Several months ago I wrote a series on DIY email encryption. One of the steps in this process was installing Gnu Privacy Guard (GPG). This is the free, open-source program that actually manages the cryptographic functions of encrypting your emails. Fortunately, if you have GPG installed, you also have a powerful tool for encrypting files locally. Windows GPG file encryption is really simple to use and provides really strong protection for your data-at-rest.
Encrypting with Windows GPG File Encryption
There are mulitple ways to encrypt a file with GPG, including using your private key. This post is going to focus on the simplest and easiest method: symmetric key encryption.
Step 1: Install GPG. The first step (if you don’t already have it) is to download and install GPG. If you run Linux you probably already have it built-in. If you use Windows, grab GPG4Win from https://www.gpg4win.org/.
Step 2: Open Terminal. GPG doesn’t come with a front-end. This means there is not graphical user interface (GUI). All functions are run from the Terminal. Again, if you are on Linux you are alreadly familiar with using Terminal. Open the Windows start menu and type “Run”. Open the first result. From the Run menu type “cmd” and press Enter. This will open a Terminal windows.
Step 3: Encrypt. Once the Terminal is open, enter the following command (NOTE: the file pathway in italics is my example. Replace this with the file that you wish to encrypt):
- gpg -c C:\Users\admin\Dekstop\example file.pdf
Entering the file pathway can be simplified through the following procedure:
- Type “gpg -c “,
- The drag the file you want encrypted onto the Terminal window. The file pathway will automatically populate.
Next, press Enter. You will be prompted to enter a password twice. When you have entered the password, an encrypted copy of the file will be placed in the same folder as the original.
Decrypting With Windows GPG File Encryption
To decrypt a file protected by GPG, open the Terminal. Input the following command (again, the italicized text is my filename:
- gpg -o C:\Users\admin\Dekstop\example file.pdf -d C:\Users\admin\Dekstop\example file.pdf
It appears as though the filename is listed twice but it does not. Notice that the first instance lacks the .gpg suffix. You are telling GPG where to put the decrypted file and what to name it (the “-o” stands for “output”).
If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.