Linux gpg command file encryption decryption options

How to Encrypt and Decrypt Files Using Linux gpg Command and Common Options

On Linux computers and servers, gpg is one of the encryption software derived from pgp, used in numerous projects, and is one of the most widely used encryption software. Public key encryption is more secure than files or archives protected only by passwords, so it's good to use something like gpg when security is required.

Shou Arisaka
3 min read
Oct 15, 2025

On Linux computers and servers, gpg is one of the encryption software derived from pgp, used in numerous projects, and is one of the most widely used encryption software. Public key encryption is more secure than files or archives protected only by passwords, so itโ€™s good to use something like gpg when security is required.

Simple encryption with password

gpg --symmetric doc.txt
# or
gpg -c doc.txt

Simple encryption with password (batch)

gpg -c --batch --passphrase "password" doc.txt

Decrypting password-encrypted gpg files

gpg --decrypt doc.txt.gpg
# or
gpg -d doc.txt.gpg

Encrypting tar compressed files

gpg -c --batch --passphrase "password" backup.tar.gz

Generating gpg keys (hereafter, for convenience, email address and password are represented as {{email}};{{password}})

cat << 'EOT' > gen-key.txt
Key-Type: 1
Key-Length: 2048
Subkey-Type: 1
Subkey-Length: 2048
Name-Real: yuis
Name-Email: {{email}}
Expire-Date: 0
Passphrase: {{password}}
EOT

# with passphrase by prompt
# %ask-passphrase

# more info: [GPG Cheat Sheet](http://irtfweb.ifa.hawaii.edu/~lockhart/gpg/)

gpg --batch --gen-key gen-key.txt

# or interactively
# gpg --gen-key

Verifying generated keys

$ gpg --list-key "yuis <{{email}}>"
pub   2048R/13BF6B9D 2019-08-08
uid                  yuis <{{email}}>
sub   2048R/13206DBB 2019-08-08

$ gpg --export "yuis <{{email}}>" | wc
      6      31    1462
$ gpg --export | wc
     16      88    3833

Encrypting files

echo hogehoge > file.txt

gpg --encrypt --recipient '{{email}}' file.txt

Decrypting files (local server)

gpg -d file.txt.gpg
# enter passphrase
hogehoge

Deleting gpg public and private keys

gpg --delete-secret-keys "05EDCB38"
gpg --delete-keys "05EDCB38"

# or in bulk
gpg --delete-secret-and-public-keys 05EDCB38

# or by username
# gpg --delete-secret-and-public-keys test hogehoge

Sharing gpg public and private keys - output to file

gpg --export > public.key
gpg --export-secret-keys > private.key

Sharing gpg public and private keys - import on remote server

# // Copy private key file, public key file, and file.txt.gpg file to remote server

$ gpg --list-keys
$

$ gpg --import ~/rsync/public.key
gpg: key 7D...D8: public key "yuis <{{email}}>" imported
gpg: Total number processed: 1
gpg:               imported: 1

$ gpg --list-keys
/home/yuis/.gnupg/pubring.kbx
-----------------------------
pub   rsa2048 2019-08-08 [SCEA]
      D6...D8
uid           [ unknown] yuis <{{email}}>
sub   rsa2048 2019-08-08 [SEA]

$ gpg --import ~/rsync/private.key
gpg: key 7D...D8: "yuis <{{email}}>" not changed
gpg: key 7D...D8: secret key imported
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

Decrypting files (remote server)

$ gpg -d ~/rsync/file.txt.gpg
gpg: encrypted with 2048-bit RSA key, ID DF2...66, created 2019-08-08
      "yuis <{{email}}>"
hogehoge

Share this article

Shou Arisaka Oct 15, 2025

๐Ÿ”— Copy Links