GNU Privacy Guard or better known as GPG is public key cryptography implementation and it is free software replacement for the Symantec’s PGP cryptographic.
In this post I will show you how to generate new GPG key pairs and encrypt or/and signature files.

Generate new GPG key pair

At beginning we have to generate public and private key pair using gpg --gen-key. This introductions follow way how I did my GPG keys, but if you would like to know more about every step I recommend go to look at

$ gpg --gen-key
gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?

Select 1 (default) and press Enter.

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)

Default 2048 bits long key enough for me, so I press Enter.

Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)

I use default value 0 (key does not expire).

Key does not expire at all
Is this correct? (y/N)

If you also choose no expire, then press y and Enter.

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <>"

Real name: Niko Kiuru
Email address:
Comment:You selected this USER-ID:
    "Niko Kiuru <>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?

Give your real name, email address and comment section is optional, I left it empty. And when your identify information is inputted, press O.
Now new key pair located in ~/.gnupg/ -directory.

List of keys

When we are created one key in keyring, we can list all our keys to terminal.

$ gpg --list-keys
pub   2048R/AAAAXXXX 2015-10-04
uid                  Niko Kiuru <>
sub   2048R/BBBBXXXX 2015-10-04

Pub section tell us my master key User ID, which are in my option AAAAXXXX.

Encrypt file

We are generate new key pair and we are looking for how it looks like from terminal. Now we will encrypt one file.
First write some text file which we would like to encrypt later.

$ echo "Hello GPG! I would like to encrypt this messages" > hello
$ cat hello
Hello GPG! I would like to encrypt this messages

Okay, now we have a file, and we are wrote some message from there. Next I would like to encrypt and signature that file by my GPG private key. When I encrypt file, I have to specify which is my master key’s User ID. Command gpg --list-keys show all my keys and I selected my key.

$ gpg -r AAAAXXXX -e hello

Encrypted file is named by hello.gpg which are binary format encrypted file. There is only one way to open this file, and it is decrypt file by your private key. Next we decrypt this file.

$ gpg hello.gpg

You need a passphrase to unlock the secret key for
user: "Niko Kiuru <>"
2048-bit RSA key, ID BBBBXXXX, created 2015-10-04 (main key ID AAAAXXXX)

gpg: encrypted with 2048-bit RSA key, ID BBBBXXXX, created 2015-10-04
      "Niko Kiuru <>"
Hello GPG! I would like to encrypt this messages

Print tells that I am signature file by myself, and at the end of print is my encrypted message.

Simple passphrase protected file

If you would like to protect some file in simple, you can also use symmetric protection which are protected via passphrase.
Write some file and encrypt it.

$ echo "Hello GPG! This file will be passphrase protected." > hello
$ gpg -c hello

Now you have to give some passphrase, and then file hello.gpg is the same file but encrypted. In default gpg use CAST5 cipher algorithm for encrypt symmetric files. You can decrypt hello.gpg by command gpg hello.gpg.

$ gpg hello.gpg
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected