Wednesday, August 29, 2012

Simple Password Encrypted Files w/ GnuPG

If you are sending files or documents with sensitive information (eg. database credentials), you probably don't want to send it without making sure it is encrypted. In Linux and OSX, I use a tool called GnuPG to add password protection to files I want to share with other people. This is, by no means, the best way to send sensitive information to someone else, but it does provide a small layer of protection against an unintended recipient opening and reading the contents.

Install GnuPG

For Ubuntu, fire up a terminal and run:
sudo apt-get install gpg
For OSX, install Homebrew and run:
brew install gpg

Encrypting Files

To encrypt a sensitive file, navigate to the directory of the file and run:
gpg -c sensitive.txt
Enter passphrase: 
Repeat passphrase: 
If all is well, GnuPG will create an encrypted file named sensitive.txt.gpg. If someone tries to open and read the contents, they will get nothing but gibberish!

Decrypting Files

To decrypt a file, navigate to the directory of the file and run:
gpg sensitive.txt.gpg
gpg: CAST5 encrypted data
Enter passphrase: 
Now, enter the passphrase set for the file during encryption. Voila! The file is now decrypted as sensitive.txt.

Note: You may get the following: gpg: WARNING: message was not integrity protected, but it doesn't affect the result.


  1. remember to remove the original file with "srm" instead of a normal "rm", that will make sure the sensitive data is destroyed from the hard drive making it virtually impossible to recover in case of compromise..

  2. If you don't have srm installed, do a sudo apt-get install secure-delete (in Debian)

  3. Interesting blog. It would be great if you can provide more details about it. Thanks you.