Implementing GPG: Generating Keys and Encrypting Files

Vitalii Shloda
3 min readJul 4, 2023

--

Introduction

GnuPG, or GPG, is the open-source counterpart to the original Pretty Good Privacy (PGP) encryption system. It’s an extremely robust tool for encrypting data and communications, and it’s the de facto standard for this in Linux and other Unix-like systems.

This article will teach you the basics of working with GPG: how to generate key pairs and encrypt and decrypt files.

Generating GPG Keys

The first step in using GPG is to create a key pair. One half of the pair, the public key, can be safely sent to others, while the private key should remain with you.

  1. To generate a key pair, open your terminal and enter the following command:
gpg --gen-key

2. Select the type of key. For most users, RSA and RSA will be the optimal choice.

3. Select the key size. 2048 bits is a good choice for most users, but if you’re looking for more security, you can use a 4096-bit key.

4. Set the key expiration time. For most users, it’s recommended to choose an expiration time of 2–3 years.

5. Enter your name, email address, and comment.

6. Enter a passphrase to protect your private key.

After this, you will have a generated GPG key pair.

Encrypting and Decrypting Files with GPG

Once you’ve generated keys, you can encrypt files using the public key. This means that only the person with the corresponding private key can decrypt this file.

  1. To encrypt a file, use the following command:
gpg -e -u "Your Name" -r "Recipient Name" file.txt

2. To decrypt a file, use the following command:

gpg -o file_decrypted.txt -d file.txt.gpg

This command decrypts file.txt.gpg and saves the result in file_decrypted.txt.

Show all public keys with GPG

The gpg --list-keys a command is a useful GnuPG command that allows you to view all the public keys in your keyring. This is particularly helpful when managing multiple keys, as it provides a concise overview of all available keys, including their associated key ID, fingerprint, creation date, and associated email addresses. Furthermore, if you are looking for a specific key, you can append the relevant email address or ID after the --list-keys command, and GnuPG will only show information related to that key. By understanding and regularly using gpg --list-keys, you can ensure efficient and secure key management when working with GnuPG.

gpg --list-keys

Export public keys with GPG

The gpg --export a command is an integral part of the GnuPG suite, designed to export public keys from your keyring in a format that can be imported by someone else. When used without any arguments, it exports all the public keys in your keyring. However, if you want to export a specific public key, you can append the key ID or the associated email address to the command. The output is sent to stdout, so you usually want to redirect it to a file. This command makes it easy to share your public key, or any public key in your possession, in a secure and reliable manner. Remember that sharing your public key allows others to encrypt messages or files that only you can decrypt with your corresponding private key, ensuring secure communication or data sharing.

gpg --export -a --output "file output name".asc "Email address or Name"

GPG is a powerful tool for protecting your confidential information. While it can be a bit complex for beginners, over time you will appreciate its flexibility and reliability. This article covers just the basics, and I recommend exploring the additional capabilities of GPG for your encryption needs.

--

--

Vitalii Shloda
Vitalii Shloda

Written by Vitalii Shloda

Software Engineer. I write about backend, data and other amazing stuff