HOW TO: Encrypt Using PGP Command Line
search cancel

HOW TO: Encrypt Using PGP Command Line

book

Article ID: 153178

calendar_today

Updated On:

Products

PGP Command Line

Issue/Introduction


This article describes how to use PGP Command Line to encrypt files. This pertains to PGP Command Line 8.x running on Windows NT4/2000/XP, Linux, and Solaris platforms.
 

Important TIP: For information on how to encrypt with PGP Command Line using Symantec Encryption Management Server (AKA KMS) as well as a spreadsheet with all the useful PGP Command Line commands, see the following article: 

159237 - Using PGP Command Line with Symantec Encryption Management Server (PGP Server)

This is very useful if you do not want to host your keyrings locally, or have several installations of PGP Command Line and want to have access to keys in a more secure fashion.

Resolution


The file you intend to encrypt may be located in the current directory you have changed to in the command prompt, or you may specify the directory together with the file you want to encrypt. The file to be encrypted will be referred to in this document as (input). You will also need to specify a recipient, which will be referred to in this document as (user). Additional modifications can be used when encrypting a file, and these will be referred to as (options) in this document.

 

 

Note: PGP Command Line, by default, does not encrypt to the default key. If you want to encrypt to yourself, you will need to specify your key as a recipient.

 

 

 

Encrypt the File 

1. Open a command prompt.

2. From the command prompt, enter:

pgp --encrypt (input) --recipient (user)

3. Press Enter.

PGP Command Line will respond as follows: 0x12345678:encrypt(input).txt:encrypt {output file (input).pgp} Please review the following examples: Example 1 The following example will show you how to encrypt a file to a specified user.

1. From the command prompt, type:

pgp --encrypt "Joe's file.txt" --recipient "PGP Joe"

2. Press Enter.

Example 2 The following example will show you how to encrypt a file located in a different directory, to a specified user.

1. From the command prompt, type:

pgp --encrypt "C:\Documents and Settings\PGP_Joe\Desktop\Joe's file.txt" --recipient "PGP Joe"

2. Press Enter.

Example 3 The following example will show you how to encrypt a file to a specified user, changing the name of the encrypted file using the (options) feature.

1. From the command prompt, type:

pgp --encrypt "Joe's file.txt" --recipient "PGP Joe" --output "Joe's test file.txt"

2. Press Enter.

 

 

 

Encryption Options 

There are several options available for encrypting. These options are:

 

 

 

 

  • --output Lets you specify a different filename for the encrypted file.
  • --sign Lets you sign the encrypted file.
  • --armor Armors the output file. File extension is changed to .asc.
  • --comment Lets you specify a comment for armored data.
  • --text Forces the (input) to canonical text mode. Do not use this option with binary files. Automatic detection of file type is not supported.
  • --compress (--compression-algorithm is not valid).
  • --eyes-only Prevents the decrypted output from being saved to disk;the decrypted output can only be displayed on-screen.
  • --encrypt-to-self Lets you encrypt to the default key.
  • --archive Lets you combine multiple files into a single .pgp file.
  • --overwrite Lets you specify what to do if a file of the same name as the output filename already exists in the current directory.
  • --input-cleanup Lets you specify what to do with (input) files when the operation is done. The default is off (leave them alone).
  • --temp-cleanup Lets you specify how to handle temporary files. The default is to wipe them.
  • --verbose (-v) Shows verbose results information.
  • --debug (-d) Shows debugging information.

 

 

Encryption Options Examples 

The following are examples of how to use the options above:

  • pgp --encrypt file.txt --recipient miller

    Encrypts a file, which will be called file.txt.pgp, to recipient "miller".
  • pgp -e file.txt -r miller

    Does the same as above, but using the short forms of the encrypt and the recipient commands.
  • pgp -er miller file.txt

    Combines multiple command short forms. "miller" must come after the "r" because it is a required argument to --recipient.
  • pgp -er miller file.txt --output encrypted-file.txt.pgp

    Redirects the output file to filename "encrypted-file.txt.pgp" without the quotes.
  • pgp -er (user) *.txt --output file1.pgp

    With archive mode (archive mode means you are using --archive as part of the command) enabled, all text files in the current directory are archived in a single file, "file1.pgp". If archive mode were disabled (you did not use --archive), this command would generate an error message.
  • pgp -er dir\test1.txt

    With archive mode enabled, directory information is retained. With archive mode disabled, directory information is lost; the decrypted file will go to .\test1.txt; the encrypted file will be dir\test1.txt.pgp.=
  • Encrypt to multiple recipients where keys are on the local keyring:

    pgp --encrypt report.txt README.rtf -r "Bill Brown" -r "Mary Smith" -r "Bob Smith"

    Use wildcards to specify the files to encrypt:
    pgp -er "Bob Smith" *.doc

    Encrypt multiple files into an archive:
    pgp -er "Bob Smith" *.doc --output archive.pgp --archive

    The following is important to know when using --encrypt:
     
    • Directories can be in the input list only if the archive option is enabled;otherwise, they are skipped. Directory information is preserved on decryption.
    • If the compress option is enabled, the preferred compression algorithm of the recipient is used. If there is more than one recipient, the most compatible algorithm is used.
    • You cannot specify a one time compression algorithm or a one time cipher algorithm with --encrypt.
    • When encrypting, the preferred cipher algorithm of the recipient is used. If there is more than one recipient, the most compatible algorithm is used.