DEV Community


Posted on

Encrypt your notes with GnuPG

How many times did you want to put something on a text file, but didn't want to leave it there just waiting to be read by anyone?

How many times you were searching for a password manager and during that search you didn't have any place to store your secrets? (more on the password manager later)

There's a quick and easy way to do that: using GnuPG.

GnuPG is usually installed with every linux distribution by default. And if it isn't, in case you're using a minimal image, chances are you will need to install it even to perform some basic operations with your distribution like adding new repositories (for example).

Very often we come across the terms PGP, OpenPGP, GnuPG when searching for this subjects and it can be confusing sometimes.


  • PGP ( Pretty Good Privacy ) was the first implementation, by Phil Zimmermann, acquired by Network Associates Inc (NAI).
  • OpenPGP is the open standards version of PGP (which was by then owned by NAI.
  • GnuPG is an (complete and free) implementation of the OpenPGP standard.

More about PGP and OpenPGP can be read on the History of OpenPGP while GnuPG information can be found on The GNU Privacy Guard page

To take advantage of this, make sure you have gnupg installed on your system (yes, this is debian (/based) only but it exists on other distros):

sudo apt install gnupg2
Enter fullscreen mode Exit fullscreen mode

Generate your key (if you already haven't got one). It will ask your Name, Email and a Passphrase. Don't forget that despite all of the security that GPG provides, if you choose a weak passphrase, you'll be weakening all the process.

gpg2 --generate-key
Enter fullscreen mode Exit fullscreen mode

And put this little script (let's call it gvim) somewhere on your $PATH (like ~/bin/gvim for example and don't forget the chmod u+x ~/bin/gvim):

tmpfile=$(mktemp -p ${HOME})
# remember the email you used during key generation?
if [ $? -nq 0 ]; then
    echo "error creating tempfile"
    rm $tmpfile
    exit 1
gpg2 -d $scrfile > $tmpfile
vim $tmpfile
#this will actually wait for vim to exit

#and overwrite the original file with the new encrypted version
gpg2 -e -r $email < ${tmpfile} > $srcfile
Enter fullscreen mode Exit fullscreen mode

Next, let's setup an easy way to read those files.
It's simple to type gpg2 -d but it's simpler to create an alias (and put it on your .bashrc)

alias gcat='gpg2 -d  2>/dev/null'
Enter fullscreen mode Exit fullscreen mode

So, now, we can just use
gvim to create a new encrypted note and gcat to read it anywhere.

That is just a basic script. It doesn't really backup or ensure you don't lose your original data. I started to do some backups of all my notes, but that's really up to you.

And last but not least, since I've mentioned the password manager, we can also use this awesome password manager which takes advantage of GPG and is very simple to use!

Top comments (0)