Linux Commands

How to Encrypt/Decrypt files using GPG

Putting strong password on your Windows or Linux lock screen isn’t sufficient now-a-days, because these securities can easily be bypassed with some tools or using bootable recovery drives. So it’s necessary to have your important files secure using encryption. There are a lot of symmetric and asymmetric encryption standards & tools available to password protect your important documents and files.

GPG (Gnu Privacy Guard) is an Open source implementation of Open PGP (Pretty Good Privacy) asymmetric encryption protocol. It generates a key pair of Public and Private keys to encrypt and decrypt your files. Public keys are generally used to encrypt file and they cannot decrypt. On the other hand, Private keys can only decrypt encrypted files. Private keys are also encrypted with symmetric encryption to keep them secure.


If you’re Kali or Parrot Security OS user, then “gpg” will most probably be pre-installed. If you’re using some other distro then you can install it by typing

[email protected]:~$ sudo apt-get update && sudo apt-get upgrade -y
[email protected]:~$ sudo apt-get install gpg -y

Now generate a key pair

[email protected]:~$ sudo su
[email protected]:~$ gpg --full-gen-key

It’ll ask you to select key type, you can choose whatever you want. Then it’ll ask you to enter the size, the longer size you enter, the longer it’ll take to generate the keys but then generated keys will be more secure than others. You can also set the expiry date for your keys and their description in comments.

After these prompts, it’ll ask you for a passphrase. This passphrase will be used to encrypt your private keys using symmetric encryption, so even if your private keys are stolen, no body can use them to decrypt your files.

It’ll ask you to re-enter the passphrase, then after pressing enter it’ll take a while to generate the key pair.


Now Public & Private key pair is generated, and you can use this to encrypt and decrypt your files. We’ll create a test file to encrypt and decrypt using gpg.

[email protected]:~# mkdir gpg
root@user:~/gpg# cd gpg/
root@user:~/gpg# nano secret.txt

Now enter anything into the text file

[email protected]:~/gpg# cat secret.txt

Now encrypt the “secret.txt” file by specifying the user email in generated key pair. Type the following, in my example

root@user:~/gpg# gpg -r [email protected] -e secret.txt
root@user:~/gpg# ls -la

An encrypted file with extension “.gpg” will be generated in the folder. That file is encrypted and secured using your Public key of your key pair. This file now only be decrypted by using your private key.

root@user:~/gpg# ls -la
root@user:~/gpg# cat secret.txt.gpg

As you can see this encrypted file is whole new altered version of the original file which can’t be restored without the help of Private key.


Now delete the original file secret.txt and then decrypt the gpg file using Private key

root@user:~/gpg# rm secret.txt
root@user:~/gpg# gpg -d secret.txt.gpg

It’ll ask you for a passphrase of Private key

And then it’ll display the decrypted content of the file in the output.


There are variety of solutions available to implement different types of encryption techniques. Tools like TrueCrypt and VeraCrypt are used to encrypt hard drives and partitions but these aren’t efficient for general file or document encryption. GPG is a free and easy-to-use tool that can be used to encrypt secret files using secure asymmetric encryption which cannot be easily brute-forced.

About the author

Usama Azad

A security enthusiast who loves Terminal and Open Source. My area of expertise is Python, Linux (Debian), Bash, Penetration testing, and Firewalls. I’m born and raised in Wazirabad, Pakistan and currently doing Undergraduation from National University of Science and Technology (NUST). On Twitter i go by @UsamaAzad14