So one day I was wondering how to encrypt a file on Linux. My first thought was using GPG and so I started reading about how to generate a keypair and almost quit in despair.
But! Turn’s out GPG supports a symmetric encryption (just passwords, no mucking about with keys) and it’s super easy!
Encrypt a file:
If you have a file
diary.txt you can encrypt it thusly:
$ gpg2 --symmetric diary.txt
You will be prompted for a password – twice. Then a new file
diary.txt.gpg will be created (you can use
--output for a different filename).
Decrypt to a file:
$ gpg2 --output diary.txt --decrypt diary.txt.gpg
You can also encrypt/decrypt using the standard input/output.
Encrypt from STDIN:
$ echo "Orange is my favourite colour." | gpg2 --symmetric --output message.gpg
Decrypt to STDOUT:
$ gpg2 --decrypt message.gpg
You’ll be asked for a password and if it’s correct the original message will be printed out.
Emacs supports GPG out of the box via Easy PG.
When you try to open a
.gpg file, you’ll be asked for a password to decrypt it and again when you save it.
A few more notes:
There are two tools called
gpg2. As far as I could find out,
gpg2is for desktops while
gpgis for servers but they both work.
- Apart from the fact that it uses AES, I know nothing about the default encryption algorithm, mode, message authentication, etc. this uses. Is it safe or should we pick a better default.
- How do you create and use a good GPG keypair?