GPG is an awesome open-source cryptographic library. One of it’s uses is data encryption. Most of us use file-hosting services like Dropbox, and some of us keep confident stuff in there like passwords, 2FA recovery keys, or CC info. I won’t argue that this is a bad idea, since it’s pretty convenient, but only if the files are properly protected.
The example below uses a folder, and since
gpg can be used on a single file only, we archive the folder, and pass it to
gpg. For decryption, it goes in reverse order, decrypt then extract. If you want to encrypt a single file, just remove the
tar -cz 2FA/ | gpg --cipher-algo AES256 --s2k-digest-algo SHA512 --compression-algo BZIP2 -co encrypted_fileDecryption:
gpg -d encrypted_file | tar -zx
Explanation of options:
--symmetric (-c)to encrypt a file with a passphrase. Symmetric here means the same passphrase is used for both encryption and decryption.
--output (-o)to specify the output file.
--compression-algoto specify the compression algorithm for the output file.
--cipher-algoto specify the symmetric cipher algorithm used to actually encrypt the message.
--s2k-digest-algoto specify the digest algorithm used for hashing passphrases in various operations (e.g., the symmetric passphrase specified when using
--decrypt (-d)to decrypt an encrypted file
To get a list of supported algorithms, use