Encrypt Using PGP Command Line (2024)

PGP software allows the encryption of files and folders. In most cases, PGP Encryption Desktop will allow you to encrypt individual files and folders on an as-needed basis.

If you need to automate encryption into your scripting, or your automated application, PGP Command Line is an appropriate solution. This article describes how to use PGP Command Line to encrypt files.

Important TIP: PGP Command Line integrates with a secure PGP Encryption Server to store and manager keys centrally on the PGP server. This allows for seamless encryption without the need to store keys locally, which is better for convenience if you have multiple installations of PGP Command Line (Shared central location for keys), but also provides better security, because PGP Keypairs are not available on the servers where PGP Command Line is installed. Starting with PGP Command Line 11, the PGP Encryption Server is now included with PGP Command Line for this integration.

For information on how to encrypt with PGP Command Line using Symantec Encryption Management Server (AKA KMS) as well as a spreadsheet with all the useful PGP Command Line commands, see the following article:

159237 - Using PGP Command Line with Symantec Encryption Management Server (PGP Server)

The file you intend to encrypt may be located in the current directory you have changed to in the command prompt, or you may specify the directory together with the file you want to encrypt. The file to be encrypted will be referred to in this document as (input). You will also need to specify a recipient, which will be referred to in this document as (user). Additional modifications can be used when encrypting a file, and these will be referred to as (options) in this document.

Note: PGP Command Line, by default, does not encrypt to the default key. If you want to encrypt to yourself, you will need to specify your key as a recipient.

Encrypt the File

Encryption Options

There are several options available for encrypting. These options are:

• --output Lets you specify a different filename for the encrypted file.
• --sign Lets you sign the encrypted file.
• --armor Armors the output file. File extension is changed to .asc.
• --comment Lets you specify a comment for armored data.
• --text Forces the (input) to canonical text mode. Do not use this option with binary files. Automatic detection of file type is not supported.
• --compress (--compression-algorithm is not valid).
• --eyes-only Prevents the decrypted output from being saved to disk;the decrypted output can only be displayed on-screen.
• --encrypt-to-self Lets you encrypt to the default key.
• --archive Lets you combine multiple files into a single .pgp file.
• --overwrite Lets you specify what to do if a file of the same name as the output filename already exists in the current directory.
• --input-cleanup Lets you specify what to do with (input) files when the operation is done. The default is off (leave them alone).
• --temp-cleanup Lets you specify how to handle temporary files. The default is to wipe them.
• --verbose (-v) Shows verbose results information.
• --debug (-d) Shows debugging information.

Encryption Options Examples

The following are examples of how to use the options above:

• pgp --encrypt file.txt --recipient miller

  Encrypts a file, which will be called file.txt.pgp, to recipient "miller".

• pgp -e file.txt -r miller

  Does the same as above, but using the short forms of the encrypt and the recipient commands.

• pgp -er miller file.txt

  Combines multiple command short forms. "miller" must come after the "r" because it is a required argument to --recipient.

• pgp -er miller file.txt --output encrypted-file.txt.pgp

  Redirects the output file to filename "encrypted-file.txt.pgp" without the quotes.

• pgp -er (user) *.txt --output file1.pgp

  With archive mode (archive mode means you are using --archive as part of the command) enabled, all text files in the current directory are archived in a single file, "file1.pgp". If archive mode were disabled (you did not use --archive), this command would generate an error message.

• pgp -er dir\test1.txt

  With archive mode enabled, directory information is retained. With archive mode disabled, directory information is lost; the decrypted file will go to .\test1.txt; the encrypted file will be dir\test1.txt.pgp.=

• Encrypt to multiple recipients where keys are on the local keyring:

  pgp --encrypt report.txt README.rtf -r "Bill Brown" -r "Mary Smith" -r "Bob Smith"

  Use wildcards to specify the files to encrypt:
  pgp -er "Bob Smith" *.doc

  Encrypt multiple files into an archive:
  pgp -er "Bob Smith" *.doc --output archive.pgp --archive

  The following is important to know when using --encrypt:
  
  • Directories can be in the input list only if the archive option is enabled;otherwise, they are skipped. Directory information is preserved on decryption.
  • If the compress option is enabled, the preferred compression algorithm of the recipient is used. If there is more than one recipient, the most compatible algorithm is used.
  • You cannot specify a one time compression algorithm or a one time cipher algorithm with --encrypt.
  • When encrypting, the preferred cipher algorithm of the recipient is used. If there is more than one recipient, the most compatible algorithm is used.

For further guidance, reach out to Symantec Encryption Support.

178739 - HOW TO: Encrypt Files and Folders with PGP Encryption Desktop for Windows (Symantec Encryption Desktop)

180097 - HOW TO: Encrypt Files and Folders with PGP Encryption Desktop for macOS (Symantec Encryption Desktop)

153178 - HOW TO: Encrypt Using PGP Command Line

thumb_up Yes

thumb_down No