Decrypt

Verify Your Primary "Certify" Key Is Available

For advanced users who deleted their "certify" capability secret key, you need to restore it back for key creations. You can verify it by using the following command:

$ gpg --list-secret-keys

Example:

$ gpg --list-secret-keys

...

---------------------------

sec   rsa4096 2020-01-10 [C]

      AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EF

uid           [ultimate] "Shotgun" John, Smith (Main ID) <john.smith@email.com>

You want to observe the key with [C] capability and the sec label does not have a hash ("sec#"). If it does, you need to restore the key by loading the backup copy and use the following command to restore it:

$ gpg --import /path/to/you/key.asc

Perform Decryption

With the secret keys in place Proceed to decrypt your secret box (message). To do this, use --output <path/to/output.file> -decrypt <path/to/file> arguments. The full command is:

$ gpg --output <path/to/output.file> --decrypt <path/to/encrypted.file>

You may be prompted to input passphrase, whether the encryption was done using public key or symmetric passphrase. Keep a keen eye whether it is asking for your master key passphrase or the payload symmetric passphrase. Don't input your passphrase blindly.

An example would be:

# check current directory

$ ls

object.txt  object.txt.asc

# decrypt encrypted payload

$ gpg --output output --decrypt object.txt.asc

gpg: encrypted with 4096-bit RSA key, ID 5BC0273C015198A1, created 2018-09-23

      "(Holloway) Chew, Kean Ho (Personal) <hollowaykeanho@gmail.com>"

# check current directory. Output file appeared.

$ ls

object.txt  object.txt.asc  output

# read the decrypted file.

$ cat output 

This is my message

# check the original file

$ cat object.txt

This is my message

# check both file differences. Should be empty

$ diff output object.txt

$

That's all about decryption GnuPG.