LinuxCommandLibrary

gpg

Encrypt, decrypt, sign, and verify files

TLDR

Create a GPG public and private key interactively

$ gpg [[--full-gen-key|--full-generate-key]]
copy

List all keys from the public keyring
$ gpg [[-k|--list-keys]]
copy

Sign doc.txt without encryption (writes output to doc.txt.asc)
$ gpg --clearsign [doc.txt]
copy

Encrypt and sign doc.txt for alice@example.com and bob@example.com (output to doc.txt.gpg)
$ gpg [[-es|--encrypt --sign]] [[-r|--recipient]] [alice@example.com] [[-r|--recipient]] [bob@example.com] [doc.txt]
copy

Encrypt doc.txt with only a passphrase (output to doc.txt.gpg)
$ gpg [[-c|--symmetric]] [doc.txt]
copy

Decrypt doc.txt.gpg (output to stdout)
$ gpg [[-d|--decrypt]] [doc.txt.gpg]
copy

Import a public key
$ gpg --import [public.gpg]
copy

Export the public/private key for alice@example.com (output to stdout)
$ gpg [--export|--export-secret-keys] [[-a|--armor]] [alice@example.com]
copy

SYNOPSIS

gpg [options] [filename]

PARAMETERS

--armor
    Create ASCII armored output.

--batch
    Run in batch mode. Suppresses all interactive prompts.

--decrypt
    Decrypt a file.

--encrypt
    Encrypt a file.

--sign
    Create a detached signature.

--verify
    Verify a signature.

--output file
    Use file as the output file. If not given, output goes to standard output.

--recipient user ID
    Encrypt for user ID user ID. Can be repeated.

--gen-key
    Generate a new key pair.

--list-keys
    List the available keys.

--delete-secret-keys keyid
    Delete the secret key associated with keyid.

--import file
    Import keys from file.

--export keyid
    Export key associated with keyid.

DESCRIPTION

GPG, or GNU Privacy Guard, is a complete and free implementation of the OpenPGP standard as defined by RFC4880. It allows you to encrypt and sign your data and communications; it features a versatile key management system as well as access modules for all kinds of public key directories. GPG, sometimes referred to as GnuPG, is a command-line tool that provides cryptographic privacy and authentication services.

It is commonly used for encrypting emails, files, and digital signatures, verifying software packages, and managing digital identities. The core functionalities include key generation, encryption, decryption, signing, and signature verification. GPG uses a combination of symmetric-key cryptography, asymmetric-key cryptography, and hashing to provide secure communication and data storage. It's widely used by developers to sign commits or release files to ensure it really was them who created it and nobody tampered with the files.

CAVEATS

GPG is a complex tool, and proper key management is crucial for security. Weak passphrases can compromise security. Make sure to use strong ones.

KEYRINGS

GPG uses keyrings to store keys. The public keyring stores public keys, and the secret keyring stores private keys. The default keyrings are usually located in ~/.gnupg.

TRUST MODEL

GPG implements a web of trust, where users sign each other's public keys to vouch for their authenticity. This creates a network of trust relationships, making it easier to verify the identity of key holders.

HISTORY

GPG (GNU Privacy Guard) started in 1997 by Werner Koch. It was created as a free alternative to PGP (Pretty Good Privacy) after Symantec acquired PGP. The initial versions focused on implementing the OpenPGP standard to enable secure email communication and file encryption. Over the years, GPG has been actively developed by a global community of contributors. Its usage has expanded beyond email security to include software signing, secure data storage, and identity management. It is now a widely used tool for ensuring privacy and security in various applications.

SEE ALSO

gpg-agent(1), gpgconf(1), gpgsm(1)

Copied to clipboard