There are many reasons to encrypt files \u2014 even on a system that is well maintained and comparatively secure. The files may highly sensitive, contain personal information that you don't want to share with anyone, or be backed up to some variety of online storage where you'd prefer it be extra secure.\nFortunately, commands for\u00a0reliably encrypting files on Linux systems are easy to come by and quite versatile. One of the most popular is gpg.\ngpg vs pgp and OpenPGP\nUsed both to encrypt files in place and prepare them to be sent securely over the Internet, gpg is related to, but not the same as,\u00a0pgp and OpenPGP. While gpg is\u00a0based on the OpenPGP standards established by the IETF, it is \u2014 unlike pgp \u2014 open source. Here's the rundown:\n\nOpenPGP is the IETF-approved standard that defines encryption technology that uses processes that are interoperable with PGP.\npgp is Symantec's proprietary encryption solution.\ngpg adheres to the OpenPGP standard and provides an interface that allows users to easily encrypt their files.\n\n\nUsing gpg for symmetric encryption\nSymmetric encryption means that you use the same key to both encrypt and decrypt a file. To encrypt a file with minimal effort, you could use a command like this:\n$ gpg2 --symmetric myfile\n\nThis command will leave you with two files \u2014 myfile and myfile.gpg. Once you verify that the encrypted version of your original file has been created, you can use the shred command to securely remove the original file in a way that prevents it from being scraped off the disk with some disk recovery tool. During the encryption process, this command will also open up a tool on your desktop to prompt you twice to enter your passphrase. So, you have to be working on the desktop.\nTo do this kind of thing when you're not working on the console, you can avoid having gpg trying to open up a GUI tool to prompt for your passphrase by supplying it on the command. In this case, you might use a command like this:\n$ gpg --pinentry-mode loopback --passphrase 88bottlesOfBeer --symmetric myfile\n$ ls -l myfile.*\n-rw-r--r-- 1 shs shs 48721 Jul 30 19:52 myfile.gpg\n\nNOTE: It's bad practice to store your passphrase in clear text -- even in your command history file, so be careful if you do this.\nUsing public and private keys\nTo use gpg for creating files that you want to share with other people, it's generally best to use private\/public keys. To share a file with a particular person, you encrypt it using their public key. In that case, that person is (presumably) the only one who can decrypt it. If you encrypt a file with your own public key, you\u2019re the only one who can decrypt it.\nTo generate your public and private key set with gpg, you would use a command like this:\n$ gpg --gen-key\n\nNote that this command also requires that you be working on the console (GUI), not through an ssh session. The command is going to require that you produce some activity while your keys are bring generated \u2014 such typing or as moving your mouse cursor around the screen \u2014 to provide random data to the encryption process. It will also ask you to supply some information, such as your full name and the email address to be used for the key.\nTo encrypt a file for a particular recipient, you need to use a command that includes the --recipient argument to specify the recipient's public key.\n$ gpg --encrypt --recipient firstname.lastname@example.org instructions\n$ ls -l instructions.*\n-rw-rw-r-- 1 shs shs 51665 Jul 30 19:34 instructions.gpg\n\nIt's interesting to note that while the private and public keys are linked (generated in a single operation), either key could play either role.\n\nIf you encrypt with the public key, you could decrypt with the private key\nIf you encrypt with the private key, you could decrypt with a public key\n\nConvention dictates, however, that private keys are kept private.\nWe also haven't looked at how public keys are used for authenticating senders.\nOther command options\nThe gpg command offers many other options, as well. For example, if you prefer to use other than the default AES-128 encryption algorithm, you can specify the one you want to use with a command like this:\n$ gpg --cipher-algo AES256 --symmetric myfile\n\nYou can list your keys with this command:\n$ gpg --list-keys\n\nWrap-up\nWhile gpg commands can become quite complicated, the things you're likely to do routinely can be accomplished without a lot of effort.