Home Encryption / Decryption An Easy Way To Encrypt And Decrypt Files From Commandline Using GnuPG In Linux

An Easy Way To Encrypt And Decrypt Files From Commandline Using GnuPG In Linux

By sk

Today, we are going to see how to encrypt and decrypt files from command line in Linux using a free utility named GNU Privacy Guard (shortly GPG or GnuPG).

There are, of course, plethora of methods, and applications are available to encrypt and decrypt files in Linux. But, encrypting and decrypting files with GnuPG is the easiest method.

What is GnuPG?

GnuPG is an Open Source OpenPGP compatible encryption system. It is a commandline, sophisticated public key cryptosystem that provides digital encryption and signing services using the OpenPGP standard.

Using GnuPG, we can easily encrypt the important and confidential files and documents. It is packaged for several operating systems and also available as pre-compiled binaries.

GnuPG is available as two versions. They are GnuPG 1.x and GnuPG 2.x. GnuPG 2.x uses the modern algorithms and is recommended by security experts. You should use GnuPG 1.x only if your distribution does not support GnuPG 2.x.

Install GnuPG

GnuPG comes pre-installed by default in most Linux distributions. If it is not by any chance, you can install GnuPG using your distribution's default package manager as shown below.

To install GnuPG in Alpine Linux, run:

$ sudo apk add gnupg

On Arch Linux and its derivatives such as EndeavourOS and Manjaro Linux:

$ sudo pacman -S gnupg

On Debian, Ubuntu, Linux Mint and Pop OS:

$ sudo apt-get install gnupg

On Fedora, RHEL, CentOS, AlmaLinux and Rocky Linux:

$ sudo dnf install gnupg

On older RHEL and its clones, use yum instead of dnf.

$ sudo yum install gnupg


$ sudo zypper in gnupg

You can check the installed GPG version at any time using command:

$ gpg --version

Sample output:

gpg (GnuPG) 2.2.27
libgcrypt 1.8.8
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/ostechnix/.gnupg
Supported algorithms:
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Encrypt And Decrypt Files Using GnuPG

First, we will look at how to encrypt files.

Encrypt Files using GnuPG

To encrypt a file using GnuPG, run:

$ gpg -c mysecret.txt 

Here, -c stands for conventional encryption, also known as symmetric encryption. Replace mysecret.txt file with your own filename in the above command.

You will be prompted to enter a passphrase to secure the file. Enter the strong passphrase twice and click OK to encrypt the file.

Encrypt Files using GnuPG
Encrypt Files using GnuPG

Heads Up: A good passphrase must be at least 8 characters long with number(s) and special character(s).

Let us verify it using ls command:

$ ls

Sample output:

mysecret.txt  mysecret.txt.gpg

As you see in the above output, the new encrypted file has the same name, but with the extension .gpg added. The original file is left intact.

As stated earlier, when we use -c flag, we encrypt the file with a symmetric cipher using a passphrase. The default symmetric cipher used is AES-128. However, we can use different encryption method with the --cipher-algo option.

Once a file encrypted, You can't view the contents of the encrypted file without the passphrase.

Even if you try to open it, you will only see some random numbers and symbols as shown below.

�       0k~

By default, encrypted files are binary. Binary encrypted files are created with the suffix .gpg.

If you want to produce an ASCII text file instead, add the -a (armor) option:

$ gpg -c mysecret.txt 

The ASCII encrypted files have the suffix .asc (i.e filename.asc).

Decrypt Files with GnuPG

To decrypt a file using GnuPG, just run:

$ gpg mysecret.txt.gpg

GnuPG automatically detects that the file is encrypted with a passphrase and asks for that passphrase. Just enter the correct passphrase, select Ok and hit Enter.

Decrypt Files with GnuPG
Decrypt Files with GnuPG

If the passphrase is correct, then it writes the decrypted data to a file with the same name but without the .gpg extension. Also, the encrypted file is left intact.

Let us verify it:

$ ls
mysecret.txt  mysecret.txt.gpg

That's it, Now you can view the decrypted file's content using any editor of your choice.

If you want the output file to be written to a different filename, use -o flag as shown below.

$ gpg -o secret.txt -d mysecret.txt.gpg

Here, -d stands for decryption and -o stands for output.

Please note that ASCII encrypted files (with the suffix .asc) can be decrypted in the same way as binary encrypted files (with the suffix .gpg).

To know more details about GnuPG, view its help section by running this command:

$ gpg -h

Or, refer gpg man pages:

$ man gpg


As you can see, encrypting and decrypting files using GnuPG is quite easy! You don't need to be an expert or an experienced Linux admin to encrypt/decrypt files.


You May Also Like


art July 2, 2020 - 2:10 pm

Thanks. I want to become a ninja someday.

Mike December 29, 2022 - 7:45 pm

The command lines can be used to setup Thunar custom actions. Then, if you use the Thunar file manager, encrypting and decrypting can be as simple as right clicking in a GUI.

sk December 30, 2022 - 11:41 am

Yes. Thunar is my current file manager. It is fast and feature-rich file manager ever I have used.


Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More