GnuPG Encryption Cheat Sheet

Sergei
Sergei
Apr 8 · 4 min read
Image by 👀 Mabel Amber, who will one day from Pixabay

GnuPG (gpg) is a great utility that is usually available both on Linux and Mac. It can be used for generating encryption and signing keys and using them to encrypt and decrypt your sensitive data. Here’s a quick cheat sheet for basic usage scenarios.

Generating a new key

Generate a new gpg key:

The utility will ask some questions, for most of them the default values are fine:

  • What kind of key you want? (RSA and RSA)
  • What keysize do you want? (3072)
  • How long the key should be valid? (the key does not expire)
  • Real name? (Input a name to identify the key)
  • Email address? (Input the email address that you want to be associated with the key)
  • Passphrase to secure the key.

Make sure you memorize the passphrase and store it in a secure place, otherwise you’ll lose access to the key, and, consequently, to the encrypted files. An example of the generation output is provided below.

The gpg files, including the keys, are located in ~/.gnupg directory.

Here’s how to list the existing keys:

Note the line [ultimate] forketyfork <forketyfork@example.com> . Here, forketyfork is the key name. It’s preceded by the [ultimate] trust level and followed by the email associated with the key.

Backing up and importing the keys

You may want to transfer the key files to another machine. Here’s how to create a secure backup of the key:

The file backupkeys.pgp will be created. You should store it in a safe location. The option --armor allows to create a text file instead of a binary file, so such file should be readable by any text editor.

You can use this backup file to import the key on another machine. Here’s how to import the key from the backup:

When you list the keys, you’ll see that the trust level for the newly imported key is [unknown]:

So you’ll also need to set the trust level for the imported key —for your own key, you can set it to ultimate by selecting “I trust ultimately” when asked:

Now the trust level should be [ultimate] :

Encrypting and decrypting files

Encrypting and signing a file filename and store the result in filename.gpg is as easy as:

Or a shorter version:

Decrypting the file filename.gpg to filename:

Or a shorter version:

Archiving a file or a whole directory, signing and encrypting, as a one-liner:

CodeX

Everything connected with Code & Tech!

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store