GnuPG: how to encrypt / decrypt files using a specific key?

In short, my question is: How do I get GnuPG to use the private / public key when encrypting / decrypting files?


Some explanation / long story

I have an application that needs to encrypt files before sending them to S3.

Users can download their files using their browsers from my site, in which case I must first decrypt the files before serving them.

Client side ( delphi 2010 ): I will probably prefer OpenPGPBlackbox

On the server side (PHP 5), I need to figure out how to encrypt / decrypt files using non-interactive commands.

I installed GnuPG on my server, tried this code:

clear_file='/full/path/my-file.zip' encrypted_file='/full/path/my-file.zip.pgp' # Encrypt file /usr/bin/gpg2 --encrypt "$clear_file" # Decrypt file /usr/bin/gpg2 --decrypt "$encrypted_file" 

But it seems that I can not indicate on the command line which keys to use.

Each user will have their own public / private key, so I will need to specify which key to use to encrypt / decrypt the file in question.

My question is: How do I get GnuPG to use the private / public key when encrypting / decrypting files?

+6
source share
1 answer

Possible options:

 --default-key $name$ Use $name$ as the default key to sign with. If this option is not used, the default key is the first key found in the secret keyring. Note that -u or --local-user overrides this option. --local-user $name$ -u Use $name$ as the key to sign with. Note that this option overrides --default-key. 

or perhaps:

 --recipient $name$ -r Encrypt for user id $name$. If this option or --hidden-recipient is not specified, GnuPG asks for the user-id unless --default-recipient is given. --default-recipient $name$ Use $name$ as default recipient if option --recipient is not used and don't ask if this is a valid one. $name$ must be non-empty. 

They can be used to indicate who the intended recipient is, for example. which public key is used for signing / encryption. When decrypting files, GnuPG automatically selects the correct key if it exists in the current keyword, which can be selected with the --keyring option if there are several. GnuPG can also be configured to receive the necessary keys from the key server, if available.

You may also be interested in the --batch option, which ensures that no interactive questions are asked during the exception.

I suggest you read the GnuPG man page. There are many options that may be useful now.

+7
source

Source: https://habr.com/ru/post/919496/


All Articles