Commands using gpg (38)

  • According to the gpg(1) manual: --gen-random 0|1|2 count Emit count random bytes of the given quality level 0, 1 or 2. If count is not given or zero, an endless sequence of random bytes will be emitted. If used with --armor the output will be base64 encoded. PLEASE, don't use this command unless you know what you are doing; it may remove precious entropy from the system! If your entropy pool is critical for various operations on your system, then using this command is not recommended to generate a secure password. With that said, regenerating entropy is as simple as: du -s / This is a quick way to generate a strong, base64 encoded, secure password of arbitrary length, using your entropy pool (example above shows a 30-character long password). Show Sample Output

    gpg --gen-random --armor 1 30
    atoponce · 2011-07-20 15:32:49 6
  • You can choose these mirror servers to get gpg keys, if the official one ever goes offline #(replace with your country code fr, en, de,etc)

    sudo apt-get update 2> /tmp/keymissing; for key in $(grep "NO_PUBKEY" /tmp/keymissing |sed "s/.*NO_PUBKEY //"); do echo -e "\nProcessing key: $key"; gpg --keyserver --recv $key && gpg --export --armor $key |sudo apt-key add -; done
    Bonster · 2011-03-30 08:18:54 6
  • (Please see sample output for usage) Use any script name (the read command gets it) and it will be encrypted with the extension .crypt, i.e.: myscript --> myscript.crypt You can execute myscript.crypt only if you know the password. If you die, your script dies with you. If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string). Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to ), but not enough space to do it on a one liner. Sorry for the chmod on parentheses, I dont like "-" at the end. Thanks flatcap for the subshell abbreviation to /dev/null Show Sample Output

    read -p 'Script: ' S && C=$S.crypt H='eval "$((dd if=$0 bs=1 skip=//|gpg -d)2>/dev/null)"; exit;' && gpg -c<$S|cat >$C <(echo $H|sed s://:$(echo "$H"|wc -c):) - <(chmod +x $C)
    rodolfoap · 2013-03-10 08:59:45 11
  • gpg command to decrypt a previously encrypted file on the command line. Can be optionally made into an alias: alias decrypt='gpg --output foo.txt --decrypt foo.txt.pgp'

    gpg --output foo.txt --decrypt foo.txt.pgp
    mariusz · 2009-02-16 19:56:19 7
  • (Please see sample output for usage) script.bash is your script, which will be crypted to script.bash --> You can execute only if you know the password. If you die, your script dies with you. If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string). Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to ), but not enough space to do it on a one liner. Show Sample Output

    echo "eval \"\$(dd if=\$0 bs=1 skip=XX 2>/dev/null|gpg -d 2>/dev/null)\"; exit" >; sed -i s:XX:$(stat -c%s; gpg -c < script.bash >>; chmod +x
    rodolfoap · 2013-03-09 11:16:48 9
  • The coolest way I've found to backup a wordpress mysql database using encryption, and using local variables created directly from the wp-config.php file so that you don't have to type them- which would allow someone sniffing your terminal or viewing your shell history to see your info. I use a variation of this for my servers that have hundreds of wordpress installs and databases by using a find command for the wp-config.php file and passing that through xargs to my function. Show Sample Output

    eval $(sed -n "s/^d[^D]*DB_\([NUPH]\)[ASO].*',[^']*'\([^']*\)'.*/_\1='\2'/p" wp-config.php) && mysqldump --opt --add-drop-table -u$_U -p$_P -h$_H $_N | gpg -er AskApache >`date +%m%d%y-%H%M.$_N.sqls`
    AskApache · 2009-08-18 07:03:08 6
  • This will encrypt your single file and create a filename.gpg file. Option: * -c : Encrypt with symmetric cipher To decrypt dhinesh@ubuntu:~$ gpg -c sample.rb.gpg Show Sample Output

    gpg -c <filename>
    Dhinesh · 2011-11-21 06:26:59 5
  • gpg command to encrypt a file on the command line.

    gpg --encrypt --recipient 'Foo Bar' foo.txt
    mariusz · 2009-02-16 19:58:13 5
  • A very simple command to send a signed and encrypted message from the command line using GPG Keys

    echo "SECRET MESSAGE" | gpg -e --armor -s | sendmail USER@DOMAIN.COM
    flip387 · 2009-09-04 20:47:12 6
  • Acquires a bit-by-bit data image, gzip-compresses it on multiple cores (pigz) and encrypts the data for multiple recipients (gpg -e -r). It finally sends it off to a remote machine.

    dd if=/dev/sdb | pigz | gpg -r <recipient1> -r <recipient2> -e --homedir /home/to/.gnupg | nc remote_machine 6969
    brainstorm · 2010-12-31 19:24:37 6
  • get my GPG-key from, key id is 19886493. Show Sample Output

    gpg --keyserver --recv-key 19886493
    liupeng · 2009-02-06 02:24:28 12
  • Adjust the head -c part for password length. I use filenames like "" and a vim which automatically decrypts files with .gpg suffixes.

    tr -dc "a-zA-Z0-9-_\$\?" < /dev/urandom | head -c 10 | gpg -e -r > password.gpg
    hans · 2009-02-25 08:48:26 4
  • imports a public key from the web. I know this by head.. but useful nevertheless Show Sample Output

    curl -s | gpg --import
    wires · 2009-06-18 11:26:03 6
  • This command will nicely dump a filesystem to STDOUT, compress it, encrypt it with the gpg key of your choice, throttle the the data stream to 60kb/s and finally use ssh to copy the contents to an image on a remote machine. Show Sample Output

    nice -n19 dump -0af - /<filesystem> -z9|gpg -e -r <gpg key id>|cstream -v 1 -t 60k|ssh <user@host> "cat > backup.img"
    din7 · 2009-10-29 18:27:25 4
  • Create a encrypted tar.gz file from a directory on the fly. The encryption is done by GPG with a public key. The resulting filename is tagged with the date of creation. Very usefull for encrypted snapshots of folders.

    tar -cvz /<path>/ | gpg --encrypt --recipient <keyID> > /<backup-path>/backup_`date +%d_%m_%Y`.tar.gz.gpg
    kaiserkailua · 2011-02-23 14:19:08 29
  • create simple encrypted notes to yourself using a passphrase on Show Sample Output

    function cpaste () { gpg -o - -a -c $1 | curl -s -F 'sprunge=<-' } function dpaste () { curl -s $1 | gpg -o - -d }
    gml · 2011-02-26 11:22:08 2

  • 1
    for x in *.pgp do `cat /file_with_the_passphrase.dat|(gpg --batch --no-tty --yes --passphrase-fd=0 --decrypt `basename $x`; ) > 'dump_content.dat'` done;
    insan3 · 2009-02-15 03:09:28 8

  • 1
    gpg --search-keys
    linuxswords · 2009-08-30 13:52:29 2
  • Change directory (cd) to the directory where all your encrypted files are placed, and then run the command - then you are asked to insert your secret gpg password - ubuntu 8.04

    gpg --allow-multiple-messages --decrypt-files *
    bkn390 · 2009-09-20 11:50:41 42
  • I like man pages, and I like using `less(1)` as my pager. However, most GNU software keeps the manual in the 'GNU Texinfo' format, and I'm not a fan of the info(1) interface. Just give me less. This command will print out the info(1) pages, using the familiar interface of less! Show Sample Output

    info gpg |less
    StefanLasiewski · 2010-07-01 23:44:15 5
  • For instance, if people have signed your key, this will fetch the signers' keys.

    gpg --list-sigs | sed -rn '/User ID not found/s/^sig.+([a-FA-F0-9]{8}).*/\1/p' | xargs -i_ gpg --keyserver-options no-auto-key-retrieve --recv-keys _
    lingo · 2011-07-22 16:31:25 4
  • Replace KEY with GPG key. This command will load GPG key and add it to your system so you can use software from third party repos etc. Show Sample Output

    x=KEY; gpg --keyserver --recv $x; gpg --export --armor $x | sudo apt-key add -
    sxiii · 2013-11-26 10:49:32 6
  • Cleans apt-get and gpg cache and keys

    sudo gpg --refresh-keys; sudo apt-key update; sudo rm -rf /var/lib/apt/{lists,lists.old}; sudo mkdir -p /var/lib/apt/lists/partial; sudo apt-get clean all; sudo apt-get update
    lpalgarvio · 2015-02-02 18:00:20 17
  • Make sure the file contents can't be retrieved if anyone gets ahold of your physical hard drive. With hard drive partition: gpg --default-recipient-self -o /path/to/encrypted_backup.gpg -e /dev/sdb1 && shred -z /dev/sdb1 WARNING/disclaimer: Be sure you... F&%k it--just don't try this.

    gpg -e --default-recipient-self <SENSITIVE_FILE> && shred -zu "$_"
    h3xx · 2011-07-24 05:51:47 2

  • 0
    gpg -c file.txt
    kev · 2011-09-17 04:53:03 2
  •  1 2 > 

What's this? is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

encode HTML entities
Encodes HTML entities from input (file or stdin) so it's possible to directly past the result to a blog or HTML source file.

One command line web server on port 80 using nc (netcat)
Very simple web server listening on port 80 will serve index.html file or whatever file you like pointing your browser at http://your-IP-address/index.html for example. If your web server is down for maintenance and you'd like to inform your visitors about it, quickly and easily, you just have to put into the index.html file the right HTML code and you are done! Of course you need to be root to run the command using port 80.

List your MACs address
List all MAC addresses on a Linux box. sort -u is useful when having virtual interfaces.

Get and read log from remote host (works with log on pipe, too)

DELETE all those duplicate files but one based on md5 hash comparision in the current directory tree
This one-liner will the *delete* without any further confirmation all 100% duplicates but one based on their md5 hash in the current directory tree (i.e including files in its subdirectories). Good for cleaning up collections of mp3 files or pictures of your dog|cat|kids|wife being present in gazillion incarnations on hd. md5sum can be substituted with sha1sum without problems. The actual filename is not taken into account-just the hash is used. Whatever sort thinks is the first filename is kept. It is assumed that the filename does not contain 0x00. As per the good suggestion in the first comment, this one does a hard link instead: $ find . -xdev -type f -print0 | xargs -0 md5sum | sort | perl -ne 'chomp; $ph=$h; ($h,$f)=split(/\s+/,$_,2); if ($h ne $ph) { $k = $f; } else { unlink($f); link($k, $f); }'

Convert CSV to JSON
Replace 'csv_file.csv' with your filename.

Alternative size (human readable) of files and directories (biggest last)

Convert every eps in a directory to pdf
Converts every *.eps file to a *.pdf file

A signal trap that logs when your script was killed and what other processes were running at that time
trap is the bash builtin that allows you to execute commands when the current script receives a particular signal. Uses $0 for the script name, $$ for the script PID, tee to output to STDOUT as well as a log file and ps to log other running processes.

Rename .JPG to .jpg recursively
Recursively rename .JPG to .jpg using standard find and mv. It's generally better to use a standard tool if doing so is not much more difficult.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.


Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: