GPG: Public-Private Key Encryption

Generate public-private key pairs

gpg --gen-key

List keys

List public keys

gpg --list-public-keys
# OR
gpg --list-keys

List private keys

gpg --list-private-keys

Encyrpt a file

echo 'hello' > hello.txt

gpg --encrypt --recipient <recipient name | email | key hash> hello.txt
# OR
gpg -e -r <recipient name | email | key hash> hello.txt

If you do not specify --output flag, it will generate a file named hello.txt.gpg.

Sign a file

gpg --sign hello.txt
# OR
gpg -s hello.txt

You may need to enter the password for your private key.

If you do not specify --output flag, it will generate a file named hello.txt.gpg.

Sign a file, not encoded

gpg --clearsign hello.txt
# OR
gpg --clear-sign hello.txt

You may need to enter the password for your private key.

If you do not specify --output flag, it will generate a file named hello.txt.asc.

Encrypt and sign a file

gpg --encrypt --sign --recipient <recipient name | email | key hash> hello.txt
# OR
gpg -e -s -r <recipient name | email | key hash> hello.txt

You may need to enter the password for your private key.

If you do not specify --output flag, it will generate a file named hello.txt.gpg.

Decrypt a file

gpg hello.txt.gpg
# OR
gpg -d hello.txt.gpg
# OR
gpg --decrypt hello.txt.gpg

Decrypt a signed file

When you want to decrypt a signed file, you need to have the public key of the sender in your keyring database.

As a sender, export your public key into public.gpg file:

# Export all public keys in the keyring
gpg --output public.gpg --export

# Export specific public key from the keyring
gpg --output public.gpg --export <name | email | key hash>

To import the sender public key into your keyring database:

gpg --import public.gpg

Encrypt vs. sign

Both encrypt and sign resulting in an encrypted output.

The differences are:

  • Sender requires recipient’s public key to ENCRYPT.
  • Recipient uses its private key to DECRYPT.
  • Sender requires its private key to SIGN.
  • Recipient uses sender’s public key to VERIFY.

References:


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *