Oct 09, 2023
There is a lot you can do with your GPG and PGP keys. There are a lot of similarities and slight differences, but the same still applies where you generate a key pair consisting of a private and public keys. There are plenty of resources on how to properly create your gpg/pgp keys so I'll leave that to the experts.
This is the simplest of encryption with GPG. We encrypt a file with GPG and a standard level of encryption with a password generated by the user. This encrypted file can be shared and the passphrase used, with the need to exchange public keys with the recipient or end user.
$Password = "MyS3cretPhr@se"
gpg --batch --passphrase $Password -c testfile.pdfThis will create a file next to our testfile.pdf as testfile.pdf.gpg. Now to decrypt the file, the simple way is to run GPG against the file, you will then be asked for the passphrase that was used to encrypt the file.
# short way where gpg interprets the commands you want to do
gpg testfile.pdf.gpg
# long way specifying the options
gpg --batch --passphrase $Password -o testfile.pdf -d testfile.pdf.gpgAdding a passphrase to a file and encrypting is a simple way to add encryption. What is nice about GPG is the ability to specify a recipient of the message. This entails you importing the recipients GPG public key to your system, then you encrypt the file with your private key, and then you can share the file. Encrypting this way allows only the recipient to decrypt the message or file with your public key.
In the example, I will encrypt a file for myself using my GPG key. That way if the file gets shared, stolen, or lost, the only way it is recoverable is by me.
$email = "me@claytonerrington.com"
gpg --encrypt --sign --armor -r $email testfile.pdfHere we want to encrypt the file and sign it and export an armored binary file, and thus we get a testfile.pdf.asc.
To decrypt our file, we can run the following
# short way, call gpg and the encrypted file
gpg testfile.pdf.asc
# long way using the right CLI commands
gpg -o sample4.md -d .\sample.md.ascWhen encrypting and decrypting with your GPG key, you will be asked to provide your passphrase for the GPG key specifically.
This is great for a one file at a time process, but when you need to bulk encrypt a folder of files, we can make that happen as well. This example will use your GPG key to encrypt just that one folder of files. If you want to recursively encrypt files, add the -Recurse to the Get-ChildItem command.
# Encrypt with gpg key
$email = "me@claytonerrington.com"
$files = Get-ChildItem "D:\Temp"
$files | ForEach-Object{
Write-Host $_.FullName
gpg --encrypt --sign --armor -r $email $_.FullName
}I'll leave it to you to modify your email recipient for encrypting files. Also, if you'd like to automate the deletion of the original file only leaving the encrypted version behind. Take what we've done to encrypt the files to then decrypt the files in mass as well.
Word of caution as well, that if you loose your GPG passphrase or the passphrase used for normal encryption, the GPG protocol does not have a way to get your passphrase back and you might be out of luck with encrypted files.
You can also specify multiple recipients you just need to add another --recipient or -r for short to the command line. Either of the recipients will be able to decrypt the files.
I am not a GPG, OpenPGP, or encryption expert. All items discussed are examples of how I've been able to experiment with GPG and files, and use anything at your own risk.
Reply via email
If there are webmentions, they will show below.