How to Encrypt and Decrypt Files Using GPG in Linux

In computing, encryption is a popular and most times the recommended technique of hiding information in a secretive format. GnuPG is one of the useful tools for encrypting information (files) on Linux systems.

GnuPG (also known as GNU Privacy Guard or simply GPG) is GNU’s tool used to encrypt data and create digital signatures that contribute to overall information security. It is a complete and free implementation of the OpenPGP Internet standard that provides an advanced key management solution.

There are two versions of GPG available:

  1. gpg – a standalone version that is more suited for servers and embedded platforms.
  2. gpg2 – a version intended for desktops and requires several other modules to be installed.

In some popular Linux distributions such as Debian, the gnupg2 package is a dummy transitional package that provides symlinks from gpg2 to gpg.

This guide shows how to generate a GPG key pair, export and share public keys, encrypt a file, and share and decrypt a file using GPG in Linux systems.

It demonstrates information sharing between two parties:

  1. Kili Aaron ([email protected]) whose command prompt is aaronk@tecmint.
  2. Test Admin ([email protected]) whose command prompt is root@server.

The file shared between the two parties is called secret.txt, which contains a highly sensitive password that the Test Admin wants to share with user Kili Aaron.

You can view the contents of the secret.txt file that contains the password and other remote access details using the following cat command as shown. It exists on the Test Admin’s server:

# cat secret.txt
View Secret File Contents
View Secret File Contents

Install GnuPG (GNU Privacy Guard) on Linux

To install the GnuPG package, run the appropriate command for your Linux distribution as shown. Note that the gnupg package must be installed on the two systems sharing data.

$ sudo apt install gnupg          [On Debian, Ubuntu and Mint]
$ sudo yum install gnupg          [On RHEL/CentOS/Fedora and Rocky/AlmaLinux]
$ sudo emerge -a app-crypt/gnupg  [On Gentoo Linux]
$ sudo apk add gnupg              [On Alpine Linux]
$ sudo pacman -S gnupg            [On Arch Linux]
$ sudo zypper install gnupg       [On OpenSUSE]    

Generating New GPG Key Pairs in Linux

To generate new key pairs (public and private), run the gpg command with the --full-generate-key flag on both systems and follow the prompts to define the kind of key, the key size, how long the key should be valid, a user ID to identify your key, and a secure passphrase for the key as shown in the screenshot that follows.

$ gpg --full-generate-key
Generating GPG Keys
Generating GPG Keys

List GPG Key Pairs in Linux

To list the public GPG key you have just created together with other existing keys, run the gpg command with the --list-public-keys flag. To perform a long listing, add the --keyid-format=long flag.

$ gpg --list-public-keys
OR
$ gpg --list-public-keys --keyid-format=long
List GPG Keys
List GPG Keys

To list the secret GPG key you have just created together with other existing keys, run the gpg command with the --list-secret-keys flag. To perform a long listing, add the --keyid-format=long flag.

$ gpg --list-secret-keys
OR
$ gpg --list-secret-keys --keyid-format=long
List Secret GPG Keys
List Secret GPG Keys

Export Keys with GPG in Linux

Once the GPG key pairs have been generated on both sides, the two parties can export their public keys into a file and share via email or other means.

--------- On Kili Aaron Server --------- 
$ gpg --list-public-keys
$ gpg --export -o aaronsec.key 15B4814FB0F21208FB5076E7A937C15009BAC996

--------- On Test Admin Server ---------
# gpg --list-public-keys
# gpg --export -o tadminsec.key BC39679E5FF48D4A6AEF6F3437211F0B4D6D8A61
Export GPG Keys
Export GPG Keys

Import Keys with GPG in Linux

Next, exchange the public keys either via email or secure other means such as using the scp command as shown:

$ scp aaronsec.key [email protected]:/root/
$ scp [email protected]:/root/tadminsec.key ./
Exchange GPG Keys
Exchange GPG Keys

Next, import the public key from the opposite end into the local system public keyring by adding the --import flag as shown.

# gpg --import aaronsec.key
# gpg --import tadminsec.key
Import GPG Keys
Import GPG Keys

To check if the imported public key exists in the local system keyring, list the available public keys as shown.

# gpg --list-public-keys
Confirm Imported GPG Keys
Confirm Imported GPG Keys

Encrypting Files Using GPG in Linux

Now let’s look at how to encrypt the secret file using gpg keys. For this section, we will run the commands on the Test Admin’s server.

To encrypt a plain text file using the just created GPG key pair, run the following command. The -e or --encrypt flag enables encryption and the -r or --recipient flag is used to specify the recipient ID and secret.txt is the plain text file to be encrypted.

The following command encrypts the file secret.txt using the recipient [email protected]’s public key:

#gpg -e -r [email protected] secret.txt  
OR
# gpg --encrypt --recipient [email protected] secret.txt

If the previous command run successfully, a new file (the original filename ending with .gpg extension) will be generated in the current directory:

$ ls secret.txt.gpg
Encrypt File Using GPG in Linux
Encrypt File Using GPG in Linux

To store the encrypted information in a different file, use the -o or --output option followed by a filename. In this example, the preferred filename is node_configs:

# gpg -e -r [email protected] -o node_configs secret.txt
OR
# gpg --encrypt --recipient [email protected] --output node_configs secret.txt

Now share the encrypted file with your partner via email or other secure means.

Decrypting Files Using GPG in Linux

To decrypt a file encrypted using gpg, add the -d or --decrypt flag and specify the encrypted filename. By default, the decrypted information will be displayed in standard output. You can store it in a file using the -o flag as shown.

$ gpg -d -o secrets.txt secrets.txt.gpg
$ ls secrets.txt
Decrypt File Using GPG in Linux
Decrypt File Using GPG in Linux

For more information, see the gpg/gpg2 man page as shown.

$ man gpg
OR
$ man gpg2

That’s it for the scope of this guide. GPG is a commonly used tool for encrypting and decrypting information or files in Linux. If you have any comments to share about this guide, use the feedback form below.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

1 Comment

Leave a Reply
  1. Thanks for the writing up.

    It’s probably better to name the two files (aaronsec.key and tadminsec.key) aaronpub.key and tadminpub.key, respectively, since they are in fact public keys.

    And there is no need for “secure other means” to exchange public keys. In fact public keys should be as widely published as possible.

    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.