GNU Privacy Guard (GPG or GnuPG) can be used to encrypt files for confidentiality and also sign files for authenticity.
GnuPG, is a tool that is made in accordance with the OpenPGP Internet standard . It is used primarily for secure communication and data storage. It is a tool that adds encryption and signs data.
Package repositories are downloaded round the world. Digital signatures are used to ensure that you get an exact copy from the original packager and not a malicious version from a compromised site.
OpenPGP programs such as GPG are used to sign and verify those packages ensuring the authenticity of the source.
There is local disk encryption which protects data at rest. However, if you wish that only the intended recipient can open a file you send by email or drop into a shared folder, you need to encrypt that individual file.
OpenPGP products like GPG can encrypt a file with a shared symmetric key or with asymmetric key pairs.
GnuPG comes installed with most Linux distributions.
To check your current version
$ yum list gnupg*
The first time you run any gpg command, a configuration directory and keyring will be created in your home directory. For example, if you run
to display keys you may see the following message:
$ gpg --list-keys gpg: directory '/home/bestuser/.gnupg' created gpg: keybox '/home/bestuser/.gnupg/pubring.kbx' created gpg: /home/bestuser/.gnupg/trustdb.gpg: trustdb created
You're all good to encrypt a file if the GnuPG is installed. For symmetric encryption, use the
--symmetric option and pass the file you want to encrypt. Here I'm encrypting example.txt.
$ gpg -c example.txt
The encrypted file will have a
gpg extension i.e
This encrypted file can now be sent to a remote location.
To decrypt the file, use the
$ gpg -d sample1.txt.gpg
Determining how to share the passphrase to decrypt it is a separate issue.