Encrypt and Decrypt Large Files with GnuPG on Linux

Posted on January 30, 2017 at 10:58 am

First you need to generate a GPG private/public key-pair:

gpg --gen-key

Here is an example output of the command:

gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
 
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
 
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
 
Real name: File Encryption Key
Email address: your@email.com
Comment: File Encryption Key
You selected this USER-ID:
    "File Encryption Key (File Encryption Key) <your@email.com>"
 
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

You’ll be asked for a passphrase to protect your key. Use a strong password and make sure to keep it very private. It is not used to encrypt files, just to decrypt files.

You should read also: GnuGPG Not enough random bytes available.

If all went well, you should see something like this:

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key FE53C811 marked as ultimately trusted
public and secret key created and signed.
 
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   *****/******** 2017-01-30
      Key fingerprint = **** **** **** **** **** **** **** **** **** ****
uid                  File Encryption Key (File Encryption Key) 
sub   *****/******** 2017-01-30

Export public key

The public key is used only to encrypt files.

To export the public key for importing it on another server type:

gpg --armor --output file-enc-pub-key.dat --export 'File Encryption Key'

Read how to import GnuGPG public and private key.

The “File Encryption Key” is the name entered during the key generation.

Export private key

The private key is used to decrypt files encrypted with the public key.

To backup\export the private key type:

gpg --armor --output file-enc-priv-key.asc --export-secret-keys 'File Encryption Key'

Keep the private key in a secure server used only to decrypt files.

Encrypt a file

To encrypt a file you can use:

gpg --encrypt --recipient 'File Encryption Key' largefile.tar.gz

To encrypt a file without keyboard interaction use:

gpg --trust-model always --encrypt --recipient 'File Encryption Key' largefile.tar.gz

It will generate the encrypted file:

largefile.tar.gz.gpg

Decrypt an encrypted file

You can decrypt it with this command:

gpg --output largefile.tar.gz --decrypt largefile.tar.gz.gpg

You will be asked for your passphrase.

Decrypt multiple encrypted files

You can decrypt multiple files like this:

gpg --decrypt-files *.gpg

Updated on January 9, 2021 at 1:38 pm

Receive updates via email

Other Posts

Updated Posts