GnuPG (GNU Privacy Guard) is a tool for encrypting and signing data. It is a completely free implementation of the OpenPGP standard (defined by RFC4880), which is also known as GPG. I myself prefer the command line over any GUI for GnuPG, because it is typically faster to execute stuff without having to move the mouse. This post contains a brief overview of the most important commands you probably have to use when working with GnuPG.
Generating GPG Keys
$ gpg --gen-key
You will be asked what kind of key you want, simply proceed with the instructions that are given to you.
Listing GPG Keys
Listing public keys:
$ gpg --list-keys
Listing private keys:
$ gpg --list-secret-keys
Exporting GPG Keys
To export a public key into a file called
$ gpg --export -a "User Name" > public.asc
To export a private key into a file called
$ gpg --export-secret-key -a "User Name" > private.asc
Back 'em up!
Importing GPG Keys
To import a public key from a file called
$ gpg --import public.asc
To import a private key from a file called
$ gpg --allow-secret-key-import --import private.asc
Trusting GPG Keys
Once you have imported the person's public key, you must now set the trust level of the key. This also prevents GPG from warning you every time you encrypt something with the recently imported public key.
Respectively specify the other person’s name or email in the command and proceed with the instructions that are given to you:
$ gpg --edit-key joe
Deleting GPG Keys
To delete a public key:
$ gpg --delete-key "Real Name"
To delete private key:
$ gpg --delete-secret-key "Real Name"
$ gpg --fingerprint
To encrypt a file named file.txt for a single individual, specify that individual as a recipient.
$ gpg --encrypt --recipient joe file.txt
The encrypted file is going to have the
.gpg extension. In this case
file.txt.gpg will be created after executing the command, which you can send to the receiver.
To encrypt a file so that only you yourself can decrypt it, then specify yourself as the recipient.
$ gpg --encrypt --recipient 'My Name' file.txt
To encrypt a file so that both you and the other person can decrypt the file, specify both you and the other person as recipients.
$ gpg --encrypt --recipient joe --recipient 'My Name' file.txt
To encrypt a file for a group of individuals, define the group in your GPG configuration file (see below), and then specify the group as a recipient.
$ gpg --encrypt --recipient journalists filename.txt
There's a shorter version to accomplish the things we have done above:
$ gpg -e -r journalists file.txt
$ gpg --decrypt file.txt.gpg
A new decrypted file without the
.gpg extension will be created, in this case
file.txt. Additionally omit
--decrypt if you are working with a binary.
Groups for GPG
You can summarize individuals to single groups by editing your GPG configuration (e.g. in
~/.gnupg/gpg.conf). To get back to the example above, we create a group called
journalists containing several individuals:
group journalists = joe tom donald
Add this line to your GPG configuration file.