Reputation: 3105
GnuPG: How to encrypt/decrypt files using a certain key?
Long story short, my question is: How can I force GnuPG which private/public key to use when encrypting/decrypting files?
Some explanation / Long story
I have an application that must encrypt files before sending them to S3.
Users can download their files using their browsers from my website, in which case I must first decrypt the files before serving them.
Client side (delphi 2010): I'm most likely going to opt for OpenPGPBlackbox
Server side (PHP 5), I need to figure out how to encrypt/decrypt files with non-interactive commands.
I installed GnuPG on my server, tried this code:
clear_file='/full/path/my-file.zip'
encrypted_file='/full/path/my-file.zip.pgp'
# Encrypt file
/usr/bin/gpg2 --encrypt "$clear_file"
# Decrypt file
/usr/bin/gpg2 --decrypt "$encrypted_file"
But it seems that I can't specify, in the commandline, which keys to use.
Each user will have its own public/private key, so I need to be able to specify which key to use to encrypt/decrypt the file in question.
My question is: How can I force GnuPG which private/public key to use when encrypting/decrypting files?
Upvotes: 12
Views: 34817
Answers (1)
Reputation: 2052
The options you are looking for are:
--default-key $name$
Use $name$ as the default key to sign with. If this option is not used, the default key is
the first key found in the secret keyring. Note that -u or --local-user overrides this
option.
--local-user $name$
-u Use $name$ as the key to sign with. Note that this option overrides --default-key.
or possibly:
--recipient $name$
-r Encrypt for user id $name$. If this option or --hidden-recipient is not specified,
GnuPG asks for the user-id unless --default-recipient is given.
--default-recipient $name$
Use $name$ as default recipient if option --recipient is not used and don't ask if
this is a valid one. $name$ must be non-empty.
These can be used to specify who is the intended recipient, e.g. which public key to use for signing/encryption. When decrypting the files GnuPG automatically selects correct key if it exists in the current keyring, which can be selected with --keyring option, if multiple exist. GnuPG can be also configured to fetch necessary keys from a keyserver if they are available there.
You might be also interested in option --batch which makes sure that no interactive questions are asked during excecution.
I suggest you read through the GnuPG man page. There are lot of options that might be useful now and then.
Upvotes: 11
Related Questions
- How do I encrypt plaintext with GnuPG?
- GnuPG decrypt multiple files
- encryption/decryption with multiple keys
- GnuPG encrypt with private key
- Signing and Encrypting file via GnuPG encryption
- Gnupg - Decrypt file
- how to encrypt a file using private key in gpg
- Decrypt file using GnuPG
- gnupg - need to be able to decrypt, without being able to encrypt
- Decrypting a gpg file with gnupg