How to use the command 'gpg' (with examples)
GNU Privacy Guard (GPG) is a command-line tool used for secure communication and data encryption. It provides functionalities for generating and managing encryption keys, encrypting and decrypting files, signing and verifying digital signatures, and more.
Use case 1: Create a GPG public and private key interactively
Code:
gpg --full-generate-key
Motivation: Creating a GPG public and private key pair is essential for secure communication and encryption. This use case allows users to generate their own encryption keys interactively, thereby ensuring the security and authenticity of their data.
Explanation: The --full-generate-key option prompts the user to enter various parameters for generating a new key pair. This includes selecting the key type, key size, key expiration period, and providing a user ID (usually an email address) for identification purposes.
Example output:
gpg (GnuPG) 2.2.20; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
...
Use case 2: Sign doc.txt without encryption
Code:
gpg --clearsign doc.txt
Motivation: Signing a file without encrypting it provides a way to certify the authenticity and integrity of the content. This can be useful when sharing important documents or verifying the sender’s identity.
Explanation: The --clearsign option creates a detached signature of the specified file. The output is written to a file with the same name suffixed by .asc, which contains the signed data along with the signature.
Example output:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This is the content of the doc.txt file.
-----BEGIN PGP SIGNATURE-----
iF0EABEBCACcFiEE42SxXrbVhIVbNlbtFxY7HrZGdS4FAmE5CyMACgkQFxY7HrZG
dS5oIAEAyWf73L7gIC0BsKlGkRfUhcQZibcPwr3LE03HN1CgE0mRHU4EcQEg25gT
qqvRajM6tJ7WGk9IbGWkKtXUpDg2IVE=
=INbi
-----END PGP SIGNATURE-----
Use case 3: Encrypt and sign doc.txt for multiple recipients
Code:
gpg --encrypt --sign --recipient alice@example.com --recipient bob@example.com doc.txt
Motivation: Encrypting and signing a file ensures that only the intended recipients can access the content while also guaranteeing the authenticity of the sender.
Explanation: The --encrypt option encrypts the specified file using symmetric or asymmetric encryption. The --sign option adds a digital signature to the encrypted file. The --recipient option specifies the email addresses or key IDs of the recipients to whom the encrypted file will be accessible.
Example output:
-----BEGIN PGP MESSAGE-----
hQEMA1i5hsaz5/VyAQf/SHonJa4STBuAk9PXEtjg8q/ALU9VpL/vdNyZXf0llwRD
aFzooLAlD9M9sj7uAvFHMG3x3zTSWdFzL2dGojaizILG470kz2E0SSKuAIjMYLHN
fY3Q/f8ALgplInTdo1x83n9egCVe6vCFIw9F//MHoD9xZlG1nO7BXmHVwbDCX3EQ
eRfP6NE0C1Ne8Tz+KxxZ1yDEAR6TVcBLHwlahOh9ZMtwglSjiXO/Y4dzNfzeGLpv
LmfGslynLDCiA3P+ntRaautps3v2N8UcYcOdxsHMJMsfhFrqpkDwp9pugUSw69KA
r6JCFMPNYds2f15hlcP4/yqNFlWyLEu1RaGmigSN83LAdALrhr89H1D9kOgwbA3P
crs4u538KJKyQ2At
=Jhsp
-----END PGP MESSAGE-----
Use case 4: Encrypt doc.txt with a passphrase only
Code:
gpg --symmetric doc.txt
Motivation: Encrypting a file with a passphrase provides a simple and convenient way to protect its content. This method is suitable for scenarios where sharing encrypted files with others is not required.
Explanation: The --symmetric option encrypts the specified file using symmetric encryption, which requires a passphrase. The passphrase is interactively prompted from the user during the encryption process.
Example output: (No visible output)
Use case 5: Decrypt doc.txt.gpg
Code:
gpg --decrypt doc.txt.gpg
Motivation: Decrypting an encrypted file allows users to regain access to the original content and read or modify it as necessary.
Explanation: The --decrypt option decrypts the specified GPG-encrypted file and writes the decrypted content to stdout. Users may pass additional options to specify the output file path if desired.
Example output:
This is the content of the doc.txt file.
Use case 6: Import a public key
Code:
gpg --import public.gpg
Motivation: Importing a public key allows users to establish trust with the key owner and securely communicate with them.
Explanation: The --import option imports a public key from the specified file. The public key must be in the GPG keyring or ASCII-armored format to be imported successfully.
Example output: (No visible output)
Use case 7: Export public key for alice@example.com
Code:
gpg --export --armor alice@example.com
Motivation: Exporting a public key enables sharing it with others, allowing them to encrypt messages or files meant for the key owner.
Explanation: The --export option exports the public key associated with the specified identity (in this case, alice@example.com
). The --armor option ensures that the exported key is in ASCII-armored format, making it readable and shareable through text-based communication channels.
Example output:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGOieJwBDAC6AQwArItk8LABJ3u/71h98SD5QcrbZeub10pRjnpux1pK09ra
...
-----END PGP PUBLIC KEY BLOCK-----
Use case 8: Export private key for alice@example.com
Code:
gpg --export-secret-keys --armor alice@example.com
Motivation: Exporting a private key enables backing it up securely or transferring it to another trusted device.
Explanation: The --export-secret-keys option exports the private key associated with the specified identity (in this case, alice@example.com
). The --armor option ensures that the exported key is in ASCII-armored format, making it readable and storable as a plain text file.
Example output:
-----BEGIN PGP PRIVATE KEY BLOCK-----
lQMWBGOhfsUBDABkAQwAzf5WAKDUmUMt+6jpd6KX17Mra2gLPvBDUQ/XLY6ctML+
...
-----END PGP PRIVATE KEY BLOCK-----
Conclusion:
The gpg command is a powerful tool for encryption, signing, and secure communication. It offers various options and parameters to cater to different security needs. By leveraging the provided use cases and examples, users can effectively utilize GPG for securing their data and maintaining the privacy of their communication.
