GPG Encryption — Encrypt Files and Sign Data
Use GPG (GNU Privacy Guard) to encrypt files with passwords or public keys, sign data to prove authenticity, and manage your key ring.
March 31, 20255 min read
linuxsecuritygpgencryptionsigning
What is GPG?
GPG (GNU Privacy Guard) implements the OpenPGP standard for:
- Encrypting files — only the intended recipient can read them
- Signing data — proves the data came from you and wasn't altered
- Verifying signatures — confirms authenticity
Generate GPG Keys
gpg --full-generate-key # Interactive key generation
gpg --list-keys # List public keys
gpg --list-secret-keys # List private keysSymmetric Encryption (Password-based)
# Encrypt with a password (anyone with password can decrypt)
gpg -c secret.txt # Creates secret.txt.gpg
gpg --symmetric secret.txt # Same thing, verbose flag
# Decrypt
gpg -d secret.txt.gpg > secret_decrypted.txtAsymmetric Encryption (Key-based)
# Export your public key to share
gpg --export -a "Your Name" > public.key
# Import someone else's public key
gpg --import their-public.key
# Encrypt a file for a specific recipient
gpg -e -r "recipient@email.com" secret.txt
# Decrypt (uses your private key automatically)
gpg -d secret.txt.gpgSigning Files
# Sign a file (creates .gpg)
gpg --sign file.txt
# Clearsign (readable + signature in one file)
gpg --clearsign file.txt
# Detached signature (.sig file, original unchanged)
gpg --detach-sign file.txt
# Verify a signature
gpg --verify file.txt.sig file.txtKey Management
gpg --list-keys # List public keys
gpg --delete-key "Name" # Delete public key
gpg --delete-secret-key "Name" # Delete private key
gpg --export -a "Name" > key.pub # Export public key
gpg --export-secret-keys -a > priv.key # Backup private keyAsymmetric encryption is more secure — you share your public key freely, and only your private key can decrypt messages sent to you.
Quick Check
Which gpg command encrypts a file using a password (symmetric)?
Exercise
Create a test file, encrypt it symmetrically with GPG, then decrypt it.