/ DevOps

Tools - GPG

The GNU Privacy Guard (GPG)

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications.

Let's talk about how to use.

Install GPG

  • Mac $sudo brew install gpg
  • Ubuntu $sudo apt-get install gpg
  • Windows There are some exist applications which support GPG. E.g. 'Gpg4win'

Frist Generate your own key

The public and private key pair are your assets for encryption and decryption processes.

gpg --gen-key

This command will generate a key, default is used RSA and 2048 for your key. Also, it will ask for your personal information. And the most important thing is passphrase, PLEASE DON'T FORGET IT. If you forget it, your key and all your encrypted data will be useless. And no way to recovery.

Export your public key

Please use gpg -k to see how many gpg keys you have and choose the name which one you need to export. Use the following command.
gpg --armor --output 31mins.asc --export '31mins'

Then you can send your pubkey to who want to send you the file.

Encryption

Assume we have one file named test, we can use the following command to encrypt this file and get test.gpg.

  • -e, --encrypt means encrypt data
  • -r, --recipient means this encryption for whom.
  • -o, --output can change the output file name.

gpg -e -r '31mins' -o test1 test, we will get a file test1 for key owner 31mins.

Encryption for someone else is the same process for the encryption, just need to import the key from other pubkey. e.g. gpg --import 31mins.asc, then you can check the key list with gpg -k. After that, we can use -r to point to become a recipient.

Decryption

The decryption means you need the private key for this key pair. Also, the very important thing is the passphrase. It will ask you for the pass when you try to decrypt the file.

  • -o, --output can change the output file name.
  • -d, --decrypt to point which file you want to decrypt.

gpg -o test.31mins -d test1, then you will get the test.31mins.

More

There are more details for gpg, it's a very strong command tool to guard your private content. See link, also can get more information from the man page.