≡ Menu

How to Encrypt and Decrypt a File using GnuPG in Linux

Using GnuPG gpg command you can generate public and private keys. In this tutorial, we will use the keys generated by gpg command to send and receive encrypted files, and digitally sign a file.

Encrypt a file and send it to your Friend

1. Import your friend’s public key

When you want to send a secret file to your friend, the first thing to do is to import your friend’s public key. You can import your friends public key from a “Key server” if he/she has exported their public key to a key server.

Refer to the “Export Your Public Keys” section in our GnuPG Basics article to understand how to export your public key to a key server.

To import public key from a key server, do the following. You can import by using any one of the above methods. Provide your friend’s Key-ID or E-Mail ID or Real Name to import the keys correctly.

$ gpg --search-keys --keyserver keyserver.ubuntu.com 'KEY-ID'

or

$ gpg --search-keys --keyserver keyserver.ubuntu.com 'E-Mail ID'

or

$ gpg --search-keys --keyserver keyserver.ubuntu.com 'Real Name'

To import public key from a file, do the following. If your friend has E-Mailed you his/her public key, then you can import those keys by using the following command

$ gpg --import myfriends_pub_key.gpg

2. Verify the imported key server

You can verify whether you have successfully imported your friend’s public key using –list-keys option

$ gpg --list-keys

/home/lakshmanan/.gnupg/pubring.gpg
-----------------------------------
pub   2048R/A7344E7D 2012-10-12
uid                  lakshmanan (My test GPG keys)
sub   2048R/96F8EF9B 2012-10-12

pub   2048R/FB2744A8 2012-12-03
uid                  raman (Ram's test ID)
sub   2048R/88EF55EE 2012-12-03

Now I’ve my friend Raman’s public key imported.

3. Encryp a secret file using your friend’s public key

Now that you have the public key of your friend, you can send him a file, which is encrypted using “Your Friend’s Public Key”, so only your friend ( Who is having the private key ), can decrypt it.

$ gpg --encrypt --recipient raman a.txt

gpg: 88EF55EE: There is no assurance this key belongs to the named user

pub  2048R/88EF55EE 2012-12-03 raman (Ram's test ID)
 Primary key fingerprint: FF32 7764 A0AE 1E85 AC4B  CF17 8AED B292 FB27 44A8
      Subkey fingerprint: D6A5 7107 77C8 6845 2F86  765C EEED DD85 88EF 55EE

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y

Note that there is a warning, which says, there is no guarantee that the “Public Key” belongs to your friend. We will look back at this when time permits. As of now, since I trust my fried, I’ve given “Yes” to use the key.

It will create a file named “a.txt.pgp”, when opened using editor, it will have some binary data. Send this file to your friend by any means.

If you don’t want to send a binary content, or there are issues in sending binary, you can use the –armor option which creates an ASCII file as shown below.

$ gpg --encrypt --armor --recipient raman a.txt

Decrypt a file

Now your friend would have received your encrypted file. In order to view the content of the file, he need to decrypt the file. Since decrypt operation will be performed by using your friend’s private key, it will ask for the passphrase provided by your friend while creating keys.

$ gpg --decrypt a.txt.gpg > secret.txt

Now the file secret.txt will contain the actual text written.

Send an encrypted file to multiple recipient

You can also send a file to multiple recipients by using the –recipient or -r

$ gpg -r raman -r steve -r gopi --encrypt a.txt

Once the above command is given, gpg will use the public key of all the recipients to encrypt the data in such a way that any one of their private keys can decrypt the data.

In our next article in this series, we will explain how to sign the message with data and timestamp on it.

Add your comment

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

Comments on this entry are closed.

  • Jalal Hajigholamali February 9, 2013, 10:04 am

    Hi,
    Thanks for nice and useful article..

  • bob February 12, 2013, 10:21 pm

    This is hardly Linux specific

  • Ehan Chang February 24, 2013, 4:22 am

    Good explaination. It is useful in managing health information.
    Thanks a lots.

  • Musa April 7, 2013, 1:41 am

    thank you so much for your short and sweet explanation…
    just a question, when we encrypt a file for multiple recipients by using the –recipient or -r, it make multiple files or only one file for all recipients?

    if only one file, so it means we can decrypt a file with different private keys???? isn’t it dangerous???!

  • Chandra Kumara April 21, 2015, 6:17 am

    While i was helpless on gpg, this is the nicest i ever fond with very simple explanation.

    Lakshmanan, thank you so much for the post.

  • Deepthi K September 1, 2015, 3:59 pm

    Very useful link on encryption and decryption