Creating a key-pair:
gpg --gen-key OR gpg --full-generate-key
Backing up the secret/private key:
gpg --list-secret-keys gpg --export-secret-keys -a '[email protected]' > priv.asc
List the keys present in the system, export from the machine that contains the key, and import in the machine that will use the key to encrypt the files:
gpg --list-keys gpg --export -a '[email protected]' > pub.asc gpg --import pub.asc
NOTE: the argument -a defines the output type to asc, if not provided the key will have a binary format.
Replace the email with the correct recipient email associated with the key.
List the keys to confirm it was imported correctly and edit the key:
gpg --list-keys gpg --edit-key 9DC8C540E9FF1344
Replace the ‘9DC8C540E9FF1344‘ with the identification you find.
It is important to trust the key so if you use a script to automate encrypt backup files, for example, it will not prompt confirmation question:
gpg> trust gpg> quit
Answer 5 and confirm.
Then you are able to encrypt files using the imported and trusted key:
gpg -a -r "[email protected]" --yes --encrypt FILE.TXT OR cat FILE.TXT | gpg -r "[email protected]" --yes --encrypt - > FILE.TXT.GPG
Later the file can be decrypted using the following command:
gpg --decrypt FILE.TXT.asc > FILE.TXT
See also this tool for encrypting and decrypting files using GnuPG using Nautilus File Browser:
sudo apt install seahorse-nautilus