The following are a list of commonly used commands for encrypting documents in Terminal (Mac, Linux) or PowerShell (Windows).
Creating A New Keypair | |
gpg --gen-key | Prompts for information and then creates an appropriate keypair |
Importing, Exporting, and Refreshing Keys | |
Importing | |
gpg --import File | Imports a key contained in File to the appropriate keyring |
gpg –recv-keys KeyID1 KeyID2 | Receives the key which corresponds to KeyID1, KeyID2, etc from the provided keyserver |
gpg --search-keys Term1 Term2 | Searches for keys which contain Term1 and Term2, etc and provides an interactive interface to choose the correct key to import to the appropriate keyring |
Exporting | |
gpg --export -a KEYID > publickey.asc | Output a public key to a plain text file |
gpg --send-keys KeyID | Upload a public key to a keyserver |
Refreshing | |
gpg --refresh-keys | Check to see if your version of a key is out of date. If so update it. |
Printing Key Information | |
gpg --list-keys | Print a list of all of the keys in your public keyring |
gpg --list-keys UniqueID | Print all keys matching UniqueID |
gpg --list-sigs | Print a list of all keys in your public keyring and their associated signatures |
gpg --list-sigs UniqueID | Print a list of all keys and their associated signatures matching UniqueID |
gpg --fingerprint | Print a list of all keys in your public keyring and their associated fingerprints |
gpg --fingerprint UniqueID | Print a list of all keys and their associated signatures matching UniqueID |
Signing a Key | |
gpg --fingerprint UniqueID | Check the local key fingerprint against the reported fingerprint |
gpg --sign-key UniqueID | If the fingerprints match sign the key with your private key |
Encrypting and Signing | |
Encrypting | |
gpg -er Recipient File | Produces File.gpg an encrypted version of File, which can be decrypted by Recipient |
echo “Text” | gpg -ear Recipient | Produces an encrypted version of Text which can be decrypted by Recipient and prints the result to the terminal |
echo “Text” | gpg -ear Recipient > OutFile | Produces an encrypted version of Text which can be decrypted by Recipient and writes the result to OutFile |
cat InFile | gpg -ear Recipient | Produces an encrypted version of the text contained in InFile which can be decrypted by Recipient and prints the result to the terminal |
cat InFile | gpg -ear Recipient > OutFile | Produces an encrypted version of the text contained in InFile which can be decrypted by Recipient and writes the result to OutFile |
Signing | |
gpg -s File | Produces File.gpg, a signed version of File, which can be verified |
echo “Text” | gpg -as | Produces a signed version of Text and prints the result to the terminal |
echo “Text” | gpg -s > OutFile | Produces a signed version of Text and writes the result to OutFile |
cat InFile | gpg -as | Produces a signed version of the text in InFile and prints the result to the terminal |
cat InFile | gpg -s > OutFile | Produces a signed version of the text in InFile and writes the result to OutFile |
gpg --detach-sign File | Produces a separate signature, File.sig, which can be used to verify File |
echo “Text” | gpg --clearsign | |
cat InFile | gpg --clearsign | |
Encrypting and Signing | |
gpg -esr Recipient File | Produces File.gpg, an encrypted and signed version of File, which can be decrypted and verified by Recipient |
echo “Text” | gpg -esar Recipient File | Produces an encrypted and signed version of Text which can be decrypted and verified by Recipient and prints the result to the terminal |
echo “Text” | gpg -esar Recipient File > OutFile | Produces an encrypted and signed version of Text which can be decrypted and verified by Recipient and writes the result to OutFile |
cat InFile | gpg -esar Recipient | Produces an encrypted and signed version of the text in InFile which can be decrypted and verified by Recipient and prints the result to the terminal |
cat InFile | gpg -esar Recipient > OutFile | Produces an encrypted and signed version of the text in InFile which can be decrypted and verified by Recipient and prints the result to the terminal |
Decrypting and Verifying | |
gpg -d InFile > OutFile | Decrypt and/or verify File |
echo “Cipher Text” | gpg -d | Decrypt and/or verify Cipher Text |
echo “Cipher Text” | gpg -d > OutFile | Decrypt and/or verify Cipher Text and write the result to OutFile |
cat InFile | gpg -d | Decrypt and/or verify the contents of File |
cat InFile | gpg -d > OutFile | Decrypt and/or verify the contents of File and write the result to OutFile |
Symmetric Encryption | |
gpg -c File | Create a file symmetrically encrypted with a passphrase |
gpg -ca File | Create a file symmetrically encrypted with a passphrase readable as plain text |
echo “Text” | gpg -ca | Symmetrically encrypt Test with a passphrase and output the result to the terminal |
echo “Text” | gpg -c > OutFile | Symmetrically encrypt Test with a passphrase and write the result to OutFile |
cat InFile | gpg -ca | Symmetrically encrypt the text in InFile and output the result to the terminal |
cat InFile | gpg -c > OutFile | Symmetrically encrypt the text in InFile and write the result to OutFile |
Created by Brian Balsamo. Used with permission.