Skip to content

Instantly share code, notes, and snippets.

@rrrix
Created December 10, 2021 22:01
Show Gist options
  • Save rrrix/e76306d20ac7c671500d8afadc4057db to your computer and use it in GitHub Desktop.
Save rrrix/e76306d20ac7c671500d8afadc4057db to your computer and use it in GitHub Desktop.

Quick n' Dirty GnuPG

Asymmetric Encryption for confidential, trusted data exchange over any transport

Prerequisite - install GnuPG if not installed

Check if GnuPG (gpg) is installed. In a Terminal:

# Check if gpg installed
$ which gpg                                                                                                                                                                                                               [0]
/usr/local/bin/gpg
$ gpg --version
gpg (GnuPG) 2.3.3
[...]

Install GnuPG

macOS with Homebrew:

brew install gnupg

macOS with MacPorts

sudo port install gnupg2

Ubuntu:

apt install gnupg

Fedora:

dnf install gnupg

CentOS:

yum install gnupg

Or download binaries directly from gnupg.org

Using GnuPG

Below outlines the following steps:

  • Set required parameters - your Name, Email Address and a strong Passphrase
  • Generate a new public/private GPG KeyPair using gpg (requires Name, Email address and Passphrase)
  • Export the public key to a text file using gpg
  • Copy the public key content to the clipboard
  • Example Public Key Content
  • Example Encrypted File Content
  • Decrypt an Encrypted File using gpg
  • Show the content of the Encrypted File

NOTE: All commands below expect a POSIX-like shell, such as zsh, bash or equivilent available on macOS or Linux.

# Optional, specify a working directory
mkdir $HOME/temp-gpg
cd $HOME/temp-gpg

# GPG Uses your Name and Email address to identify your private/public key
export MY_EMAIL="My Full Name <my.email.address@example.com>"

# GPG Uses a secret passphrase/password to encrypt your private key. 
# DO NOT LOSE THIS. DO NOT SHARE. THIS IS A SECRET. PLEASE CHANGE THIS.
export MY_SECRET_PASSPHRASE="enter a nice long secret passphrase here"

# Generate a new GnuPG KeyPair using your name and secret
echo "$MY_SECRET_PASSPHRASE" | gpg --batch --pinentry loopback --passphrase-fd /dev/stdin --quick-gen-key "$MY_EMAIL"

# Export your _public_ key to "$MY_EMAIL.pub.txt"
gpg --armor --output "$MY_EMAIL.pub.txt" --export "=$MY_EMAIL"

# Copy to Clipboard on macOS with "pbcopy"
cat "$MY_EMAIL.pub.txt" | pbcopy

# ... or print to your terminal and copy output
cat "$MY_EMAIL.pub.txt"

# Email me the text file exactly as shown, best sent as an attachment
# It will look like this:
# $MY_EMAIL.pub.txt
  -----BEGIN PGP PUBLIC KEY BLOCK-----

  mDMEYbPD7xYJKwYBBAHaRw8BAQdAlLgOG54l6Z2J3bbhb6vCZtQT9pG+4+g3JMfU
  DAfMakW0K015IEZ1bGwgTmFtZSA8bXkuZW1haWwuYWRkcmVzc0BleGFtcGxlLmNv
  bT6IlAQTFgoAPBYhBM68kyAvcwIRjCK8dhj5kwIg+0HUBQJhs8PvAhsDBQsJCAcC
  AyICAQYVCgkICwIEFgIDAQIeBwIXgAAKCRAY+ZMCIPtB1O2LAQAAbfONw2mYStWs
  dwhvuksCi1dyaWryeI39C0+00jNZ6gEA2xxZm9agVTFIycx0ewfOW4z5/aj6baik
  8Mnf+YHHmA24OARhs8PvEgorBgEEAZdVAQUBAQdACQeTs1lMUrsN9PWaWXUDH8Xo
  6XcjCwuGD+/3sn4dKXwDAQgHiHgEGBYKACAWIQTOvJMgL3MCEYwivHYY+ZMCIPtB
  1AUCYbPD7wIbDAAKCRAY+ZMCIPtB1BPjAQCSo5vLECdPqsnkfybWcO72F8/nlM7U
  Od8PW4zdhXleCwD7BFUuc839cCgoooE/QP9OYd9hJq7IlRrZrZRKylj8gAA=
  =LkKt
  -----END PGP PUBLIC KEY BLOCK-----

Decrypting a GPG Encrypted File

Place the encrypted file encrypted_file.enc.txt in the same working directory as the commands above.

NOTE: You will need your secret passphrase ($MY_SECRET_PASSPHRASE)

# I will encrypt the file content and email it back to you. It will look like this:
# encrypted_file.enc.txt
  -----BEGIN PGP MESSAGE-----

  hF4DKggLBzrRrpoSAQdAmpjKZvVJadH1B/UynjDo04wytQfd0MD0tGsp9AAypUUw
  17WW5BaHyfORFpf7yyHUFSX5ClH0k+PjfxYh9upp8LbDTmxWt8PYZLhZmICCbXtd
  1KgBCQIQJTFg56lmGU0SPLKKgSLH8GlaV45Nev2CuHZq39O7qeqkfkPmDDEWOk4I
  QkVwC0eZTGALtV98AOQ1Dn5y3Jo8Q2LUuTcH8RVbg+OIpt72pHxObcPPa3SeGE+0
  6aVLCcDOQuwRSCM8RTJGLua/5zwv/Vy2eH1mFSwCtbAW6GjLQx2jTyMFAbiusPDV
  YnjSyEHfwuwWBlizfvOa7muWUJgPqsRgspM=
  =Pgc3
  -----END PGP MESSAGE-----

# Decrypt the message and write it to "decrypted-message.txt"

ENCRYPTED_FILE="encrypted_file.enc.txt"
DECRYPTED_FILE="decrypted_file.txt"
echo "$MY_SECRET_PASSPHRASE" | gpg --batch --pinentry loopback --passphrase-fd /dev/stdin --armor --output "$DECRYPTED_FILE" --decrypt "$ENCRYPTED_FILE"

# View the decrypted file contents:
cat "$DECRYPTED_FILE"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment