The goal of this post is to get you up to speed on two of the main uses of GPG: cryptographically encrypting and decrypting data.
Note: this post is the second in a 2-part series aimed at developing a functional use of GPG for the day-to-day tasks of anyone who cares about software. Check out Part 1 to learn about signing and verifying signatures.
One important aspect of cryptographic keys is that they are simply numbers. They are often really, really big numbers, but simple integers nonetheless. Another important aspect of cryptographic keys as used in GPG is that they come in pairs: a public key and a private key. Knowledge of these numbers (the keys) allows us to perform many tasks, two of which we'll tackle here:
- Encrypt a message in a way that only a person with the knowledge of a specific key could decrypt.
- Decrypt a message that was encrypted for a private key you own.
There is much more to learn about privacy, encryption, and GPG than I cover in this series; for information on who invented this whole thing in the first place, check out Phil Zimmermann's Wikipedia page; for more on the difference between GPG and PGP, check out this article; to dig deeper into the specifics of GPG, check out their docs.
If you are coming to this article without having read Part 1, you should go and read the Priors section there. If you have already set up
gpg, created a key, exported it, and imported other people's keys, you can safely move on to Task 3 on encrypting messages.
You can encrypt a message addressed to a specific recipient using their public key if it is in your keyring. For information on how to export your public key in order to share it with others as well as information about how to import other people's public keys, check out Task 1 from Part 1 of this series.
To encrypt the file
message.txt in a way that only Morpheus will be able to decrypt it, we first check that his key in our keyring, then use the
--encrypt command like so:
# check for the recipient's info in your keyring # the second key here is our friend Morpheus' key we just imported $ gpg --list-keys pub rsa1024 2019-09-14 [SC] 0E94A26389C660DFE8C2F31705D085D9893479A7 uid [ultimate] MrAnderson <MrAnderson@email.com> sub rsa1024 2019-09-14 [E] pub rsa1024 2019-09-14 [SC] 5F357B756A571BF8A88567AF06898DFB48E3D899 uid [ full ] Morpheus <firstname.lastname@example.org> sub rsa1024 2019-09-14 [E] # produce the encrypted file message.txt.asc $ gpg --encrypt --armor -r Morpheus message.txt
Always make sure that the public key you use to encrypt is genuine! Call the person, verify on multiple channels, or message them on another encypted platform first before using their public key to encrypt a message. Note that you can enrypt a message to multiple public keys, but that will show up when people decrypt it (in other words you could not fake that a message was encrypted only for someone when in fact it was also encrypted for someone else at the same time).
Upon getting the encrypted file, our friend Morpheus could decrypt its content using
# print message to console gpg --decrypt message.txt.asc # send message to file gpg --decrypt message.txt.asc > decryptedMessage.txt
And that's it. There is much more to this little piece of software than explored in these two articles, so go ahead and type