HOW TO: Encrypt Using PGP Command Line

Article:TECH148897  |  Created: 2006-03-14  |  Updated: 2011-02-06  |  Article URL http://www.symantec.com/docs/TECH148897
Article Type
Technical Solution


Issue




This article describes how to use PGP Command Line to encrypt files. This pertains to PGP Command Line 8.x running on Windows NT4/2000/XP, Linux, and Solaris platforms.


Solution




The file you intend to encrypt may be located in the current directory you have changed to in the command prompt, or you may specify the directory together with the file you want to encrypt. The file to be encrypted will be referred to in this document as (input). You will also need to specify a recipient, which will be referred to in this document as (user). Additional modifications can be used when encrypting a file, and these will be referred to as (options) in this document.

Note: PGP Command Line, by default, does not encrypt to the default key. If you want to encrypt to yourself, you will need to specify your key as a recipient.

Encrypt the File 

1. Open a command prompt.

2. From the command prompt, enter:

pgp --encrypt (input) --recipient (user)

3. Press Enter.

PGP Command Line will respond as follows: 0x12345678:encrypt(input).txt:encrypt {output file (input).pgp} Please review the following examples: Example 1 The following example will show you how to encrypt a file to a specified user.

1. From the command prompt, type:

pgp --encrypt "Joe's file.txt" --recipient "PGP Joe"

2. Press Enter.

Example 2 The following example will show you how to encrypt a file located in a different directory, to a specified user.

1. From the command prompt, type:

pgp --encrypt "C:\Documents and Settings\PGP_Joe\Desktop\Joe's file.txt" --recipient "PGP Joe"

2. Press Enter.

Example 3 The following example will show you how to encrypt a file to a specified user, changing the name of the encrypted file using the (options) feature.

1. From the command prompt, type:

pgp --encrypt "Joe's file.txt" --recipient "PGP Joe" --output "Joe's test file.txt"

2. Press Enter.

Encryption Options 

There are several options available for encrypting. These options are:

  • --output Lets you specify a different filename for the encrypted file.
  • --sign Lets you sign the encrypted file.
  • --armor Armors the output file. File extension is changed to .asc.
  • --comment Lets you specify a comment for armored data.
  • --text Forces the (input) to canonical text mode. Do not use this option with binary files. Automatic detection of file type is not supported.
  • --compress (--compression-algorithm is not valid).
  • --eyes-only Prevents the decrypted output from being saved to disk;the decrypted output can only be displayed on-screen.
  • --encrypt-to-self Lets you encrypt to the default key.
  • --archive Lets you combine multiple files into a single .pgp file.
  • --overwrite Lets you specify what to do if a file of the same name as the output filename already exists in the current directory.
  • --input-cleanup Lets you specify what to do with (input) files when the operation is done. The default is off (leave them alone).
  • --temp-cleanup Lets you specify how to handle temporary files. The default is to wipe them.
  • --verbose (-v) Shows verbose results information.
  • --debug (-d) Shows debugging information.

Encryption Options Examples 

The following are examples of how to use the options above:
  • pgp --encrypt file.txt --recipient miller

    Encrypts a file, which will be called file.txt.pgp, to recipient "miller".
  • pgp -e file.txt -r miller

    Does the same as above, but using the short forms of the encrypt and the recipient commands.
  • pgp -er miller file.txt

    Combines multiple command short forms. "miller" must come after the "r" because it is a required argument to --recipient.
  • pgp -er miller file.txt --output encrypted-file.txt.pgp

    Redirects the output file to filename "encrypted-file.txt.pgp" without the quotes.
  • pgp -er (user) *.txt --output file1.pgp

    With archive mode (archive mode means you are using --archive as part of the command) enabled, all text files in the current directory are archived in a single file, "file1.pgp". If archive mode were disabled (you did not use --archive), this command would generate an error message.
  • pgp -er dir\test1.txt

    With archive mode enabled, directory information is retained. With archive mode disabled, directory information is lost; the decrypted file will go to .\test1.txt; the encrypted file will be dir\test1.txt.pgp.

    The following is important to know when using --encrypt:

    • Directories can be in the input list only if the archive option is enabled;otherwise, they are skipped. Directory information is preserved on decryption.
    • If the compress option is enabled, the preferred compression algorithm of the recipient is used. If there is more than one recipient, the most compatible algorithm is used.
    • You cannot specify a one time compression algorithm or a one time cipher algorithm with --encrypt.
    • When encrypting, the preferred cipher algorithm of the recipient is used. If there is more than one recipient, the most compatible algorithm is used.


Legacy ID



391


Article URL http://www.symantec.com/docs/TECH148897


Terms of use for this information are found in Legal Notices