Encrypting data with GNU Privacy Guard

The GNU privacy guard provides a command line tool (gpg) to encrypt data and manage digital signatures. GPG supports the OpenPGP standard, and provides easy access to a variety of key distribution servers. To view the full list of options available to gpg, you can run gpg with the “-h” option:

$ gpg -h | head -20

gpg (GnuPG) 1.2.4
Copyright (C) 2003 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Syntax: gpg [options] [files]
sign, check, encrypt or decrypt
default operation depends on the input data

[ ... ]

To use the gpg utility to encrypt a text file, we can invoke gpg with the “-c” option:

$ gpg -c –cipher-algo AES256 services

$ ls -l service*
-rw-r–r– 1 matty matty 572576 11 Feb 12:50 services
-rw-r–r– 1 matty matty 168375 11 Feb 12:50 services.gpg

The “-c” option instructs gpg to encrypt the file with a symmetric key algorithm. The “–cipher-algo” option picks the algorithm to use, and the file to encrypt is passed to gpg as an argument. The full list of algorithms is included in the header of the help screen.

To decrypt a file encrypted with gpg, we can use the “-d” option:

$ gpg –output services -d services.gpg

gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase

The “–output” option is passed to gpg to control where the decrypted file contents are written. By default, gpg will print the decrypted contents to standard out. For sensitive or binary data, this is probably not what you want.

Leave a Reply

Your email address will not be published. Required fields are marked *