GPG - Encrypt and Decrypt Messages

[last updated: 2023-07-03]
GnuPG encryption home page
-----

This page still in development ...

• Now that you have created your public key, your fingerprint, and your private key,
  and you have uploaded your public key to a keyserver,
  and you have downloaded (from a keyserver) the public key of the person you're communicating with,
  you are ready to encrypt, send, receive, and decrypt messages

• Encrypt:
  $ gpg --encrypt --sign --armor -r [ recipientEmail ]   [ filenameToEncrypt ]

  
  The --sign option tells gpg to sign the file with your details.

  This allows the recipient to verify that the message is really from you.

  The --armor option tells gpg to create an ASCII file.

  The encrypted file that is created will have the same name as the original, but with “.asc” appended to the file name. 

• Decrypt:
  • Suppose you receive a file named: coded.asc
  • Decrypt it with:
    $ gpg --decrypt [ encryptedFileName ]

    This command will display the decrypted file content onto the terminal screen,
    but will not create a decrypted file.

    $ gpg --decrypt coded.asc > plain.txt

    This command will redirect the decrypted file into a new file named plain.txt

  -----------------------------------------------------------------------

• other info:

  You should include a second “-r” recipient with your own email address if you want to be able to read the encrypted message. This is because the message will be encrypted with each person’s public key, and will only be able to be decrypted with the associated private key.

  So if it was only encrypted with the other party’s public key, you would not be able to view the message again, unless you somehow obtained their private key. Adding yourself as a second recipient encrypts the message two separate times, one for each recipient.
  -----------------------------------------------------------------------