Meng Lu's home page / computing / example / Examples of using gpg
  1. Encrypting a file
    1. Encrypt a file to a binary file
    2. Encrypt a file to an ASCII text file
  2. Encrypting a file using symmetric-key algorithm
  3. Decrypting a file
  4. Editting an ecrypted file
  5. Signing a file
    1. --detach-sign
    2. --clear-sign
    3. --sign
  6. Verifying a signed file using someone's signature file
  7. Misc
    1. Verifying passphrase of a key

Encrypting a file

Encrypt a file to a binary file

$ gpg --encrypt temp.txt
You did not specify a user ID. (you may use "-r")

Current recipients:

Enter the user ID.  End with an empty line: foo@bar.com

Current recipients:
2048R/A793EF59 2011-06-05 "Foo Bar <foo@bar.com>"

Enter the user ID.  End with an empty line: 
$

Encrypt a file to an ASCII text file

$ gpg --encrypt --recipient foo@bar.com temp.txt
File `temp.txt.gpg' exists. Overwrite? (y/N) y


$ gpg --armor --encrypt --recipient foo@bar.com temp.txt
$ ls
temp.txt        temp.txt.asc    temp.txt.gpg


$ gpg --encrypt --recipient foo@bar.com --output foobar.gpg temp.txt

Encrypting a file using symmetric-key algorithm

If the file to encrypt is for secure storing and not for sharing secret with other people over network, one can use the --symmetric option:

$ gpg --symmetric temp.txt

If you'd the the encrypted file to be an ASCII text file so it can be sent in email,

$ gpg --armor --symmetric temp.txt

Decrypting a file

$ gpg --decrypt foobar.gpg

You need a passphrase to unlock the secret key for
user: "Foo Bar <foo@bar.com>"
2048-bit RSA key, ID A793EF59, created 2011-06-05 (main key ID 306807EF)

gpg: encrypted with 2048-bit RSA key, ID A793EF59, created 2011-06-05
      "Foo Bar <foo@bar.com>"
{"Gregorian",{1953,1,20}}



$ gpg --decrypt --output output.txt foobar.gpg 

You need a passphrase to unlock the secret key for
user: "Foo Bar <foo@bar.com>"
2048-bit RSA key, ID A793EF59, created 2011-06-05 (main key ID 306807EF)

gpg: encrypted with 2048-bit RSA key, ID A793EF59, created 2011-06-05
      "Foo Bar <foo@bar.com>"
$ more output.txt 
{"Gregorian",{1953,1,20}}

Editting an ecrypted file

Create Makefile with content

# example Makefile for viewing/editing an encrypted file
# Based on http://www.madboa.com/geek/gpg-quickstart/
GPGID = foo@bar.com
FILEPLAIN = temp.txt
FILECRYPT = $(FILEPLAIN).gpg

GPG = gpg
RM = /bin/rm -i
EDIT = emacs

all:
    @echo ""
    @echo "usage:"
    @echo ""
    @echo "* make view -- to see $(FILEPLAIN)"
    @echo "* make edit -- to edit $(FILEPLAIN)"
    @echo ""

edit:
    @umask 0077;$(GPG) --output $(FILEPLAIN) --decrypt $(FILECRYPT)
    @$(EDIT) $(FILEPLAIN)
    @umask 0077; $(GPG) --encrypt --recipient $(GPGID) $(FILEPLAIN)
    @$(RM) $(FILEPLAIN)

view:
    @umask 0077; $(GPG) --decrypt $(FILECRYPT) | less

Usage:

$ make

usage:

* make view -- to see temp.txt
* make edit -- to edit temp.txt

$ make view
$ make edit

You need a passphrase to unlock the secret key for
user: "Foo Bar <foo@bar.com>"
2048-bit RSA key, ID A793EF59, created 2011-06-05 (main key ID 306807EF)

gpg: encrypted with 2048-bit RSA key, ID A793EF59, created 2011-06-05
      "Foo Bar <foo@bar.com>"
File `temp.txt' exists. Overwrite? (y/N) y
File `temp.txt.gpg' exists. Overwrite? (y/N) y
remove temp.txt? y

Signing a file

--detach-sign

$ gpg --armor --detach-sign temp.txt 

You need a passphrase to unlock the secret key for
user: "Foo Bar <foo@bar.com>"
2048-bit RSA key, ID 306807EF, created 2011-06-05

$ ls
temp.txt        temp.txt.asc
$ 
$ more temp.txt.asc 
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (Darwin)

owEBWAGn/pANAwACAXBKBLAwaAfvAawoYgh0ZW1wLnR4dE3rEBt7IkdyZWdvcmlh
....
vX15h3t1BCIHkrMo3ido
=FER3
-----END PGP MESSAGE-----

--clear-sign

$ gpg --armor --clearsign temp.txt 

You need a passphrase to unlock the secret key for
user: "Foo Bar <foo@bar.com>"
2048-bit RSA key, ID 306807EF, created 2011-06-05

File `temp.txt.asc' exists. Overwrite? (y/N) y
$ more temp.txt.asc 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

{"Gregorian",{1953,1,20}}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)

iQEcBAEBAgAGBQJN6w8SAAoJEHBKBLAwaAfvDmkH/R4l7lZWWGBTvkrhbmCr9F+k
...
=UwMH
-----END PGP SIGNATURE-----

--sign

$ gpg --armor --sign temp.txt 

You need a passphrase to unlock the secret key for
user: "Foo Bar <foo@bar.com>"
2048-bit RSA key, ID 306807EF, created 2011-06-05

$ ls
temp.txt        temp.txt.asc
$ more temp.txt.asc 
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (Darwin)

owEBWAGn/pANAwACAXBKBLAwaAfvAawoYgh0ZW1wLnR4dE3rDvp7IkdyZWdvcmlh
...
=d9AE
-----END PGP MESSAGE-----

Verifying a signed file using someone's signature file

$ gpg --verify foo.txt.asc foo.txt
gpg: Signature made Sat Jun  4 22:12:28 2011 CDT using RSA key ID FD070908
gpg: Good signature from "Foo Bar <barfoo@gmail.com>"

Misc

Verifying passphrase of a key

echo "1234" | gpg2 --batch --passphrase-fd 1 -o /dev/null --local-user <KEYID or email> -as - && echo "The correct passphrase was entered for this key"

References: *

blog comments powered by Disqus