In the previous post Part 1 we saw how to encrypt and decrypt files, directories, messages with GPG. In this article we’ll see how to customize our encryption.

Choosing What Cipher to Use

Default cipher is CAST5. I recommend using the cipher AES256, which uses a 256-bit Advanced Encryption Standard (AES) key to encrypt the data. Detailed information on AES can be found at the National Institute of Standards and Technology (NIST)’s Computer Security Resource Center (CSRC).

You can set your cipher in one of the following ways:

  • Permanent way : Add --cipher-algo AES256 to your ~/.gnupg/gpg.conf file
  • Temporary way : Add flag --cipher-algo with value AES256` in the command line

Different Key

By default gpg uses the first key —created first, in the keyring. You can pass a different key by passing --default-key flag.

$ gpg --default-key 0xGPGKEYID --output plain.txt.gpg --symmetric plain.txt

Sign

I advice you to sign the data while encrypting, so you can validate the identity of the sender and to ensure the data is actually being sent by the indicated user.

Add --sign flag to gpg command:

$ gpg --default-key 0xGPGKEYID --sign --output plain.txt.gpg --symmetric plain.txt

After the decryption you will see and be able to check the details of the key and the sender.

$ gpg -d plain.txt.gpg

gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
gpg: Signature made Wed 31 Aug 2022 06:40:57 PM +03
gpg:                using RSA key CB9EC70F2421AF067D72F98082876A15311B1F84
gpg: Good signature from "User (alias) <[email protected]>" [ultimate]
Primary key fingerprint: CB9E C70F 2421 AF06 7D72  F980 8287 6A15 311B 1F84

This all for this post of the series.

All done!