Search code examples
encryptioncommand-linegnupgpgp

How to do what GPGTools's context menu does, but using GPG in the command line?

I use Mac and sometimes I use GPGTools to do the following:

  1. open the TextEdit application and write, let's say, "Hello World" there.
  2. select "Hello World" and control-click the selection, to open a context menu.
  3. in the context menu, select "Services > OpenPGP: Encrypt Selection to New Window" and select the recipients in the dialog box that appears.

Then a new window pops up, showing an encrypted message that looks like this:

-----BEGIN PGP MESSAGE-----

hQEMA0cwf/w1ZfpTAQf/Ze9lwDIlewAHXz2t7UgM/CJGB1E1UCHejJF21nSunztI
yf7LRMxb20VvXa6VbrzgObBrlgHS9noKCmgS9CtdXMf1owjXUbZjmFmXlIfxQnuR
**[...]**
Wuqxb83MWOBVzZ2fXKettmb39NfMBR9zEPICiMd48DBvUlR3l3aaptusjRYr865B
9em2G3bK050Y/rT3Dz6WhqNT9m70ePXefM49sjruUPrQwLi9yS+CcV4dfayBgCQD
iT5be+E=
=jqRq
-----END PGP MESSAGE-----

I would like to be able to do the same thing using the command line. And I would like to know how to do that in a way that is independent of the operating system. The solution should work in Windows and Linux too.

I know that GPGTools is based on GPG (GnuPG) and, therefore, I would assume that it should be possible to achieve what I want using the "gpg" command line tool. I know how to use "gpg" to encrypt, for instance, a "file.txt" file and obtain an encrypted "file.txt.gpg" file, but this encrypted file doesn't contain a "PGP MESSAGE" as shown above.

In summary, my question is: how can I encrypt a text string (not a file) and obtain a "PGP MESSAGE", using the command line?

Solution

  • To encrypt a string via standard input you would do this:

    $ gpg --encrypt --armor --hidden-recipient "[email protected]" --output -

    After executing this command it will appear to hang. Go ahead and type (copy/paste) your string.

    Pasted string goes here.
Hitting enter creates a new line.
Backspace deletes characters.
You get the idea.

    Now press [Enter] to create a new line. Then hit [CTRL+D] (this signals "end-of-file") to terminate the program.

    gpg will then dump your ASCII armored encrypted text directly to the shell:

    -----BEGIN PGP MESSAGE-----

hQEMAwAAAAAAAAAAAQf7BlN7eYqI3lzZS9soEOEXAMPLEIbTkS8mHYMQ68/WXWVw
QRhF5eNjOS3+9VgKU44I/D7pQ53IOTBC/ABPLp9Ykfi9qDNabw6YFob7HGrT9yN9
/zrpAFztREVpgTLfMVdqOIphCx+A9jk/p9D1nRrGkXlCtRpQw9ho/larlQEPyaEx
hK8TOaoELOrIF1D98KEXAMPLEKRLGmGEncR7Vd5DuTXo62Bs3UZYjVYNaboFwZxS
m0+6gLp2JBMc/Gg1/Llk9ufDEci7Vwd+udvPoGPfpbiIGhp2bOnjN03TEbDenu59
219q03bIrQhGmpbuXs7A3lc80v60BTNJpfXVEXAMPLEhAV8P2G4t9en3oIbXl9nH
rpWObJFCCoeWjtZzwammzzVRzMnQjzKyyQUFF8/FfEut/NkKhxfqXWuW2lsvzChC
5OUQjt+dFSGG3NdMFKuoUco+zECH8XgbO9AkC45fJE5Akg==
=6yVB
-----END PGP MESSAGE-----

    Side note:

    If you are using OS X it is also possible to paste text directly from the pasteboard buffer using pbpaste. You can pipe its output into gpg by doing this instead:

    $ pbpaste | gpg --encrypt --armor --hidden-recipient "[email protected]" --output -

    Just be aware that the pasteboard buffer is not cleared automatically. If you copy a secret string there, be sure to copy something else (random irrelevant text) to clear it when you're done. Anyone (an attacker) with access to your account via ssh or other means could, for example, read your plain-text secret without any effort whatsoever.

    To simply clear the pasteboard buffer via the shell, do: echo | pbcopy