Work and Technology‎ > ‎Security‎ > ‎Encryption‎ > ‎


The basics of gpg can be broken down into:
  • managing your keys
  • encrypting and decrypting your files
  • integrating gpg keys with mail and other utilities
Let's skip the details of asymmetric key encryption,  public private keys, and just know that there are two keys; your private key, and your public key. You encrypt with the public key, and you decrypt with the private key. 

The private key is the one that matters. That's the one you use to decrypt things. Your public key you can recreate, should you lose it, as long as you have your private key. 

The public key is the one you pass out to your friends and even put on your web site when you want someone to sen you something that only you can read. It sounds crazy, but through  wonders of mathematics, it can only be used to encrypt a file, never to decrypt one. So it doesn't matter who you give it to. They can encrypt something, send it to you, and you can decrypt it - all without anyone sending a password.

You can also sign things. This is when you want to send something that anyone can read, but just want to be sure it came from you. More on that later. Let's focus on secrecy.

Note - In my opinion, we can probably skip all the old command line stuff, not that it's not good to know, it's just slower. Just take some notes here and refer to: 

Key Management

Encrypt and Decrypt

This will encrypt the file and apply the default option of appending .gpg on the end of the file

    gpg -e -r '' /path/to/some/file.txt

This will do the reverse - note you have to specify the output file or you will get to view the decrypted file via stdout, probably not what you wanted

    gpg -o /path/to/some/file.txt -d /path/to/some/file.txt.gpg

On Windows

Note: Some very old notes I had taken specific to windows gpg builds

To move keys you can export, but you can also just move the keyrings. On windows, GPG expects to find the key rings in %APPDATA%/gnupg. That is different for every user

Copy the keyrings or the folder to ./ doesn't work. However, you can substitute --homedir "some location" instead.

More info can be found here