7.11. Encrypting Files for Others
Problem
You want to encrypt a file so only particular recipients can decrypt it.
Solution
Obtain a recipient’s GnuPG public key. [Recipe 7.9]
Add it to your GnuPG key ring. [Recipe 7.10]
Encrypt the file using your private key and the recipient’s public key:
$ gpg -e -r
recipient_public_key_IDmyfile
To make the file decryptable by multiple recipients, repeat the -r option:
$ gpg -e -rkey1-rkey2-rkey3myfile
Warning
When you encrypt a file for a recipient other than yourself,
you can’t decrypt it! To make a
file decryptable by yourself as well, include your own public key at
encryption time (-r
your_key_id).
Discussion
This is a classic use of GnuPG: encrypting a file to be read only by an intended recipient, say, Barbara Bitflipper. To decrypt the file, Barbara will need her private key (corresponding to the public one used for encryption) and its passphrase, both of which only Barbara has (presumably). Even if Barbara’s private key gets stolen, the thief would still need Barbara’s passphrase to decrypt the file.
By default, encrypted files are binary. To produce an ASCII file instead, suitable for including in a text message (email, Usenet post, etc.), add the -a (armor) option:
$ gpg -e -r Barbara's_public_key_ID -a filenameSee Also
gpg(1).
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
