XU/CPJJoZp7DrC2Ukrg8EALra/Rwk5MXi3G8rT3dq1rX0wMmFPh+A1osnYIlM
RaaNGi28MdTGv/61pMz6ItPgBTglp6hzkRyixIuBXxqkwP8489o2MwzzwVbAUjUb
i8/U4Y3eW1jii8WBZydUn+MaMx4sKSnYXjoIHvRsiDhnIWvVUdbaeet0wOdlLj/X
+xl/BACl0xykv21zpMUXnKIadM2DeD6esMHtijzJYBfg6tgQmwjbFMtLsiPk0GdG
RCYQ0vTiSn0m78dcqsQjvfTSzd0kFnOvSkC3kNf/+cqY9ZHnin4J55LfI1m0yHhB
Ybm2zutx9f6+RB7Ariuhok9BXPVd5cPf5lO6DxmIF2qAjk83nLQ8UmFodWwgS3Vt
YXIgKExpbnV4IFN5c3RlbSBBZG1pbikgPHJhaHVsLmt1bWFyMTA5OUBnbWFpbC5j
b20+iGAEExECACAFAlFBPwsCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAD
ie1tKuOeUJUaAJ0TKvkx1qiJxlAssDkzC+1mElhBJQCgg6tm4u5NCUAbuFosG0Ix
Y34YJ1C5Ag0EUUE/EBAIAJfBCnfQI+/Oy2dLt9RdfsarK0FcsFTFRdiAWEsBoI8l
wPDNamXAqAnGqdZwiVzx26SOmLbveooZmzYGZJV8ouXLSTidpNjoFWyO45XH4Ok8
3b+lJy/JcOSRLBQWrAUaLs46KTWkd0AM+ilegfWrNkcjIbgr7WY64jk640NffRBO
bb/fj+ILpM4keV+8EigC5xWerjC2YR8mnI6P8ylGzeuUitNHToBSf6m3RBEpQxvk
AcKat7BpqJ4cz1+4ACT8RxFL7dAAnnhpbjkM4VHqSjQuf483bVa7dVYZdOA/Ys68
1h9LBBRDbpSl7UPy9s+BRpuTUq8lk69yn6tb63TWATcAAwUH/i7wnh4Vx/0HBYWo
8AjY3iqaIjTW63H70PXKwn7yxLJW2xqSQ2Sre9h9J/arZUwerky3tS3xdcEEGTSP
oXgeg2passygEAnlGUEws2BZ+3XVbSVhh+vMmqOMwz1J1GUKTOWH5vVCsfYdMmb/
4GnxV2iAKeskPRwZFHujaHA0tvlGtRXjFXqxiBuSZjgv0W93sbZQamArCYaJtwT0
2ZgrrUAVEs8JMTbSfrQEmXpfhk2mFcrf2ocAC6LwxMYZESDW6YhlY+1utEqpN6al
Mefh1g42JK2g4OV42iP7op0JeQp6emJFywumlTrnihycRXEElxur+23NSLQpeNaw
M6gUQPeISQQYEQIACQUCUUE/EAIbDAAKCRADie1tKuOeUB+VAJ9e8PprKcX3qvnW
rU8MhhXMB/G0PQCfehvC8uWR/TLtHyu5pjzCEtcsX/E=
=k3yQ
—–END PGP PUBLIC KEY BLOCK—–
3. Decrypt other users file.

To decrypt other users file, It required public key of that user. Import that public key to your account using below command. For example other users public file is otherpub.txt

# gpg –import otherpub.txt
Make sure that file has been imported successfully using below command.

# gpg –list-keys
Above command will show all public key in your account. Make sure the other users public key also exist there.

Now you can decrypt the other users file using below command

# gpg –output otheruserfile.txt otheruserfile.txt.gpg
GPG file encryption command line in Linux

AS we know, now a days it’s not safe to send and receive data over internet. There are many option available to secure your data while traveling over internet. GnuPG also provides you to encrypt your data on key basis. GPG is an encryption and signing tool for UNIX/LINUX like OS.

GnuPG provides many methods for file encryption and decryption.

Method (A): Use Basic GPG encryption

Step 1: First create a file to encrypt using GPG.

# echo “Enter file content here” > secureit.txt
Step 2: Encypt above created file using gpg.

# gpg -c secureit.txt
Above command will create a encrypted file named secureit.txt.gpg. Original file will remain same.

# ls -l
total 8
-rw-r–r– 1 root root 24 Mar 9 21:36 secureit.txt
-rw-r–r– 1 root root 74 Mar 9 21:36 secureit.txt.gpg
Step 3: Finally how to decrypt file again.

# gpg -o secureit-new.txt -d secureit.txt.gpg
gpg: CAST5 encrypted data
Enter passphrase:
You will get a new decypted file named secureit-new.txt.

# ls -l secureit-new.txt
-rw-r–r– 1 root root 24 Mar 9 21:56 secureit-new.txt
Thanks for using this article.