Create an encrypted copy of foo, saving it as foo.gpg in the current directory:
$ gpg --symmetric --cipher-algo AES256 foo Enter passphrase: Repeat passphrase:
Create a decrypted copy of foo.gpg, saving it as foo in the current directory:
$ gpg --output foo --decrypt foo.gpg gpg: AES256 encrypted data Enter passphrase: gpg: encrypted with 1 passphrase
Create an encrypted copy of foo, saving it as foo.asc in the current directory in ASCII-armored format (suitable for pasting into email, etc):
$ gpg --symmetric --armor --cipher-algo AES256 foo Enter passphrase: Repeat passphrase:
Same as above, but send output to stdout instead of saving as foo.asc:
$ gpg --symmetric --armor --cipher-algo AES256 --output - foo Enter passphrase: Repeat passphrase: -----BEGIN PGP MESSAGE----- Version: GnuPG v1 jA0ECQMCpjdNrpTC689g0kYBkyRd+aGyQwt8sZu+OvEilyCnXd6RiYMXM75MlSb+ OCZnMy6hBhGxvJ7R23HCkNPg76X8dH4O8k5kYtuQwL9fZL8akSY0 =uWsn -----END PGP MESSAGE-----
Decrypt foo.asc, sending output to stdout:
$ gpg --decrypt foo.asc gpg: AES256 encrypted data Enter passphrase: gpg: encrypted with 1 passphrase hello, world!
Notes:
By default, --symmetric uses AES128. Find supported ciphers with --version:
$ gpg --version
...
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
...
To disable gpg-agent, change use-agent to no-use-agent in ~/.gnupg/gpg.conf.
Why gpg rather than openssl enc?
More from The GNU Privacy Handbook: Documents may also be encrypted without using public-key cryptography. Instead, only a symmetric cipher is used to encrypt the document. The key used to drive the symmetric cipher is derived from a passphrase supplied when the document is encrypted, and for good security, it should not be the same passphrase that you use to protect your private key. Symmetric encryption is useful for securing documents when the passphrase does not need to be communicated to others. A document can be encrypted with a symmetric cipher by using the --symmetric option.
/nix | May 30, 2017