{"id":22808650,"url":"https://github.com/sixarm/gpg-encrypt","last_synced_at":"2025-04-22T13:10:38.372Z","repository":{"id":55447684,"uuid":"55658230","full_name":"SixArm/gpg-encrypt","owner":"SixArm","description":"Use GPG to encrypt a file using our best settings","archived":false,"fork":false,"pushed_at":"2025-04-14T08:44:17.000Z","size":74,"stargazers_count":68,"open_issues_count":2,"forks_count":14,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-14T09:44:56.598Z","etag":null,"topics":["encryption","gpg","script","shell","unix"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SixArm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-04-07T02:49:02.000Z","updated_at":"2025-04-14T08:44:20.000Z","dependencies_parsed_at":"2024-12-12T11:11:14.413Z","dependency_job_id":"400ba6e1-2cb0-4e61-8cfa-3806941a7460","html_url":"https://github.com/SixArm/gpg-encrypt","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SixArm%2Fgpg-encrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SixArm%2Fgpg-encrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SixArm%2Fgpg-encrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SixArm%2Fgpg-encrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SixArm","download_url":"https://codeload.github.com/SixArm/gpg-encrypt/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250246727,"owners_count":21398919,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encryption","gpg","script","shell","unix"],"created_at":"2024-12-12T11:11:06.404Z","updated_at":"2025-04-22T13:10:38.330Z","avatar_url":"https://github.com/SixArm.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gpg-encrypt:\u003cbr\u003eencrypt a file using our best settings\n\n\u003cimg src=\"README.png\" alt=\"GnuPG\" width=\"450\" height=\"153\"/\u003e\n\nSyntax:\n\n    gpg-encrypt \u003cfile\u003e\n\nExample:\n\n    $ gpg-encrypt example.txt\n\nOutput is a new encrypted file:\n\n    example.txt.gpg\n\nTo decrypt the file:\n\n    gpg -d example.txt.gpg\n\n\n## Settings\n\n  * Symmetric encryption, i.e. we use the same password for encryption and decryption.\n    We choose this because our users can understand symmetric more easily than asymmetic.\n\n  * Encryption using the aes256 cipher algorithm.\n    We choose this because it's a good balance of strong, fast, and portable.\n\n  * Digesting using the sha256 digest algorithm.\n    We choose this because it's a good balance of strong, fast, and portable.\n\n  * No compression, because typically our files are small or already compressed.\n    We choose this to maximize portability, PGP compatibility, and speed.\n\n  * Explicit settings, rather than depending on defaults.\n\n  * Suitable for GPG v2; backwards-compatible with GPG v1 when possible.\n\nTo get our settings, we use these gpg options:\n\n  * `--symmetric`:                   Encrypt with symmetric cipher only This command asks for a passphrase.\n\n  * `--cipher-algo aes256`:          Use AES256 as the cipher algorithm\n\n  * `--digest-algo sha256`:          Use SHA256 as the digest algorithm.\n\n  * `--cert-digest-algo sha256`:     Use SHA256 as the message digest algorithm used when signing a key.\n\n  * `--compress-algo none -z 0`:     Do not compress the file.\n\n  * `--s2k-mode 3`:                  Use passphrase mangling iteration mode.\n\n  * `--s2k-digest-algo sha256`:      Use SHA256 as the passphrase iteration algorithm.\n\n  * `--s2k-count 65011712`:          Use the maximum number of passphrase iterations.\n\n  * `--force-mdc`:                   Use modification detection code.\n\n  * `--quiet`:                       Try to be as quiet as possible.\n\n  * `--no-greeting`:                 Suppress the initial copyright message but do not enter batch mode.\n\n  * `--pinentry-mode=loopback`       Use the terminal for PIN entry.\n\n\n## More examples\n\nTo encrypt a file:\n\n    $ gpg-encrypt foo\n\nTo encrypt a file to a specific output file name:\n\n    $ gpg-encrypt foo --output goo.gpg\n\nTo encrypt a directory:\n\n    $ tar --create foo | gpg-encrypt --output foo.tar.gpg\n\nTo encrypt a file then delete it:\n\n    $ gpg-encrypt foo \u0026\u0026 rm foo\n\nTo encrypt a directory then delete it:\n\n    $ tar -c foo | gpg-encrypt --output foo.tar.gpg \u0026\u0026 rm -rf foo\n\n\n## Advice\n\nWe tend to use these naming conventions:\n\n  * GPG file name extension `.gpg`.\n\n  * tar file extension `.tar`.\n\nWe tend to skip compression:\n\n  * We tend to use `gpg` without using compression.\n\n  * We tend to use `tar` without using compression.\n\n\n## Troubleshooting\n\n### TTY\n\nIf you get error messages like this:\n\n    gpg: Inappropriate ioctl for device\n    gpg: problem with the agent: Inappropriate ioctl for device\n    gpg: error creating passphrase: Operation cancelled\n    gpg: symmetric encryption of `[stdin]' failed: Operation cancelled\n\nThen try this:\n\n    $ export GPG_TTY=$(tty)\n\n\n### Restart\n\nIf you get error message like this:\n\n    gpg: WARNING: server 'gpg-agent' is older than us (2.2.6 \u003c 2.2.7)\n    gpg: Note: Outdated servers may lack important security fixes.\n    gpg: Note: Use the command \"gpgconf --kill all\" to restart them.\n    gpg: signal Interrupt caught ... exiting\n\nThen try this:\n\n    $ gpgconf --kill all\n\n\n## See also\n \nThese commands are similar:\n \n  * [`gpg-encrypt`](https://github.com/SixArm/gpg-encrypt): \n    use GPG to encrypt a file using our best settings.\n   \n  * [`gpg-decrypt`](https://github.com/SixArm/gpg-decrypt): \n    use GPG to decrypt a file using our best settings.\n\n  * [`openssl-encrypt`](https://github.com/SixArm/openssl-encrypt): \n    use OpenSLL to encrypt a file using our best settings.\n   \n  * [`openssl-decrypt`](https://github.com/SixArm/openssl-decrypt): \n    use OpenSSL to decrypt a file using our best settings.\n \n\n## Command\n\nThe command is:\n\n    gpg \\\n    --symmetric \\\n    --cipher-algo aes256 \\\n    --digest-algo sha256 \\\n    --cert-digest-algo sha256 \\\n    --compress-algo none -z 0 \\\n    --s2k-mode 3 \\\n    --s2k-digest-algo sha256 \\\n    --s2k-count 65011712 \\\n    --force-mdc \\\n    --quiet --no-greeting \\\n    --pinentry-mode=loopback \\\n    \"$@\"\n\n\n## Older versions\n\nIf you use GPG v1, and you want to skip the GPG user agent, then you may want to add this option:\n\n    --no-use-agent\n\n\n## Alternatives\n\nHere's an alternative to wrapping GPG, using .gnupg/gpg.conf:\n\n    personal-cipher-preferences AES256 AES\n    personal-digest-preferences SHA256 SHA512\n    personal-compress-preferences Uncompressed\n    default-preference-list SHA256 SHA512 AES256 AES Uncompressed\n\n    cert-digest-algo SHA256\n\n    s2k-cipher-algo AES256\n    s2k-digest-algo SHA256\n    s2k-mode 3\n    s2k-count 65011712\n\n    disable-cipher-algo 3DES\n    weak-digest SHA1\n    force-mdc\n\nNote that these options impact compatibility with other GPG/PGP clients.\n\nCredit: User twr [here](https://news.ycombinator.com/item?id=13382734)\n\n## FAQ\n\nQ. What is this getting you that a simple 'gpg -c' isn't?\n\nA. These options are good for GPG v1 a.k.a. GPGP classic. GPG v1 has stranger defaults than GPG v2. The default ciphers are CAST5, (very slow) compression is on by default, hashes are RIPEMD. The defaults are a bit obscure and very slow: something like two dozen MB/s encryption/decryption speed, on a machine that can do AEAD at 2.5-4 GB/s (AES-GCM or Chapoly). A large part of that is the compression (zlib-ish I think), though. Credit: users accqq and throwawayish [here](https://news.ycombinator.com/item?id=13382734)\n\n\n## Thanks\n\nThanks for all the comments on [Hacker News](https://news.ycombinator.com/item?id=13382734), with special thanks to users [vesinisa](https://news.ycombinator.com/user?id=vesinisa), [twr](https://news.ycombinator.com/user?id=twr), [tptacek](https://news.ycombinator.com/user?id=tptacek), [txtutu](https://news.ycombinator.com/user?id=txutxu), [acqq](https://news.ycombinator.com/user?id=acqq), [throwawayish](https://news.ycombinator.com/user?id=throwawayish), [RMarcus](https://news.ycombinator.com/user?id=RMarcus)\n\n\n## Tracking\n\n  * Command: gpg-encrypt\n  * Website: https://sixarm.com/gpg-encrypt\n  * Cloning: https://github.com/sixarm/gpg-encrypt\n  * Version: 4.0.0\n  * Created: 2010-05-20\n  * Updated: 2018-11-01\n  * License: GPL\n  * Contact: Joel Parker Henderson (joel@joelparkerhenderson.com)\n  * Tracker: 064750fa2efe1ca54b518a2ba8b4c34e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsixarm%2Fgpg-encrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsixarm%2Fgpg-encrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsixarm%2Fgpg-encrypt/lists"}