Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

GnuPG: How to encrypt/decrypt files using a certain key?

Tags:

encryption

gnupg

Long story short, my question is: How can I force GnuPG which private/public key to use when encrypting/decrypting files?

Some explanation / Long story

I have an application that must encrypt files before sending them to S3.

Users can download their files using their browsers from my website, in which case I must first decrypt the files before serving them.

Client side (delphi 2010): I'm most likely going to opt for OpenPGPBlackbox

Server side (PHP 5), I need to figure out how to encrypt/decrypt files with non-interactive commands.

I installed GnuPG on my server, tried this code:

clear_file='/full/path/my-file.zip'
encrypted_file='/full/path/my-file.zip.pgp'

# Encrypt file
/usr/bin/gpg2 --encrypt "$clear_file"

# Decrypt file
/usr/bin/gpg2 --decrypt "$encrypted_file"

But it seems that I can't specify, in the commandline, which keys to use.

Each user will have its own public/private key, so I need to be able to specify which key to use to encrypt/decrypt the file in question.

My question is: How can I force GnuPG which private/public key to use when encrypting/decrypting files?

like image 828
TheDude Avatar asked Jul 02 '12 10:07

TheDude

People also ask

How do I decrypt a file using gpg key?

To decrypt a message the option --decrypt is used. You need the private key to which the message was encrypted. Similar to the encryption process, the document to decrypt is input, and the decrypted result is output. blake% gpg --output doc --decrypt doc.

1 Answers

The options you are looking for are:

--default-key $name$
          Use $name$ as the default key to sign with. If this option is not used, the default key is
          the first key found in the secret keyring.  Note that -u or --local-user overrides  this
          option.
--local-user $name$
   -u     Use  $name$  as  the  key  to sign with. Note that this option overrides --default-key.

or possibly:

--recipient $name$
   -r     Encrypt for user id $name$. If this option or --hidden-recipient is not specified, 
          GnuPG asks for the  user-id unless --default-recipient is given.
--default-recipient $name$
          Use  $name$  as default recipient if option --recipient is not used and don't ask if 
          this  is a  valid  one. $name$ must be non-empty.

These can be used to specify who is the intended recipient, e.g. which public key to use for signing/encryption. When decrypting the files GnuPG automatically selects correct key if it exists in the current keyring, which can be selected with --keyring option, if multiple exist. GnuPG can be also configured to fetch necessary keys from a keyserver if they are available there.

You might be also interested in option --batch which makes sure that no interactive questions are asked during excecution.

I suggest you read through the GnuPG man page. There are lot of options that might be useful now and then.

like image 136
Edu Avatar answered Oct 24 '22 05:10

Edu
Sign in to Comment

Related questions

Ensuring Data completeness and validity on third party storage
Encrypt SQLite database without increasing app size?
What is the default file protection on iOS and how to change it
How to encrypt AWS Lambda environment variables using CloudFormation
Client side (javascript) file upload encryption [closed]
How key_derivation and key_verification functions are implemented of a 7-zip archive's encryption mechanism?
JavaScript Encrypt?
Is it possible to encrypt data with AES (256 bit) GCM mode in .net framework 4.7?
Securely encrypting / decrypting appsettings.json on server
Coding strategy for securing sensitive data
Identify GSM encryption algorithm
RSA keys in Perl
WebCrypto string encryption using user-submitted password
Storing secrets and credentials inside of an Android App
How to check whether decrypting was successful?
How can I securly store an AES key in Windows with .Net (C#)?
App Export Compliance using the Dropbox API
Expired SSL Certificate and Encryption
PHP openssl_public_encrypt "key parameter is not a valid key"
Android AES 256-bit Encrypt data

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!