Symmetric Key Encryption with GnuPG

Posted by admin on November 4, 2009 under Tech Tips | 4 Comments to Read

If you ever want to quickly protect a file by encrypting it with a simple password, you can use GnuPG and symmetric key encryption for the job. Using this method, you can use industry strength encryption like AES256 and not have to worry about public and private keys. Just remember your password and use PGP compatible software to decrypt the files when needed.

For example, this is how you can encrypt a zip file called backup.zip and output the result to a new file called backup.zip.gpg.

gpg --symmetric --cipher-algo aes256 -o backup.zip.gpg backup.zip
Enter passphrase: *******
Repeat passphrase: *******

To decrypt the file, the following will work.

gpg -d -o backup.zip backup.zip.gpg
gpg: AES256 encrypted data
Enter passphrase: *******
gpg: encrypted with 1 passphrase

For fun, here’s how to create a Gzip Tar archive (tar.gz) and encrypt it on the fly.

tar czvpf - SomeFiles/ | gpg --symmetric --cipher-algo aes256 -o backup.tar.gz.gpg
Enter passphrase: *******
Repeat passphrase: *******

To decrypt and extract in a single command, the following also works.

gpg -d backup.tar.gz.gpg | tar xzvf -
gpg: AES256 encrypted data
Enter passphrase: *******
gpg: encrypted with 1 passphrase

If you’re curious to know what other ciphers are available to you, simple use the gpg --version command.

gpg --version | grep Cipher
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH

Be Sociable, Share!

Comments

  • argv said,

    And openssl works equally well for this (in case gpg is not in base distribution of OS)?

  • BullShark said,

    gpg –version | grep Cipher
    Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH

    This example command is not good. When I do gpg –version, I see that more ciphers are listed on the next line.

    Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
    CAMELLIA192, CAMELLIA256

  • Stefan said,

    Thanks for the brief overview.

    @BullShark: yes the 2nd line is omitted, just append “-A 1” to the grep command:

    gpg –version | grep -A 1 Cipher

  • Fenn said,

    BullShark could have tryed

    gpg –version | egrep -A1 ‘Cipher:’

    or

    gpg –version | awk $’/^[A-Z]/ {f=0} /Cipher:/ {f=1} f==1 {print $0}’

    (which is really overkill unless you use it in a shell alias for convince)

    alias gpgc=’gpg –version | awk $’\”/^[A-Z]/ {f=0} /Cipher:/ {f=1} f==1 {print $0}’\” ‘

Add A Comment