Updates from Ricky Lindén

How to encrypt and decrypt files using GPG


This is basically as short as I possibly can write about how to set up and use GPG for encrypting and decrypting files with your friends. For those times when you are using unsecure normie chat apps this is the way to go for sending a file. If you'd like a more in depth tutorial, check this one for instance.

If you are using Linux you are probably good to go. If not just install GPG from your package manager. If you are using some other OS you might need to download GPG before installing.

Getting started is a bit annoying, but once setup, only two commands are needed - one for encrypting, the other for decrypting (after importing your recipient's public key).

First setup

1. Create a key pair if you don't have one, give it your@mail.xyz email address.

gpg --full-gen-key

2. Export your public key to send to your friend so (s)he can encrypt files for you.

gpg --output yourpub.key --armor --export your@mail.xyz


When you'd like to encrypt a file that only your friend can open, you need to ask them to send their public key to you. Then you import it. This only needs to be done once for each friend.

gpg --import theirpub.key

After importing their public key you'll encrypt the file using their e-mail address which they have associated with their public key you just imported.

gpg -e -r friends-email-address@mail.xyz file-to-encrypt.txt


If your friend has send you a file they encrypted using your public key (step 2), you decrypt it like this:

gpg -o decrypted-output-file-name.txt -d file-that-was-encrypted.txt.gpg

And that's the main stuffs you need to know to get started! Of course there's more to it if you want, like how to integrate it into email directly or revocation certificates and all that stuffs, but you can go deeper for that if you need it.

"nice to have's"

List both your own and imported keys

gpg --list-keys

See fingerprint of your recipients key that they just send you

gpg --fingerprint theirpub.key

And finally, to speed stuff up you can sign a imported key that you will send stuff to

gpg --sign-key their@mail.xyz