Login/Register
How do I encrypt plaintext with GnuPG?
Asked Answered
Solved emailencryptionplaintextgnupg
B

1

40

I've been working a great deal with GnuPG lately and have come to depend on its ability to encrypt files, etc.

However, I am currently working on a couple of projects that involve communication (i.e. chat,email, etc) where I'd like to use existing keys to encrypt/decrypt text itself as opposed to a "container" such as a file or disk image.

I suppose I could encrypt the container, convert the stream to base64 (or something appropriate) then mark the text as such, but I would guess there is a more straightforward solution. I'm sure there is something simple I'm missing, but, well, I'm missing it.

Any ideas?

Benne answered 31/3, 2011 at 18:44 Comment(0)
T
46

What about:

$ echo "hello" | gpg --symmetric --armor --passphrase "asdf"
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (Darwin)

jA0EAwMCWfhRZo0AiwVgyRw5Q26Tf+i6OCiQOVoUNJZEfz5ekBJw6BdVpE88
=ecV3
-----END PGP MESSAGE-----

If this is what you're looking for, you'll want to setup gpg-agent to handle the passphrase… Passing it in from the command line like that is fairly insecure (as any program on the machine could steal it).

And if by “existing keys” you mean “existing pub/priv key pairs”, then:

$ echo "hello" | gpg --encrypt --armor -r B230230D
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (Darwin)

hQIMA+Cu7Ed7iNErAQ/8CTkEOOGVub1wEt4+5qnB9gNbVF7TNjWMjw/znKAjFg1j
f0s5xuUoPamvtLXKbs0J6OdpwTZfOkK/MIXxjsz1P4cC01CmoSsdzIkhbqccX7GP
VWRM9P0TxI9005JaxMh9rsoxVP2k/RtK3z2f3didl2SMS45TfhV8MJss5HqeQlVC
KHiCWfbHB7ww68ZIVs/AAx0zVPVld1BwHJcRvFIohBu9GUTrDMYxpOsKNZDVWXb0
154KrNFgnjgueGmh25HYdfJ+gs0Fclsq5XATo2H7gfGnq+DALeWy20ig4o9VOAcj
/KU2HRA/XD13MHRZiyJVTszF1VfvsdANnemI75O+f7z34+P0lQiCCV/Z7xqrd384
9V7Uby8n+9PppD+mpt8wiCjQUfAXmHBptoNw8OwuWUGnw7svCu7wqzgjBTyAxvwL
325/o9O2TTYZvOlpoxGayG3JbKzpHlQDv7RKIwC8W1nr/0q96Hxh+RpZfk0zwGyP
wZOx27AyhLAOJtq6Tfg/ef+Ln6d5BaDWmvF9sC/wKXnjN60X6DSLlMDDIYO01whe
JroyE+R1KMYB7r5y7VUGCoyPcrJj3yQTkYVWuvHSsy3sn7N+iWd/29V/ipFeT5Tb
SKRV/Dj/ypJn07jnsLb2ixqr+UTaARP8el7UTJtYCzxs14xdw4uRvkezKZR08C/S
QQFpMeFcVmxGCQVr5llp24bDjtiIT06VbXqZBiQ+kX9JHUDwYEs1qi+seNAlCG4C
4INLNud/n85iPWrSropiYPPY
=SGgD
-----END PGP MESSAGE-----

In both cases, the message is decrypted using:

$ cat encrypted_message | gpg
gpg: CAST5 encrypted data
Enter passphrase: asdf
gpg: encrypted with 1 passphrase
hello
Thorium answered 31/3, 2011 at 19:4 Comment(10)
Wow. My tunnel vision kept me from considering piping the info to GPG. One thing though: How would you recommend handling this in the case of complex text (e.g. emails,dual byte character sets, etc)?Benne
I'm not sure why the complexity of the text would matter… Just pipe the raw bytes to GPG, no?Thorium
Well, I was concerned about typing something that the command line couldn't properly parse like: echo "¶ƒ" test" of " this" ´•ª∑ƒ¨¥ƒß∂ | gpg -encrypt --armor......However, I can simply save the text to a file, encrypt it using "--armor" then read the result from the file stream.Benne
Well, if you were calling it programatically, you wouldn't use the echo… That's just there as an example. You'd use, eg, popen to run GPG, then write the raw data to the pipe.Thorium
Alternatively, if you just want to use it with email, there are plugins for most popular mailers.Thorium
(if you're asking about using GPG with your mailing software, though, you should really be asking on superuser)Thorium
No, it's for integration with creating an original mail/chat client.Benne
Aaahhh, gotcha. Then, yes — if you want to use the gpg binary (as opposed to using gnupg.org/gpgme.html ), using something like popen then writing to gpg's stdin is the way to go.Thorium
How could one decrypt that message then once again ?Joselyn
Do you have to do anything with gpg-agent to obtain the security benefit you mentioned, or just have it running?Sachi

© 2022 - 2024 — McMap. All rights reserved.