GPG Encryption Snippet

·

Generate pair of key

ShellScript
$ gpg --gen-key

# or

$ gpg --full-generate-key

List keys

ShellScript
$ gpg --list-keys                                       
/home/ken/.gnupg/pubring.kbx
----------------------------
pub   rsa2048 2024-02-26 [SC]
      E9FA8C3C96FE003FF38FD7552459B2802BA5CDBF
uid           [ultimate] Rio Chandra <riochandra4@gmail.com>
uid           [ultimate] [jpeg image of size 5231]
sub   rsa2048 2024-02-26 [E]
sub   dsa2048 2024-02-27 [S]

pub   rsa3072 2024-02-27 [SC] [expires: 2026-02-26]
      3F3346EC17EF0A675CDE4E91823342FF03A817CF
uid           [ultimate] Kenichi <kenichi7346@gmail.com>
sub   rsa3072 2024-02-27 [E] [expires: 2026-02-26]

Export public key

You can use tab to see available key

ShellScript
$ gpg --export --armor 3F3346EC17EF0A675CDE4E91823342FF03A817CF

Only share this key to others

Export secret key

DO NOT SHARE THIS SECRET KEY

ShellScript
$ gpg --export-secret-keys --armor riochandra4@gmail.com

What is –armor ?

Armor will generate to ascii format instead binary format. Binary format can’t open by text editor and can’t easily send over internet.

Example without –armor

ShellScript
$ gpg --export 3F3346EC17EF0A675CDE4E91823342FF03A817CF 
��eݠ�
�s�wf!YI�_�q���';���[Y%��
                         M���|�b����s����������ɞF��S����GLZ�!t�b䴑�l�'���A~�_Rr,(:=$py?z���f&�ţ�P����׫x�0#i}$�3>����g�,��p�'0Xs�o��������9�tr���������秣�L����c�h�

�e�Y�m[���c��Z��:�]���?r"�{Ht%{xz�?�.}��|�H��i�^�y��&z�S��a�u�z盂���.
��yH��F�����эS�yW�0���$�P!W�

with –armor

ShellScript
$ gpg --export --armor 3F3346EC17EF0A675CDE4E91823342FF03A817CF
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBGXdoIIBDADGHkSbzfG/YJFWDeNz3XdmIVlJml+TFXGH2QbSJzuJ+9hbWSWc
4QtNi7elmgh8lmLZxszkc9bt9oOkmoeD0tDJnkYV+aJT/6f2y0dMWu0hdJhi5LSR
/WzHJ7rAFaFBftlfUnIsKBU6PQ4kcHk/evTXD89mJh2ExaPgu1CwmubwldereNww
I2l9FySmMz7+46UBs3/CZ8AsuYBwkCcwGVhz6m+hyQiTjovTF/+m4Tm2dHKnjJ6m
s430rbbnp6PTTJ7u7YbVY8BooAziDDWAj9z6Y4nzWoi8OhpdmaizP3Ii4HtIdCV7
eHq9P58ufY+ZfL8USPf7abhek3njH88mesRTqI1hsnXKeuebgqyiEZcuDR37CNtl
j1mVbVvovAob1rHtAMp5SAKVxRRG5rDb9P/G0Y1Tr3lX5ZswDo/kHsQk6FAhV54K
...
-----END PGP PUBLIC KEY BLOCK-----

Encrypt file

Complete code

ShellScript
$ gpg -e --armor -r kenichi7346@gmail.com -o secret-note-for-kenichi-no-sign.txt.gpg secret-note.txt
  • -e : encryption method
  • --armor : change to ascii
  • -r : recipient of the file, only this person able to decrypt this. you can use email, or user id or fingerprint
  • -o : output the file
  • secret-note.txt : name of file

Short code

ShellScript
$ gpg -e -r kenichi7346@gmail.com secret-note.txt

Without --armor, it will generate binary file. without -o, it will export as secret-note.txt.gpg

With sign

ShellScript
$ gpg -e --armor -r kenichi7346@gmail.com --sign riochandra4@gmail.com -o secret-note-for-kenichi.txt.gpg secret-note.txt

It will show Who encrypt this file.

Example decrypt file have no sign

The result will not show who encrypt this file

ShellScript
$ gpg -d secret-note-for-kenichi-no-sign.txt.gpg 
gpg: encrypted with 3072-bit RSA key, ID 103BE28053B41138, created 2024-02-27
      "Kenichi <kenichi7346@gmail.com>"
hello world

Example decrypt file with sign

The result will show Who encrypt/sign the file

ShellScript
$ gpg -d secret-note-for-kenichi.txt.gpg 
gpg: encrypted with 3072-bit RSA key, ID 103BE28053B41138, created 2024-02-27
      "Kenichi <kenichi7346@gmail.com>"
hello world
gpg: Signature made Sel 27 Feb 2024 03:44:02  WIB
gpg:                using DSA key 63B866127E8374BB6B05D4EF7424C79AE827CB3D
gpg: Good signature from "Rio Chandra <riochandra4@gmail.com>" [ultimate]
gpg:                 aka "[jpeg image of size 5231]" [ultimate]

Decrypt file

only use -d and gpg will try each secret key saved on computer to decrypt.

ShellScript
$ gpg -d secret-note-for-kenichi-no-sign.txt.gpg 
gpg: encrypted with 3072-bit RSA key, ID 103BE28053B41138, created 2024-02-27
      "Kenichi <kenichi7346@gmail.com>"
hello world

Encrypt only use passphrase

Instead using asymetric key, use passphrase (aka symmetric) instead. It will ask you to insert the password encryption.

ShellScript
$ gpg --symmetric secret-note.txt
## Or
$ gpg -c secret-note.txt

## It will ask you the passphrase

Use gpg -d to decrypt

ShellScript
$ gpg -d secret-note.txt.gpg

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *