Your cart is currently empty!
GPG: Public-Private Key Encryption
Generate public-private key pairs
gpg --gen-key
List keys
List public keys
gpg --list-public-keys # OR gpg --list-keys
List private keys
gpg --list-private-keys
Encyrpt a file
echo 'hello' > hello.txt gpg --encrypt --recipient <recipient name | email | key hash> hello.txt # OR gpg -e -r <recipient name | email | key hash> hello.txt
If you do not specify --output flag, it will generate a file named hello.txt.gpg.
Sign a file
gpg --sign hello.txt # OR gpg -s hello.txt
You may need to enter the password for your private key.
If you do not specify --output flag, it will generate a file named hello.txt.gpg.
Sign a file, not encoded
gpg --clearsign hello.txt # OR gpg --clear-sign hello.txt
You may need to enter the password for your private key.
If you do not specify --output flag, it will generate a file named hello.txt.asc.
Encrypt and sign a file
gpg --encrypt --sign --recipient <recipient name | email | key hash> hello.txt # OR gpg -e -s -r <recipient name | email | key hash> hello.txt
You may need to enter the password for your private key.
If you do not specify --output flag, it will generate a file named hello.txt.gpg.
Decrypt a file
gpg hello.txt.gpg # OR gpg -d hello.txt.gpg # OR gpg --decrypt hello.txt.gpg
Decrypt a signed file
When you want to decrypt a signed file, you need to have the public key of the sender in your keyring database.
As a sender, export your public key into public.gpg file:
# Export all public keys in the keyring gpg --output public.gpg --export # Export specific public key from the keyring gpg --output public.gpg --export <name | email | key hash>
To import the sender public key into your keyring database:
gpg --import public.gpg
Encrypt vs. sign
Both encrypt and sign resulting in an encrypted output.
The differences are:
- Sender requires recipient’s public key to ENCRYPT.
- Recipient uses its private key to DECRYPT.
- Sender requires its private key to SIGN.
- Recipient uses sender’s public key to VERIFY.
Leave a Reply