How to protect data with GPG in a simple way

Further improving the security of my data (see post to understand better) I now use GPG to encrypt files from FlatPress. The idea came about thanks to sieg84 and hackan, who suggested that instead of compressing the files in a .RAR with a password, I simply compress in .TAR.GZ and then encrypt that compressed protecting it with GPG.

Linux has many qualities that I like, one of them is the HUGE documentation that the applications have, so a simple man gpg in a terminal, ready ... it gives me back all the help to learn to work with this 😉

Here I will show you how you can protect a file with GPG without much complications, using a password (passphrase or word-password) ... and obviously, then how can they access it 🙂

Suppose we have the file: my-keys.txt

To protect this file using GPG in a terminal just put:

gpg --passphrase desdelinux -c mis-claves.txt

What does this mean?

  • --passphrase desdelinux- » With this we indicate that we will encrypt / protect the file with the password: from linux
  • -c mis-claves.txt- » With this we indicate that it is the file my-keys.txt the one we want to protect.

This will create a file called my-keys.txt.gpg which is the encryption, the one that is protected with GPG.

This has a detail that at least I don't like, because when the file was created my-keys.txt.gpg you can see with the naked eye (just looking at the file name) that it is actually a .txt file, although they will NOT be able to see its content, I personally don't like that they know what type of file it actually is. To avoid this, we can add the parameter -o … Which is used to specify the name of the final file. That is:

gpg --passphrase desdelinux -o mio.gpg -c mis-claves.txt

This will generate a file called mio.gpg… and no one will know what extension the file actually is 😉

It is VERY important that regardless of the parameters you use, always leave the name of the file you want to protect until last, that is ... at the end of the line it should ALWAYS appear: -c my-keys.txt

And that is how simple it is to protect files using GPG and a password word (passphrase), but ... how to decrypt a file?

To be able to see the content of a file protected with GPG is also simple 😉…

gpg --passphrase desdelinux -d mis-claves.txt.gpg

As you can see, the only thing that changes is that now at the end we put -d (-d to decrypt) instead of -c (-c to encrypt) that we used before 🙂

And that's all. That is how simple it is to protect files with GPG without complicating generating keys, far from it ...

If you want, as was my case, to protect a folder that contains many files and subfolders, what I did was compress the folder and its contents in .TAR.GZ, and then that compressed file (.tar.gz) is the one that I protected with GPG .

Well ... nothing more to add, just clarify that I am not by far an expert on this, so if anyone knows more about it, I would appreciate if you share your knowledge with all of us 😀

The content of the article adheres to our principles of editorial ethics. To report an error click here!.

17 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *



  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   oroxo said

    I would like to make an observation, I am a gentoo user and the package "app-crypt / gnupg" did not have it installed, I make the observation because I imagine that arch and other distros of the type "do it yourself" will have to install the package to be able to encrypt with gpg

    1.    KZKG ^ Gaara said

      Oh ok, perfect clarification 😀
      Thanks for the comment 🙂

  2.   Miguelinux said

    Hello! I have a question, is there a way such that decrypting the file returns the original name or at least the original extension?
    Greetings and thank you very much 🙂

    1.    KZKG ^ Gaara said

      Hello such.
      I'm not an expert on the subject, I just read the help and looked for some information about it haha, but ... I'm not really sure. I didn't read of any option that would allow decryption to automatically recognize the file type and put the extension at the end, that's why I used the option -o for the output.

      Although, if figures file.txt would become file.txt.gpg, and when deciphering it it would be file.txt

      1.    hackan said

        that's exactly what the behavior is about. If the name is changed after encryption, the file extension will not be known when decrypting (in principle, since the decrypted file can be analyzed and thus its extension)


        1.    KZKG ^ Gaara said

          Indeed 😀… in fact, a friend showed me an example of openssl… do you know this command? ... not bad hehehe.

  3.   Felix said

    Just add the -o file.txt option again
    The problem is that it automatically doesn't (that I know of).
    Another option is that you always compress it into a file and then make gpg with the name you want and so you know that this file will always be a compressed. I do not know, it's an idea.

  4.   Giskard said

    One question, since the pair of keys is not used but a keyword (a password), wouldn't it be easier to create a RAR with a password and that's it?

    1.    KZKG ^ Gaara said

      In the script (LINK!) that I published here a few days ago what I did was that, compress in .RAR with password, but ... since GPG is much more secure and reliable, that's why I decided to use it instead of .RAR 🙂

  5.   Pirate, pirate said

    Now, this type of thing is fine to send the encrypted files to another person but remember that before encrypting a file it is found to be encrypted somewhere and even if we delete it, it would only be enough to use a data recovery utility to get hold of it. .

    I recommend the use of partitions encrypted with LUKS + LVM, it is the safest I have seen: Either you know the password or you don't enter and it does not affect the performance of the computer.

    On the other hand, when deleting sensitive files I usually use the "srm" command. Although it is slow, it works very well.

    1.    KZKG ^ Gaara said

      Yes, I had thought about the possibility that the data could be recovered once deleted ... mmm I don't know SRM, I'll keep an eye on it to see how

      The business of using LVM and such ... damn, for the personal purpose of this, that is, for what I'm making my own "security system", there I think it would be overdoing it LOL !!.

      Thank you for your comment, I really do 😉

      1.    hackan said

        If you are interested in the subject, I understand that Ubuntu 12.10 has an option to make it simple when installing. With older versions, it is done using the alternate.
        But if you are interested in doing it 'by hand', visit my website that I wrote a tutorial about it a while ago ...


        1.    KZKG ^ Gaara said

          I did not understand this comment LOL!
          Make what simple when installing?

  6.   templix said

    You better use:

    $ gpg -o my.gpg -c my-keys.txt

    This way you will not leave the password in the history:


    Or at least delete the command from history:

    $ history -d number

    1.    Traveler said

      That is very true, a small detail to always keep in mind.

  7.   Inlior said

    If there is a way to recover the extent by compressing them and redirecting through pipes to gpg. Let's look at a script.

    tar –create "$ @" | gzip | gpg –default-recipient-self –no-tty –symmetric –encrypt –bzip2-compress-level 3 –passphrase «` zenity –entry –hide-text –text «Type the opening password» `»> «` basename% f | sed 's / \. [[: alpha:]] * $ //' `` .gpg »

    to decipher it
    gpg –no-tty –decrypt –passphrase «` zenity –entry –hide-text –text «Type the opening password» `» –output «` basename% f .gpg`.tar.gz »« $ @ »

  8.   Vctrstns said


    Looking for information about GPG, I have found this entry that has been perfect for me, but I have a question, to see if you can give me a cable.

    The question is that if I want to use gpg I have to have created the public and private keys, right?
    Likewise, I am using a bash that is executed from a cron with another user and I want to take advantage of the keys created with my user from this cron. I have tried the following "gpg –local-user myUser" but it doesn't work for me.

    I am what I want to do, it can be done, or I am looking for something else.

    Thank you