GPG is an awesome open-source cryptographic library. One of it’s uses is data encryption. Most of us use file-hosting services like Dropbox, and some of us keep confident stuff in there like passwords, 2FA recovery keys, or CC info. I won’t argue that this is a bad idea, since it’s pretty convenient, but only if the files are properly protected.
The example below uses a folder, and since gpg can be used on a single file only, we archive the folder, and pass it to gpg. For decryption, it goes in reverse order, decrypt then extract. If you want to encrypt a single file, just remove the tar pipes.
Encryption:
tar -cz 2FA/ | gpg --s2k-mode 3 --s2k-count 65011712 --s2k-digest-algo SHA512 --s2k-cipher-algo AES256 --compression-algo BZIP2 -co encrypted_fileDecryption:
gpg -d encrypted_file | tar -zx
Explanation of options:
- Use
--symmetric (-c)to encrypt a file with a passphrase. Symmetric here means the same passphrase is used for both encryption and decryption. - Use
--output (-o)to specify the output file. - Use
--compression-algoto specify the compression algorithm for the output file. - Use
--s2k-cipher-algoto specify the symmetric cipher algorithm used to actually encrypt the message. - Use
--s2k-digest-algoto specify the digest algorithm used for hashing passphrases in various operations (e.g., the symmetric passphrase specified when using-c). - Use
--s2k-modeto choose how the passphrases for symmetric encryption are mangled. - Use
--s2k-countto specify how many times the passphrases mangling for symmetric encryption is repeated. - Use
--decrypt (-d)to decrypt an encrypted file.
To get a list of supported algorithms, use gpg --version.