HOW TO: Encrypt Using PGP Command Line
book
Article ID: 153178
calendar_today
Updated On:
Products
PGP Command Line PGP Encryption Suite PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption
Issue/Introduction
PGP software allows the encryption of files and folders. In most cases, PGP Encryption Desktop will allow you to encrypt individual files and folders on an as-needed basis.
If you need to automate encryption into your scripting, or your automated application, PGP Command Line is an appropriate solution. This article describes how to use PGP Command Line to encrypt files.
Important TIP: PGP Command Line integrates with a secure PGP Encryption Server to store and manager keys centrally on the PGP server. This allows for seamless encryption without the need to store keys locally, which is better for convenience if you have multiple installations of PGP Command Line (Shared central location for keys), but also provides better security, because PGP Keypairs are not available on the servers where PGP Command Line is installed. Starting with PGP Command Line 11, the PGP Encryption Server is now included with PGP Command Line for this integration.
For information on how to encrypt with PGP Command Line using Symantec Encryption Management Server (AKA KMS) as well as a spreadsheet with all the useful PGP Command Line commands, see the following article:
159237 - Using PGP Command Line with Symantec Encryption Management Server (PGP Server)
Resolution
The file you intend to encrypt may be located in the current directory you have changed to in the command prompt, or you may specify the directory together with the file you want to encrypt. The file to be encrypted will be referred to in this document as (input). You will also need to specify a recipient, which will be referred to in this document as (user). Additional modifications can be used when encrypting a file, and these will be referred to as (options) in this document.
Note: PGP Command Line, by default, does not encrypt to the default key. If you want to encrypt to yourself, you will need to specify your key as a recipient.
Encrypt the File
1. Open a command prompt.
2. From the command prompt, enter:
pgp --encrypt (input) --recipient (user)
3. Press Enter.
PGP Command Line will respond as follows: 0x12345678:encrypt(input).txt:encrypt {output file (input).pgp} Please review the following examples: Example 1 The following example will show you how to encrypt a file to a specified user.
1. From the command prompt, type:
pgp --encrypt "Joe's file.txt" --recipient "PGP Joe"
2. Press Enter.
Example 2 The following example will show you how to encrypt a file located in a different directory, to a specified user.
1. From the command prompt, type:
pgp --encrypt "C:\Documents and Settings\PGP_Joe\Desktop\Joe's file.txt" --recipient "PGP Joe"
2. Press Enter.
Example 3 The following example will show you how to encrypt a file to a specified user, changing the name of the encrypted file using the (options) feature.
1. From the command prompt, type:
pgp --encrypt "Joe's file.txt" --recipient "PGP Joe" --output "Joe's test file.txt"
2. Press Enter.
Encryption Options
There are several options available for encrypting. These options are:
- --output Lets you specify a different filename for the encrypted file.
- --sign Lets you sign the encrypted file.
- --armor Armors the output file. File extension is changed to .asc.
- --comment Lets you specify a comment for armored data.
- --text Forces the (input) to canonical text mode. Do not use this option with binary files. Automatic detection of file type is not supported.
- --compress (--compression-algorithm is not valid).
- --eyes-only Prevents the decrypted output from being saved to disk;the decrypted output can only be displayed on-screen.
- --encrypt-to-self Lets you encrypt to the default key.
- --archive Lets you combine multiple files into a single .pgp file.
- --overwrite Lets you specify what to do if a file of the same name as the output filename already exists in the current directory.
- --input-cleanup Lets you specify what to do with (input) files when the operation is done. The default is off (leave them alone).
- --temp-cleanup Lets you specify how to handle temporary files. The default is to wipe them.
- --verbose (-v) Shows verbose results information.
- --debug (-d) Shows debugging information.
Encryption Options Examples
The following are examples of how to use the options above:
- pgp --encrypt file.txt --recipient miller
Encrypts a file, which will be called file.txt.pgp, to recipient "miller".
- pgp -e file.txt -r miller
Does the same as above, but using the short forms of the encrypt and the recipient commands.
- pgp -er miller file.txt
Combines multiple command short forms. "miller" must come after the "r" because it is a required argument to --recipient.
- pgp -er miller file.txt --output encrypted-file.txt.pgp
Redirects the output file to filename "encrypted-file.txt.pgp" without the quotes.
- pgp -er (user) *.txt --output file1.pgp
With archive mode (archive mode means you are using --archive as part of the command) enabled, all text files in the current directory are archived in a single file, "file1.pgp". If archive mode were disabled (you did not use --archive), this command would generate an error message.
- pgp -er dir\test1.txt
With archive mode enabled, directory information is retained. With archive mode disabled, directory information is lost; the decrypted file will go to .\test1.txt; the encrypted file will be dir\test1.txt.pgp.=
Encrypt to multiple recipients where keys are on the local keyring:
pgp --encrypt report.txt README.rtf -r "Bill Brown" -r "Mary
Smith" -r "Bob Smith"
Use wildcards to specify the files to encrypt:
pgp -er "Bob Smith" *.doc
Encrypt multiple files into an archive:
The following is important to know when using --encrypt:pgp -er "Bob Smith" *.doc --output archive.pgp --archive
- Directories can be in the input list only if the archive option is enabled;otherwise, they are skipped. Directory information is preserved on decryption.
- If the compress option is enabled, the preferred compression algorithm of the recipient is used. If there is more than one recipient, the most compatible algorithm is used.
- You cannot specify a one time compression algorithm or a one time cipher algorithm with --encrypt.
- When encrypting, the preferred cipher algorithm of the recipient is used. If there is more than one recipient, the most compatible algorithm is used.
For further guidance, reach out to Symantec Encryption Support.
Additional Information
178739 - HOW TO: Encrypt Files and Folders with PGP Encryption Desktop for Windows (Symantec Encryption Desktop)
180097 - HOW TO: Encrypt Files and Folders with PGP Encryption Desktop for macOS (Symantec Encryption Desktop)
153178 - HOW TO: Encrypt Using PGP Command Line
Feedback
thumb_up Yes
thumb_down No