GnuPG – An easy way to Encrypt/Decrypt files from command line in Linux

We all have some secrets which we don’t want to share with anyone, such as  personal documents and photos. How to protect those from others when multiple users accessing the same system.

In Linux few applications are there to do this job ,we recently wrote about Cryptkeeper is one of the application to Encrypt & Decrypt folder in Linux. Today we are going to show you about GnuPG. GnuPG is another great application to Encrypt & Decrypt files from command line in Linux.

What’s GnuPG ?

GnuPG stands for GNU Privacy Guard, also known as GPG. GnuPG is a Free & open source utility based on OpenPGP standard which used to Encrypt & Decrypt files from command line in Linux. It allows user to encrypt and sign the data for secure electronic communication to protect documents over the internet.

Suggested Read : Cryptkeeper – An Easy Way To Encrypt And Decrypt Folder or Directory In Linux

Suggested Read : SiriKali – GUI Front End To Manage ecryptfs, cryfs, gocryptfs, securefs, and encfs Encrypted Folders

GnuPG features a versatile key management system as well as access modules for all kinds of public key directories. So, we can easily integration with other applications. Version 2 of GnuPG also provides support for S/MIME and Secure Shell (ssh).

How to install GnuPG ?

Most of the major Linux distributions by default have the GnuPG package, so simple use the Package Manager to install it. GnuPG package comes with two commands, so you can use either gpg or gpg2 command.

[Install GnuPG on Debian/Ubuntu/Mint]
$ sudo apt-get install gnupg

[Install GnuPG on RHEL/CentOS]
$ sudo yum install gnupg

[Install GnuPG on Fedora]
$ sudo dnf install gnupg

[Install GnuPG on openSUSE]
$ sudo zypper install gpg2

[Install GnuPG on Mageia]
$ sudo urpmi gnupg

[Install GnuPG on Arch Linux based system]
$ sudo pacman -S gnupg

How to Encrypt a file

Add -c switch with gpg command followed by filename to encrypt it. c uses symmetric cipher encryption. When you run first time, it will create the necessary folders on your /home directory, see the list of directories created by GnuPG.

# gpg -c magi.txt
gpg: directory '/home/magi/.gnupg' created
gpg: new configuration file '/home/magi/.gnupg/dirmngr.conf' created
gpg: new configuration file '/home/magi/.gnupg/gpg.conf' created
gpg: keybox '/home/magi/.gnupg/pubring.kbx' created
Enter passphrase:[YOUR PASSWORD]
Repeat passphrase:[YOUR PASSWORD]

Enter your password (passphrase) twice then click OK to encrypt the file. Replace magi.txt with your own filename. The magi.txt file has been encrypted with .gpg extension. See the output below.

# ls -lh
-rw-rw-r-- 1 magi magi  28 Jan 21 07:57 magi.txt
-rw-rw-r-- 1 magi magi 105 Jan 21 07:59 magi.txt.gpg

Make a note, if you missed/forget the password you can’t retrieve the documents because it uses very strong encryption. Even, you can’t view the file content post the encryption.

How to Decrypt a file ?

Use gpg command followed by filename to decrypt it, additionally we can add -d or --decrypt switch too.

# gpg magi.txt.gpg
or
# gpg -d magi.txt.gpg
or
# gpg --decrypt magi.txt.gpg

gpg: AES encrypted data
gpg: encrypted with 1 passphrase
File 'magi.txt' exists. Overwrite? (y/n) y

It will prompt the window for password. Enter you password then hit ok to decrypt the file.

Press n to write the output in different filename.

gpg: AES encrypted data
gpg: encrypted with 1 passphrase
File 'magi.txt' exists. Overwrite? (y/n) n
Enter new filename: magi1.txt

Decrypt and write output to new File

If you want to write the output to new file while decrypting, just add -o switch followed by the new file name.

# gpg -o 2g.txt magi.txt.gpg
gpg: AES encrypted data
gpg: encrypted with 1 passphrase

To read more about GnuPG

If you want to know more option which is available for GnuPG, simply navigate to man page.

# gpg --help
or
# man gpg

About Magesh Maruthamuthu

Love to play with all Linux distribution

View all posts by Magesh Maruthamuthu

Leave a Reply

Your email address will not be published. Required fields are marked *