HOW TO: Encrypt Using PGP Command Line
search cancel

HOW TO: Encrypt Using PGP Command Line

book

Article ID: 153178

calendar_today

Updated On:

Products

PGP Command Line PGP Encryption Suite PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption

Issue/Introduction

PGP software allows the encryption of files and folders.  In most cases, PGP Encryption Desktop will allow you to encrypt individual files and folders on an as-needed basis.

If you need to automate encryption into your scripting, or your automated application, PGP Command Line is an appropriate solution.  This article describes how to use PGP Command Line to encrypt files. 


Important TIP: PGP Command Line integrates with a secure PGP Encryption Server to store and manager keys centrally on the PGP server.  This allows for seamless encryption without the need to store keys locally, which is better for convenience if you have multiple installations of PGP Command Line (Shared central location for keys), but also provides better security, because PGP Keypairs are not available on the servers where PGP Command Line is installed.  Starting with PGP Command Line 11, the PGP Encryption Server is now included with PGP Command Line for this integration. 

For information on how to encrypt with PGP Command Line using Symantec Encryption Management Server (AKA KMS) as well as a spreadsheet with all the useful PGP Command Line commands, see the following article: 

159237 - Using PGP Command Line with Symantec Encryption Management Server (PGP Server)

 

Resolution


The file you intend to encrypt may be located in the current directory you have changed to in the command prompt, or you may specify the directory together with the file you want to encrypt. The file to be encrypted will be referred to in this document as (input). You will also need to specify a recipient, which will be referred to in this document as (user). Additional modifications can be used when encrypting a file, and these will be referred to as (options) in this document.

 

 

Note: PGP Command Line, by default, does not encrypt to the default key. If you want to encrypt to yourself, you will need to specify your key as a recipient.

 

 

 

Encrypt the File 

1. Open a command prompt.

2. From the command prompt, enter:

pgp --encrypt (input) --recipient (user)

3. Press Enter.

PGP Command Line will respond as follows: 0x12345678:encrypt(input).txt:encrypt {output file (input).pgp} Please review the following examples: Example 1 The following example will show you how to encrypt a file to a specified user.

1. From the command prompt, type:

pgp --encrypt "Joe's file.txt" --recipient "PGP Joe"

2. Press Enter.

Example 2 The following example will show you how to encrypt a file located in a different directory, to a specified user.

1. From the command prompt, type:

pgp --encrypt "C:\Documents and Settings\PGP_Joe\Desktop\Joe's file.txt" --recipient "PGP Joe"

2. Press Enter.

Example 3 The following example will show you how to encrypt a file to a specified user, changing the name of the encrypted file using the (options) feature.

1. From the command prompt, type:

pgp --encrypt "Joe's file.txt" --recipient "PGP Joe" --output "Joe's test file.txt"

2. Press Enter.

 

 

 

Encryption Options 

There are several options available for encrypting. These options are:

 

 

 

 

  • --output Lets you specify a different filename for the encrypted file.
  • --sign Lets you sign the encrypted file.
  • --armor Armors the output file. File extension is changed to .asc.
  • --comment Lets you specify a comment for armored data.
  • --text Forces the (input) to canonical text mode. Do not use this option with binary files. Automatic detection of file type is not supported.
  • --compress (--compression-algorithm is not valid).
  • --eyes-only Prevents the decrypted output from being saved to disk;the decrypted output can only be displayed on-screen.
  • --encrypt-to-self Lets you encrypt to the default key.
  • --archive Lets you combine multiple files into a single .pgp file.
  • --overwrite Lets you specify what to do if a file of the same name as the output filename already exists in the current directory.
  • --input-cleanup Lets you specify what to do with (input) files when the operation is done. The default is off (leave them alone).
  • --temp-cleanup Lets you specify how to handle temporary files. The default is to wipe them.
  • --verbose (-v) Shows verbose results information.
  • --debug (-d) Shows debugging information.

 

 

Encryption Options Examples 

The following are examples of how to use the options above:

  • pgp --encrypt file.txt --recipient miller

    Encrypts a file, which will be called file.txt.pgp, to recipient "miller".
  • pgp -e file.txt -r miller

    Does the same as above, but using the short forms of the encrypt and the recipient commands.
  • pgp -er miller file.txt

    Combines multiple command short forms. "miller" must come after the "r" because it is a required argument to --recipient.
  • pgp -er miller file.txt --output encrypted-file.txt.pgp

    Redirects the output file to filename "encrypted-file.txt.pgp" without the quotes.
  • pgp -er (user) *.txt --output file1.pgp

    With archive mode (archive mode means you are using --archive as part of the command) enabled, all text files in the current directory are archived in a single file, "file1.pgp". If archive mode were disabled (you did not use --archive), this command would generate an error message.
  • pgp -er dir\test1.txt

    With archive mode enabled, directory information is retained. With archive mode disabled, directory information is lost; the decrypted file will go to .\test1.txt; the encrypted file will be dir\test1.txt.pgp.=

  • Encrypt to multiple recipients where keys are on the local keyring:

    pgp --encrypt report.txt README.rtf -r "Bill Brown" -r "Mary Smith" -r "Bob Smith"

    Use wildcards to specify the files to encrypt:
    pgp -er "Bob Smith" *.doc

    Encrypt multiple files into an archive:
    pgp -er "Bob Smith" *.doc --output archive.pgp --archive

    The following is important to know when using --encrypt:
     
    • Directories can be in the input list only if the archive option is enabled;otherwise, they are skipped. Directory information is preserved on decryption.
    • If the compress option is enabled, the preferred compression algorithm of the recipient is used. If there is more than one recipient, the most compatible algorithm is used.
    • You cannot specify a one time compression algorithm or a one time cipher algorithm with --encrypt.
    • When encrypting, the preferred cipher algorithm of the recipient is used. If there is more than one recipient, the most compatible algorithm is used.

 

For further guidance, reach out to Symantec Encryption Support

 

 

Additional Information

Powered by Wolken Software