A straight to the point guide to encrypt and secure your files using GnuPG.
Problem to solve
You want to encrypt some files using a secure and simple to use tool.
Chosen solution: GNU Privacy Guard
GNU Privacy Guard (GnuPG) is a 20 years old tool for encrypt and sign your data and communications.
If you need to cipher some files without sharing your private key you can use faster and yet secure symetrical algorithms to encrypt your data.
If you need to exchange encrypted information without exchanging keys, you should use asymmetric encryption.
Examples of use
See the gpg man page for details.
Encrypt file using AES256 algorithm
gpg --symmetric --cipher-algo AES256 file.txt
Decrypt a file and save content into another file
gpg --output decrypted-file.txt --decrypt file.txt.gpg
Encrypt with digest algorithm to mangle the passphrase
gpg --symmetric --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 --s2k-mode 3 --s2k-count 65011712 file.txt
Decrypt a file and open content with VIM
gpg --decrypt file.txt.gpg | vim -
Warning from documentation: In general, you do not want to use this option as it allows you to violate the OpenPGP standard.
gpg --openpgp ... file.txt
From documentation: Reset all packet, cipher and digest options to strict OpenPGP behavior. Use this option to reset all previous options like
--compress-algo to OpenPGP compliant values. All PGP workarounds are disabled.
Configuring GnuPG application
GnuPG stores configuration files in the home directory (default
~/.gnupg). You can change the default directory by setting the environment variable
$GNUPGHOME or using the
# Encrypt with digest algorithm to mangle the passphrase. s2k-cipher-algo AES256 s2k-digest-algo SHA512 s2k-mode 3 s2k-count 65011712
With this settings
gpg -c file.txt is equivalent to
gpg --symmetric --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 --s2k-mode 3 --s2k-count 65011712.
# Set the maximum time a cache entry is valid to 0 seconds. # In other words, make sure we're always asked to type our passphrase when decrypting. max-cache-ttl 0
# Set environment variable $GNUPGHOME export GNUPGHOME=$MY_CONFIGS/gnupg
$GNUPGHOME folder permissions to 700 and files to 600 to avoid GnuPG warnings.