← ../

encrypt files with gnupg

install gnupg

sudo apt-get install gnupg

generate a new private/public keypair

gpg --full-gen-key

choose the key type

gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
Your selection? 1

choose the key size

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits

choose if/when the key will expire

Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

create a user ID for your key

GnuPG needs to construct a user ID to identify your key.

Real name: Test key
Email address: test@test.com
Comment: test key
You selected this USER-ID:
"Test key (test key) <test@test.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

protect your key with a passphrase

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

gpg: key 304D43F7C00B1DF7 marked as ultimately trusted

gpg: revocation certificate stored as '/home/user/.gnupg/openpgp-revocs.d/EA1FD3BB907951C2533F6C1C304D43F7C00B1DF7.rev'
public and secret key created and signed.

pub rsa4096 2022-04-19 [SC]
EA1FD3BB907951C2533F6C1C304D43F7C00B1DF7
uid Test key (test key) <test@test.com>
sub rsa4096 2022-04-19 [E]

you are now ready to encrypt files using your PUBLIC key.

you can share this public key with other people and they will be able to encrypt file that only you can decrypt with your private key

# create a file to encrypt
echo "super secret text" >> secret_file.txt

# encrypt the file for the user test
gpg -e -r test@test.com secret_file.txt

# list the files
ls
secret_file.txt secret_file.txt.gpg

you can now decrypt the file with your PRIVATE KEY.

# decrypt the file
gpg -d secret_file.txt.gpg
Please enter the passphrase to unlock the OpenPGP secret key:
"Test key (test key) <test@test.com>"
4096-bit RSA key, ID 370AFB3B6D4C5230,
created 2022-04-19 (main key ID 304D43F7C00B1DF7).

Passphrase:
gpg: encrypted with 4096-bit RSA key, ID 370AFB3B6D4C5230, created 2022-04-19
"Test key (test key) <test@test.com>"
super secret text

this only one functionality of gnupg, but it can do much more

gnupg home page