Linux Commands

How to encrypt and decrypt with PGP

PGP plays an important role in encrypting and decrypting the data. Techniques such as hashing, public-key cryptography, and data compression are all utilized in PGP encryption. By using “GPG” or “GnuPG” which is free signing and encryption software based on PGP, you can export, import public and private keys, and also encrypt and decrypt data. The GPG key pair comprises two types of keys: Private and Public keys. You can use the public key for encrypting the data, and that encrypted data will be decrypted using the secret or private key of the receiver.

The procedure of encrypting and decrypting files with PGP comprises some simple steps. Firstly, the sender has to export your public key and send it to the receiver. Then, the receiver will import the public key in its keyring. After this, the receiver can encrypt any file utilizing the public key of the sender. On the other hand, the receiver will then decrypt the shared file using its private key.

This write-up will guide you about how to encrypt and decrypt with PGP. From exporting and importing public keys to encrypting and decrypting files, step-by-step instructions will be provided for each procedure. So, let’s start!

Note: We have already generated two GPG keypairs for the demonstration purpose, one for “john” and the other for “fred” on two separate systems. Now, we will export john’s public key, and then import it on the other system.

How to export public key with GPG

Before sending your public key to a correspondent, you have to export it first using the gpg command. In the gpg command, an additional argument is specified for identifying the public key which will be the user ID in our case, and to generate the output of the exported file in ASCII format the “-a” or “–armor” option is added in the “gpg” command.

To export a particular public key, first of all, list out the generated GPG keys on your system and select the key which you want to export. To do so, execute the below-given “GPG” command:

$ gpg --list-keys

For instance, for exporting the public key of the user “john” we will note down its user ID “uid” from the list:

To export the public key of “john” we will add the “–export” option in the GPG command. Here, the “-a” option is utilized for creating an ASCII representation of the public key, and the “>” redirect operator is used for redirecting the output of the GPG command to the “public.key” file:

$ gpg --export -a john > public.key

Here the “.key” extension indicates that the encrypted content is present inside of the specified file:

The error-free output declares that our “public.key” file is all ready to export. To check out its content, execute the following “cat” command:

$ cat public.key

As you can see, the “public.key” has stored the ASCII representation of john’s public key:

Till this point, we have created a file “public.key” that contains the ASCII representation of the public key of “john”. Now, we will share this file with another system user, so that the “newuser” can import the GPG key to its keyring.

How to import public key with GPG

With the GPG command, importing public key to your keyring is as simple as exporting them. By importing the public key of the sender, you can decrypt the received encrypted files, documents, or emails.

The previous section showed the procedure to export john’s “public.key”. Now, we will guide you about the procedure of importing it on another “newuser” account. Before importing the “public.key”, we will list out the keys present in the newuser’s keyring:

$ gpg --list-keys

Currently, “newuser” has only the GPG keypair for “fred” uid, which can be seen in the following output:

Now, to import the john’s “public.key”, we will execute the “gpg” command with the “–import” option:

$ gpg --import public.key

The below-given output is showing that the public key of “john” is imported successfully:

For the confirmation of the specified operation, we will list out the “newuser” Public keyring:

$ gpg --list-public-keys

John’s public key is imported successfully which can be seen in the below-given image:

How to edit the key trust value with GPG

After importing john’s public key to the “newuser” keyring, we will set its trust value which is “unknown” at this point:

$ gpg --list-keys

You can execute the following gpg command for editing the trust value of john’s public key:

$ gpg --edit-key john public.key

Now, type “trust” and hit “Enter” to check out the trust menu options:

gpg> trust

Here, we will enter “5” to make sure that we trust john’s public key “ultimately”:

Exit from the gpg editing window by writing out “quit” and press “Enter”:

gpg> quit

Again, list out the “gpg” keys and check out the trust value of the “john” key:

$ gpg --list-keys

How to encrypt file with GPG

On the “newuser” system, we have a file named “encryptfile1.txt” which we are going to encrypt with john’s public gpg key. Before moving towards the encryption procedure, we will show the content present inside the specified file:

$ cat encryptfile1.txt

To encrypt a file using the gpg command, follow the below-given syntax:

$ gpg -e -u [Sender_uid] -r [Receiver_uid] [Filename]

Here, the “-u” option is utilized for specifying the uid of the sender and “-r” for the recipient. The sender’s secret key and the receiver’s public key is used for encrypting the file.

Now to encrypt the “encryptfile1.txt” with the fred’s secret key and john’s public key, we will write out the following command:

$ gpg -e -u fred -r john encryptfile1.txt

The error-free output declares that an encrypted file is generated successfully. To confirm this action, we will list out the content of the current directory:

$ ls

The output shows that the “encryptfile1.txt.gpg” is created for our selected file:

Check out the “encryptfile1.txt.gpg” content by executing the “cat” command:

$ cat encryptfile1.txt.gpg

The encrypted content of the “encryptfile1.txt.gpg” will be shown in the terminal:

Now, share the encrypted file with the intended recipient over the email or using some other source.

How to decrypt file with GPG

The “-d” option is added to the “gpg” command to decrypt the encrypted file. In our case, we have shared the “encryptfile1.txt.gpg” with the “linuxhint” user, which owns john’s GPG key pair. Now to decrypt the received file, we will type out this command:

$ gpg -d encryptfile1.txt.gpg

You will be asked to enter the “Passphrase” to unlock john’s secret key. Write the passphrase in the input field and click on the “OK” button:

After entering the correct passphrase, the specified file will be decrypted, and its content will be displayed on the terminal:


PGP encryption is used by most companies for exchanging data such as files, documents, and emails over the internet. It secures sensitive information from being misused through email attacks. The public and private GPG keys are utilized to encrypt and decrypt files. Without a GPG key, no one can decrypt the data. We have guided you on how to import and export your GPG public key. Moreover, the procedure for encrypting and decrypting files with PGP is also provided.

About the author

Sharqa Hameed

I am a Linux enthusiast, I love to read Every Linux blog on the internet. I hold masters degree in computer science and am passionate about learning and teaching.