GnuPG (GNU Privacy Guard) is a tool for encrypting and signing data. It is a completely free implementation of the OpenPGP standard (defined by RFC4880), which is also known as GPG. This post contains a brief overview of the most important commands you probably have to use when working with GnuPG.
$ gpg --gen-key
You will be asked what kind of key you want, simply proceed with the instructions that are given to you.
Listing public keys:
$ gpg --list-keys
Listing private keys:
$ gpg --list-secret-keys
To export a public key into a file called public.asc:
$ gpg --export -a "User Name" > public.asc
To export a private key into a file called private.asc:
$ gpg --export-secret-key -a "User Name" > private.asc
Back ‘em up!
To import a public key from a file called public.asc:
$ gpg --import public.asc
To import a private key from a file called private.asc:
$ gpg --allow-secret-key-import --import private.asc
Once you have imported the person’s public key, you must now set the trust level of the key. This also prevents GPG from warning you every time you encrypt something with the recently imported public key.
Respectively specify the other person’s name or email in the command and proceed with the instructions that are given to you:
$ gpg --edit-key joe
To delete a public key:
$ gpg --delete-key "Real Name"
To delete private key:
$ gpg --delete-secret-key "Real Name"
$ gpg --fingerprint
To encrypt a file named file.txt for a single individual, specify that individual as a recipient.
$ gpg --encrypt --recipient joe file.txt
The encrypted file is going to have the .gpg extension. In this case file.txt.gpg will be created after executing the command, which you can send to the receiver.
To encrypt a file so that only you yourself can decrypt it, then specify yourself as the recipient.
$ gpg --encrypt --recipient 'My Name' file.txt
To encrypt a file so that both you and the other person can decrypt the file, specify both you and the other person as recipients.
$ gpg --encrypt --recipient joe --recipient 'My Name' file.txt
To encrypt a file for a group of individuals, define the group in your GPG configuration file (see below), and then specify the group as a recipient.
$ gpg --encrypt --recipient journalists filename.txt
There’s a shorter version to accomplish the things we have done above:
$ gpg -e -r journalists file.txt
$ gpg --decrypt file.txt.gpg
A new decrypted file without the .gpg extension will be created, in this case file.txt. Additionally omit –decrypt if you are working with a binary.
You can summarize individuals to single groups by editing your GPG configuration (e.g. in ~/.gnupg/gpg.conf) To get back to the example above, we create a group called journalists containing several individuals:
group journalists = joe tom donald
Add this line to your GPG configuration file.