DEV Community

loading...
Cover image for How to use GnuPG  for encrypting files on MacOS

How to use GnuPG for encrypting files on MacOS

efe profile image Efe Ertugrul Updated on ・3 min read

GnuPG is an implementation of OpenPGP standard.
People use it for public-private key encryption.
It is one of the tools that Edward Snowden used to uncover the secrets of the NSA.

GnuPG is a complex tool.
I will only show you how to use it for file encryption without using keys.
And i will show some configuration files to make commands more simple.

I assume you know how to use a Unix console and have Homebrew package manager installed.

First you should install GnuPG with Homebrew:

brew install gnupg
Enter fullscreen mode Exit fullscreen mode

This will install GnuPG version 2.2.19

Check installation:

gpg --version
Enter fullscreen mode Exit fullscreen mode

You should be able to see something like this:

gpg (GnuPG) 2.2.19
libgcrypt 1.8.5
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Enter fullscreen mode Exit fullscreen mode

Now we can use GnuPG.

I have a text file named test.txt.
It contains this text:

this is a test file
Enter fullscreen mode Exit fullscreen mode

To encrypt test.txt file i will use this command:

gpg -c --armor --cipher-algo AES256 --no-symkey-cache --output test.asc test.txt 
Enter fullscreen mode Exit fullscreen mode

This command will ask you a password and create an encrypted version of test.txt file and save as test.asc file.

Command explanation:

-c means use symmetric cipher so you will enter a password for that file.
--armor is for a readable ascii output so you can easily copy/paste it.
--cipher-algo AES256 is for using AES-256 cipher. (U.S. government using it so why not)
--no-symkey-cache means GnuPG will not remember password. If you don't enter this --decrypt command won't ask your passphrase.
--output test.asc means save encrypted file as test.asc

Now i have test.asc (encrypted test.txt).
It contains this text:

-----BEGIN PGP MESSAGE-----

jA0ECQMCFBL2lERVNBzj0kwBXxdKtTQSCu4aHyiP93EfUjqYX+Qsp6sWAF+RHUMW
rqjQiLMSlSrxnBxG0E+qfoTmN+26Qb0qd9XAY7S3OTQTfi6XyvjjrNr0yiJ9
=r3J6
-----END PGP MESSAGE-----
Enter fullscreen mode Exit fullscreen mode

As you can see it is readable but meaningless.
This is because of the --armor option we added to the command.

To decrypt test.asc file i will use this command:

gpg --decrypt --no-symkey-cache --output test1.txt test.asc
Enter fullscreen mode Exit fullscreen mode

This command will ask you the password you used and if it is correct it will create a decrypted file as test1.txt.

Now i have test1.txt.
It contains this text:

this is a test file
Enter fullscreen mode Exit fullscreen mode

Configuration Files

There are some configuration files im using.
I will show you how to create these files.
These configuration files are not neccessary but they are shortening the commands i use everyday.

GnuPG creates a folder for itself.
It is normally in your $HOME folder named .gnupg.
It contains caches, your keyrings, your configuration files.
So go there and create a file named gpg.conf.(if it doesn't exists)

Write these in gpg.conf:

armor
personal-cipher-preferences AES256
verbose
use-embedded-filename
Enter fullscreen mode Exit fullscreen mode

Save it.

Now create another configuration file named gpg-agent.conf.(gpg-agent comes with gnupg installation)

Write these in gpg-agent.conf:

default-cache-ttl 0
max-cache-ttl 0
Enter fullscreen mode Exit fullscreen mode

Save it.

Now actually you should restart your pgp-agent program.

Kill it with this command:

gpgconf --kill gpg-agent
Enter fullscreen mode Exit fullscreen mode

It will launch automatically when you call gpg.
If it doesn't you can run this command to launch it:

gpgconf --launch gpg-agent
Enter fullscreen mode Exit fullscreen mode

But i think you won't need it.

Anyway now we don't need to add any options. We can simply run our command like this:

gpg -c test.txt
Enter fullscreen mode Exit fullscreen mode

This command will automatically create a file named test.txt.asc with cipher aes-256, also in ascii format and won't remember the password.

To decrypt it simply enter this command:

gpg -d test.txt.asc
Enter fullscreen mode Exit fullscreen mode

It will create a decrypted file as text.txt.

This is one of the ways to use GnuPG.
As i said before it does so much more.
You can look for more info here at GnuPG

Discussion (0)

pic
Editor guide