June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
7.11. Encrypting Files for Others
Problem
You want to encrypt a file so only particular recipients can decrypt it.
Solution
Obtain a recipient’s GnuPG public key. [Recipe 7.9]
Add it to your GnuPG key ring. [Recipe 7.10]
Encrypt the file using your private key and the recipient’s public key:
$ gpg -e -r
recipient_public_key_IDmyfile
To make the file decryptable by multiple recipients, repeat the -r option:
$ gpg -e -rkey1-rkey2-rkey3myfile
Warning
When you encrypt a file for a recipient other than yourself,
you can’t decrypt it! To make a
file decryptable by yourself as well, include your own public key at
encryption time (-r
your_key_id).
Discussion
This is a classic use of GnuPG: encrypting a file to be read only by an intended recipient, say, Barbara Bitflipper. To decrypt the file, Barbara will need her private key (corresponding to the public one used for encryption) and its passphrase, both of which only Barbara has (presumably). Even if Barbara’s private key gets stolen, the thief would still need Barbara’s passphrase to decrypt the file.
By default, encrypted files are binary. To produce an ASCII file instead, suitable for including in a text message (email, Usenet post, etc.), add the -a (armor) option:
$ gpg -e -r Barbara's_public_key_ID -a filenameSee Also
gpg(1).