Encrypt & Decrypt (Using GPG To Encrypt And Sign Your Data Part III)

After the creation of the private and public keys GPG allows the encryption, decryption and signing.

Encrypt: To encrypt a file, GPG use the public key and the only way to decrypt is using the private key.

In the image below the file encrypted.file is the input to the gpg command, the option -a creates a readable ASCII output, "god@spam.com" is the userid associated to the public key, and the option --encrypt speaks for itself.

The encrypted content resides in the file encrypted.file.asc, without the -a option GPG will generate a file with a binary content called encrypted.file.gpg


Decrypt: To decrypt, a file GPG use the private key.

In the image below the file encrypted.file.asc is the input to the gpg command, the option --output creates a new file called plain.file with decrypted content, "god@spam.com" is the userid associated to the private key, and the option --decrypt speaks for itself.  GPG will ask for passphrase of the private key unless that the option --passphrase XXX is present in the options of the gpg --decrypt command.

The encrypted content resides in the file encrypted.file.asc, without the -a option GPG will generate a file with a binary content called encrypted.file.gpg


Sign In Clear Text: GPG can sign in cleartext.  For the signing purposes it's mandatory to use the private key.

In the image below the file encrypted.file is the input to the gpg command, the option --clearsign perform a new file with the message in plain text and the signature in ASCII.

If the content of the message it's different from "This is a encrypted message" (corrupted.file.asc) the verification of the signature will fail as shown in the next image:

But if the message is "This is a encrypted message" (encrypted.file.asc) the verification will be OK.

Sign & Encrypt: GPG can sign & encrypt a file  For the signing purposes it's mandatory to use the private key.

In the image below the file encrypted.file is the input to the gpg command, the option --sign perform a new file signed and encrypted in a single GPG message:

The content in the file encrypted.file.asc is valid to check the signature and to decrypt the original message with the private key.