gpg
Encrypt, decrypt, sign, and verify files
TLDR
Create a GPG public and private key interactively
List all keys from the public keyring
Sign doc.txt without encryption (writes output to doc.txt.asc)
Encrypt and sign doc.txt for alice@example.com and bob@example.com (output to doc.txt.gpg)
Encrypt doc.txt with only a passphrase (output to doc.txt.gpg)
Decrypt doc.txt.gpg (output to stdout)
Import a public key
Export the public/private key for alice@example.com (output to stdout)
SYNOPSIS
gpg [options] [filename]
PARAMETERS
--armor
Create ASCII armored output.
--batch
Run in batch mode. Suppresses all interactive prompts.
--decrypt
Decrypt a file.
--encrypt
Encrypt a file.
--sign
Create a detached signature.
--verify
Verify a signature.
--output file
Use file as the output file. If not given, output goes to standard output.
--recipient user ID
Encrypt for user ID user ID. Can be repeated.
--gen-key
Generate a new key pair.
--list-keys
List the available keys.
--delete-secret-keys keyid
Delete the secret key associated with keyid.
--import file
Import keys from file.
--export keyid
Export key associated with keyid.
DESCRIPTION
GPG, or GNU Privacy Guard, is a complete and free implementation of the OpenPGP standard as defined by RFC4880. It allows you to encrypt and sign your data and communications; it features a versatile key management system as well as access modules for all kinds of public key directories. GPG, sometimes referred to as GnuPG, is a command-line tool that provides cryptographic privacy and authentication services.
It is commonly used for encrypting emails, files, and digital signatures, verifying software packages, and managing digital identities. The core functionalities include key generation, encryption, decryption, signing, and signature verification. GPG uses a combination of symmetric-key cryptography, asymmetric-key cryptography, and hashing to provide secure communication and data storage. It's widely used by developers to sign commits or release files to ensure it really was them who created it and nobody tampered with the files.
CAVEATS
GPG is a complex tool, and proper key management is crucial for security. Weak passphrases can compromise security. Make sure to use strong ones.
KEYRINGS
GPG uses keyrings to store keys. The public keyring stores public keys, and the secret keyring stores private keys. The default keyrings are usually located in ~/.gnupg.
TRUST MODEL
GPG implements a web of trust, where users sign each other's public keys to vouch for their authenticity. This creates a network of trust relationships, making it easier to verify the identity of key holders.
HISTORY
GPG (GNU Privacy Guard) started in 1997 by Werner Koch. It was created as a free alternative to PGP (Pretty Good Privacy) after Symantec acquired PGP. The initial versions focused on implementing the OpenPGP standard to enable secure email communication and file encryption. Over the years, GPG has been actively developed by a global community of contributors. Its usage has expanded beyond email security to include software signing, secure data storage, and identity management. It is now a widely used tool for ensuring privacy and security in various applications.
SEE ALSO
gpg-agent(1), gpgconf(1), gpgsm(1)