Problem
You want to encrypt a file so only youcan decrypt it with a password.
Solution
$ gpg -c filename
Discussion
Symmetricencryption (-c)is the simplest way to encrypt a file with gpg:just provide a password at encryption time. To decrypt, provide thepassword again.
By default, encrypted files are binary. To produce an ASCII text fileinstead, add the -a (armor) option:
$ gpg -c -a filename
Binary encrypted files are created with the suffix.gpg , whereas ASCII encrypted fileshave the suffix .asc.
Though simple, symmetric encryption has some gotchas:
It’s not practical for handling multiple files atonce, as in scripts:
A bad idea:#!/bin/shfor file in file1 file2 file3 ...do gpg -c "$file"done
GnuPG will prompt for the password for each fileduring encryption and decryption. This is tedious and error-prone.Public-key encryption does not have this limitation, since nopassphrase is needed to encrypt a file. [Recipe 7.6]Another strategy is to bundle the files into a single file usingtar , then encrypt thetarball. [Recipe 7.18]
If you mistype the password during encryption anddon’t realize it, kiss your data goodbye. Youcan’t decrypt the file without the mistyped (andtherefore unknown) password. gpg prompts you forthe password twice, so there’s less chanceyou’ll mistype it, but GnuPG’s public-keyencryption leaves less opportunity to mistype a password unknowingly.
It’s not much good for sharing files securely, since you’d also ...
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.