The GNU Privacy Guard (GPG) is a command line tool used for encrypting documents and text available on all platforms. It is an implementation of a standard known as Pretty Good Privacy (PGP).
On Mac, gnupg can be installed via Brew. gpg can be installed using apt, yum, pacman and so forth on Linux.
gpg --full-generate-keyUse gpg --full-generate-key for the full available options or gpg --gen-key to use the default options.
In both cases the user must provide a name, email, and password, but using the --full-generate-key directive will enable the user to specify the algorithm, keysize, and expiration date.
After generating a key pair, immediately generate a revocation certificate.
gpg --output revoke.asc --gen-revoke <ID>Once the first key is generated, the gpg tool will create a directory in the user's home, ~/.gnupg where the key will live.
You can list all keypairs by using the command,
gpg --list-secret-keysAfter listing the keys using the gpg --list-secret-keys command, you can export your public key as a binary file.
gpg --output filename.gpg --export <ID/EMAIL>where <ID/EMAIL> is either the id displayed when we list the keys or the email associated with the key.
To export it in ASCII-armored format, we can use the --armor directive, however we need to make sure that we route the output to a file since it will print to stdout otherwise.
gpg --armor --export <ID> > outputfile.pubgpg --import daedelus.gpgTo encrypt a document, use the following command.
gpg --output <OUTPUTFILE> --encrypt --recipient <EMAIL> <FILENAME>This will encrypt <FILENAME> and produce a file <OUTPUTFILE>. In order to decrypt it, recipient with <EMAIL> must be imported into the local keyring.
To decrypt a document, use the following command.
gpg --output <OUTPUTFILE> --decrypt <FILENAME>where <OUTPUTFILE> is the cleartext filename and <FILENAME> is the encrypted document. As long as the original recipient email public key is in your local key ring, it will automatically use that key.