Protect your privacy with the Linux gpg command. Use world-class encryption to keep your secrets safe. We’ll show you how to use gpg to work with keys, encrypt files, and decrypt them.
GnuPrivacy Guard (GPG) allows you to securely encrypt files so that only the intended recipient can decrypt them. Specifically, GPG complies with the OpenPGP standard. It is modeled on a program called Pretty Good Privacy (PGP). PGP was written in 1991 by Phil Zimmerman.
GPG relies on the idea of two encryption keys per person. Each person has a private key and a public key. The public key can decrypt something that was encrypted using the private key.
To send a file securely, you encrypt it with your private key and the recipient’s public key. To decrypt the file, they need their private key and your public key.
You’ll see from this that public keys must be shared. You need to have the public key of the recipient in order to encrypt the file, and the recipient needs your public key to decrypt it. There is no danger in making your public keys just that—public. In fact, there are Public Key Servers for that very purpose, as we shall see. Private keys must be kept private. If your public key is in the public domain, then your private key must be kept secret and secure.
There are more steps involved in setting up GPG than there are in using it. Thankfully, you usually need only set it up once.
Generating Your Keys
The gpg command was installed on all of the Linux distributions that were checked, including Ubuntu, Fedora, and Manjaro.
You don’t have to use GPG with email. You can encrypt files and make them available for download, or pass them physically to the recipient. You do need to associate an email address with the keys you generate, however, so choose which email address you are going to use.
Here is the command to generate your keys. The --full-generate-key option generates your keys in an interactive session within your terminal window. You will also be prompted for a passphrase. Make sure you remember what the passphrase is. Three or four simple words joined together with punctuation is a good and robust model for passwords and passphrases.
gpg --full-generate-key
