gpg can sign and encrypt a file, outputting a text file with the original file compressed, encrypted and the output armoured. This is useful for sending encrypted files.
To sign and encrypt a file called
gpg --output archive.zip.sig --sign archive.zip
To decrypt and verify, issue:
gpg --output archive.zip --decrypt archive.zip.sig
A detached signature, just creates a text-signature file that can be used to check the validity of the original file.
gpg to detach-sign a file, issue:
gpg --output MD5SUM.sig --detach-sig MD5SUM
to verify the signature, issue:
gpg --verify MD5SUM.sig MD5SUM
Clear-signing a document will modify that document to include the message along with the signature for that message.
gpg --clearsign list.txt
Issue on the command-line:
which should state all the available cyphers, for example:
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256
To encrypt a file using symmetric encryption, issue:
gpg --symmetric --cipher-algo CIPHER SOURCE -o DESTINATION
SOURCEis a file to encyrpt in the current path and
CIPHERis a cipher.
DESTINATIONis the destination file.
To decrypt the resulting file
DESTINATION, reverse the process:
gpg -o DESTINATION -d SOURCE
In order to get printable output, use the
armor option when encrypting a file:
gpg --armor --symmetric --cipher-algo CIPHER SOURCE -o DESTINATION
The default algorithm used by GPG is
CAST5 with a blocksize of
64 bits. In order to change the default algorithm, edit
~/.gnupg/gpg.conf and add the line:
CIPHER can be obtained by previously issuing:
You will notice this problem when GPG issues a warning:
gpg: WARNING: message was not integrity protected
64 bit block-size ciphers such as the default
–force-mdc option should be used while encrypting. This is the default for other ciphers with larger block sizes.
force-mdc can also be added to
~/.gnupg/gpg.conf as a default.
In order to encrypt a message that cannot be checked to see who it is encrypted to, add the
–throw-keyid parameter when encrypting:
gpg -v -e -a --throw-keyid -r 887245BA message.txt
-vmeans verbose output.
-ato created ASCII armoured output.
–throw-keyidmeans to not pu the recipient's key IDs into the encrypted messages.
-r 887245BAmeans to encrypt to the the recipient
message.txt is a file that contains the message to encrypt.
In the event that:
gpg: signing failed: Inappropriate ioctl for device
appears when attempting an operation with
gpg, the most likely cause is that
gpg is trying to prompt for the password to unlock the keychain but the terminal is not properly set.
To resolve the issue, run: