Linux tips: Encrypting and decrypting files from command line with gpg

Jack Wallen
May 30, 2009
Updated • Dec 28, 2012
Encryption, Linux
|
4

Are you paranoid? Are you afraid that someone is going to get ahold of data they sholdn't have? I am. And because of that I often encrypt files with a gpg key that was given to no one. With those encrypted files I know they are secure to most of the general public. And because I tend to use lengthy passkeys for gpg, cracking them is a challenge.

Naturally I use gpg for all of this. And when I am using gpg I am using it from the command line. It's actually quite easy to use. In this article I will show you how to create a gpg key, encrypt, and decrypt a file. You will find this such an easy task you'll be using it more than you think.Must I install?

More than likely, if you have a modern Linux distribution, gpg is already installed. If you issue the command which gpg and you get something like /usr/bin/gpgreturned, you know you have gpg installed. If you don't see that you can install it by issuing one of these commands:

sudo apt-get install gnupg

or

yum install gnupg

Once installed you will first have to generate a key. This, too, is done from the command line.

Generate your key

To generate a key issue the command:

gpg --gen-key

Once you enter that you will be asked a number of questions pertaining to your key. These should all be fairly obvious. After you complete the generation of your key make sure you remember the username for the key as well as the passphrase.

Encrypting files

Now let's get into the good stuff - encrypting files. To encrypt a file with gpg you will use the command structure:

gpg OPTIONS FILE

Because you are encrypting you will have to use the e option. And because you will want to encrypt the file with a specific users' gpg key you will use the r option. So let's say you are going to encrypt the file TEST.tgz with the gpg key of user jlwallen. To do this you would issue the command:

gpg -e -r jlwallen TEST.tgz

The resulting file would be TEST.tgz.gpg. If you tried to view the file you would instantly see it is now a binary file. If you try to untar the file you would be informed the file is not in gzip format.

Decrypting the file

Decrypting the file is just as easy as encrypting the file. We'll stick with the same example. To decrypt the file TEST.tgz.gpg issue the command:

gpg -d -o TEST.tgz TEST.tgz.gpg

You will be prompted for the passphrase associated with the user encryption key used on the file. The d option indicates you are decrypting the file and the o option indicates what file to output the results to. After this command is issued you will be back to the TEST.tgz file.

Final thoughts

Sure there are plenty of gui tools that will make this job even easier. But there are too many instances when needing the command line will enable you to do things you can't do with a gui.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. ilev said on January 24, 2012 at 7:08 pm
    Reply

    The Electronic Frontier Foundation has issued guidance for getting your mobile device across the border safely and protecting the data on it should it get seized.

    https://www.eff.org/sites/default/files/EFF-border-search_2.pdf

    1. Martin Brinkmann said on January 24, 2012 at 7:37 pm
      Reply

      Great read, thanks for posting Ilev.

  2. Rodalpho said on January 24, 2012 at 8:23 pm
    Reply

    Yes, I was just about to post that. They specifically address the hidden volume. To fill its purpose, you need to lie to law enforcement/homeland security, which is in of itself a crime. Of course once you get to court you can try to plead the fifth, but you may be forced to reveal its existence and the password in the same vein as the non-hidden volume anyway.

    The best solution to someone asking for your password isn’t to plead the fifth, but to simply say you forgot it. This is of course also perjury, but nobody can look inside your head to prove it, so unless you told your cellmate about your cunning master plan, you’re good to go.

    1. Martin Brinkmann said on January 24, 2012 at 8:32 pm
      Reply

      Or unless you write on a blog about it ;)

    2. Mikey said on July 22, 2012 at 2:19 pm
      Reply

      Rodalpho, isn’t a Truecrypt hidden volume 100% unidentifiable anyways? I don’t know, maybe an extreme expert would “recognize” certain patterns even if it’s hidden.

      Once inside your outer volume, assuming they coerced you enough to get into it, would the US Gov’t have the right to manipulate / alter / delete files as a bargaining technique? I would think it unlawful “officially”, but a little imagination brings up some issues.

  3. Rodalpho said on January 24, 2012 at 8:57 pm
    Reply

    Ahh but I am pure as the driven snow! (Except for posting on a blog during work.)

    1. jmjsquared said on January 25, 2012 at 9:01 pm
      Reply

      … and except for being Bernie Maddoff’s tax advisor!

  4. berttie said on January 24, 2012 at 11:12 pm
    Reply

    I used to be a regular visitor to the United States. About every second year. But I stopped going 7 years ago, largely because of border hassles like this. The Canadians now get my money. I know I’m not alone in this.

  5. Crodol said on January 25, 2012 at 12:45 am
    Reply

    I was travelling to the USA once or twice a year but I also a few years ago. Not going to go there again until the craze has disappeared… might be a while!

  6. DanTe said on January 25, 2012 at 4:43 am
    Reply

    Just a legal clarification: You are not required to provide your password as this is covered under the 5th Amendment against self incrimination. But should the authorities be made aware that there are files located in certain “areas” than you must provide the authorities with an unencrypted version of those files. As the authorities have a “right” to access the files once they know where it is. I would just say “I’m not aware of any”, and claim my tech guy handles everything, I don’t know tech.

    I also travel around with the following file: “a little boy and his priest.avs”. Should anyone seize and opens said file, their computers FRY :)

    But this TrueCrypt matryoshka concept is intriguing. Gotta try it out.

    1. Yes said on January 25, 2012 at 8:55 am
      Reply

      DanTe, how can I obtain said file that makes computers fry? How does it work?

      1. DanTe said on January 25, 2012 at 3:56 pm
        Reply

        Do like I do: troll the usenet for “free software” and see which one promptly got pass your virus scan and kills your stand alone PC. I do this about once a year to get the latest in killer software. Use something like the free SBNews Android or Newsbin Pro and just massively download. I generally look for the small (below 5mB) files that purports to be celebrity sex movies.

  7. Joey said on January 25, 2012 at 11:16 pm
    Reply

    This is a really good app. I tested it out by partitioning a hard drive that I planned to use for data. Then I encrypted that partition with True Crypt. I noticed that the partition was visible when I opened up Computer to view all my drives. So I went into Disk Management and removed the drive letter from the partition which made it invisible. True Crypt also has a portable app version so no need to install it on the PC. This makes it hard for even a tech saavy person to get into your guarded files. (unless they know your password, lol)

    Of course if you are accused of doing something illegal and are forced to give up your PC to the government forensic labs none of the above will help. Just get a lawyer and see what info/passwords you have to give up :-)

    1. ... said on January 27, 2012 at 10:32 am
      Reply

      “Of course if you are accused of doing something illegal and are forced to give up your PC to the government forensic labs none of the above will help.”

      Not to be rude but you don’t know what you’re talking about. :/

      1. DanTe said on January 30, 2012 at 12:01 am
        Reply

        Not to be rude … , but you don’t know what you’re talking about. Have you tried the various TrueCrypt encryption modes? And no, Da Gov’ment don’t have no magic pixie dust that allows them to crack everything.

  8. Mikey said on July 22, 2012 at 2:25 pm
    Reply

    I also have another question — this article is about the gov’t agents seizing laptops. What’s the issue on DESKtops? Also can be seized, or a different story?

    1. Martin Brinkmann said on July 22, 2012 at 2:30 pm
      Reply

      They can also be seized, no difference.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.