Skip to content

Encryption

Encryption can be achieved either using gpg and/or openssl.

Symmetric Encryption

A simple symmetric encryption can be achieved with the following:

gpg -c <file>

which will prompt for a passphrase and produce an encrypted file with an appended .gpg suffix.

To decrypt the encrypted file use the following:

gpg <encrypted_file>

Encryption Algorithm

gpg allows a number of algorithms. To view these algorithms run:

gpg --version

For symmetric encryption, look for algorithms listed under Cypher:.

Using one of these algorithms can be achieved as follows.

gpg --cipher-algo <ALGO> <file>

No change is required to the decrypt command.

Asymmetric Encryption

You can see a list of keys with gpg --list-keys. --list-secret-keys and --list-public-keys are also available.

  1. Generate a key pair

    bash gpg --gen-key

  2. Export your public key

    bash gpg --export --armor <name> > <name>.pub

  3. (Optional) Make a backup of your private key. Only ever store this backup in offline media. bash gpg --export-secret-keys --armor <name> > <name>.priv

  4. Import the other's public key

    bash gpg --import key.pub

  5. (Optional) Trust the key

    bash gpg --edit-key <name> Enter trust then the level you wish to trust it to

  6. Encrypt a file

    bash gpg --encrypt --recipient <recipient> <file>

  7. Decrypt a received file

    bash gpg --decrypt <file>.gpg --output <file>