Basics of GNUPG

Get gpg

sudo apt install gnupg
brew install gnupg

Generating PGP keys

gpg --full-gen-key

Listing keys

gpg -k
# or
gpg --list-key
gpg --list-secret-keys

Export public key

gpg --export -a -o pub.asc

Export private key

gpg --export-secret-keys -a -o priv.asc

Import public key

gpg --import someones_public_key.asc

gpg: key DB171D028FE3E194: public key "Murtaza Udaipurwala <>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Encrypt a message

Encrypting a super secret message for

gpg --encrypt --recipient '' secret.txt
# or
gpg -e -r '' secret.txt

This encrypts secret.txt using receiver’s public key.

gpg --decrypt secret.txt.gpg
# or
gpg -d secret.txt.gpg

Receiver uses his/her private key to decrypt the message.


When a message is signed,

In order to make sure the encrypted message (here, secret.txt.gpg) is coming from certain individual, the encrypted message is signed with the sender’s private key (yes private key and not public key). Now anybody in the world can verify who the sender of this message is, provided they know the sender’s public key.

At sender’s end,

gpg --sign secret.txt.gpg
# or
gpg -s secret.txt.gpg

At receiver’s end,

# verifying signature
gpg --verify secret.txt.gpg.gpg

# decrypting using sender's public key
gpg --decrypt secret.txt.gpg.gpg

# decrypting using receiver's private key
gpg --decrypt secret.txt.gpg