GnuPG is an implementation of OpenPGP standard.
People use it for public-private key encryption.
It is one of the tools that Edward Snowden used to uncover the secrets of the NSA.
GnuPG is a complex tool.
I will only show you how to use it for file encryption without using keys.
And i will show some configuration files to make commands more simple.
I assume you know how to use a Unix console and have Homebrew package manager installed.
First you should install GnuPG with Homebrew:
brew install gnupg
This will install GnuPG version 2.2.19 (or later)
Check installation:
gpg --version
You should be able to see something like this:
gpg (GnuPG) 2.2.19
libgcrypt 1.8.5
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Now we can use GnuPG.
I have a text file named test.txt.
It contains this text:
this is a test file
To encrypt test.txt file i will use this command:
gpg -c --armor --cipher-algo AES256 --no-symkey-cache --output test.asc test.txt
This command will ask you a password and create an encrypted version of test.txt file and save as test.asc file.
Command explanation:
-c means use symmetric cipher so you will enter a password for that file.
--armor is for a readable ascii output so you can easily copy/paste it.
--cipher-algo AES256 is for using AES-256 cipher. (U.S. government using it so why not)
--no-symkey-cache means GnuPG will not remember password. If you don't enter this --decrypt command won't ask your passphrase.
--output test.asc means save encrypted file as test.asc
Now i have test.asc (encrypted test.txt).
It contains this text:
-----BEGIN PGP MESSAGE-----
jA0ECQMCFBL2lERVNBzj0kwBXxdKtTQSCu4aHyiP93EfUjqYX+Qsp6sWAF+RHUMW
rqjQiLMSlSrxnBxG0E+qfoTmN+26Qb0qd9XAY7S3OTQTfi6XyvjjrNr0yiJ9
=r3J6
-----END PGP MESSAGE-----
As you can see it is readable but meaningless.
This is because of the --armor option we added to the command.
To decrypt test.asc file i will use this command:
gpg --decrypt --no-symkey-cache --output test1.txt test.asc
This command will ask you the password you used and if it is correct it will create a decrypted file as test1.txt.
Now i have test1.txt.
It contains this text:
this is a test file
Configuration Files
There are some configuration files im using.
I will show you how to create these files.
These configuration files are not neccessary but they are shortening the commands i use everyday.
GnuPG creates a folder for itself.
It is normally in your $HOME folder named .gnupg.
It contains caches, your keyrings, your configuration files.
So go there and create a file named gpg.conf.(if it doesn't exists)
Write these in gpg.conf:
armor
personal-cipher-preferences AES256
verbose
use-embedded-filename
Save it.
Now create another configuration file named gpg-agent.conf.(gpg-agent comes with gnupg installation)
Write these in gpg-agent.conf:
default-cache-ttl 0
max-cache-ttl 0
disable-scdaemon
default-cache-ttl 0 and max-cache-ttl 0 disables password cache. disable-scdaemon disables smart card daemon program. Smart Card program starts automatically whenever gpg-agent starts. I don't use smart cards so i'm disabling it.
Save it.
Now actually you should restart your gpg-agent program manually.
Kill it with this command:
gpgconf --kill gpg-agent
It will launch automatically when you call gpg.
If it doesn't you can run this command to launch it:
gpgconf --launch gpg-agent
Anyway now we don't need to add any options. We can simply run our command like this:
gpg -c test.txt
This command will automatically create a file named test.txt.asc with cipher aes-256, also in ascii format and won't remember the password.
To decrypt it simply enter this command:
gpg -d test.txt.asc
It will create a decrypted file as text.txt.
This is one of the many ways to use GnuPG.
As i said before it does so much more.
You can look for more info here at GnuPG
Top comments (0)