This section guides you on decrypting GnuPG encrypted payloads. The purpose for decryption is open up the Pandora box of the secrecy only you can see and use.
For advanced users who deleted their "certify" capability secret key, you need to restore it back for key creations. You can verify it by using the following command:
$ gpg --list-secret-keys
Example:
$ gpg --list-secret-keys
...
---------------------------
sec rsa4096 2020-01-10 [C]
AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EF
uid [ultimate] "Shotgun" John, Smith (Main ID) <john.smith@email.com>
You want to observe the key with [C
] capability and the sec
label does not have a hash ("sec#
"). If it does, you need to restore the key by loading the backup copy and use the following command to restore it:
$ gpg --import /path/to/you/key.asc
With the secret keys in place Proceed to decrypt your secret box (message). To do this, use --output <path/to/output.file> -decrypt <path/to/file>
arguments. The full command is:
$ gpg --output <path/to/output.file> --decrypt <path/to/encrypted.file>
You may be prompted to input passphrase, whether the encryption was done using public key or symmetric passphrase. Keep a keen eye whether it is asking for your master key passphrase or the payload symmetric passphrase. Don't input your passphrase blindly.
An example would be:
# check current directory
$ ls
object.txt object.txt.asc
# decrypt encrypted payload
$ gpg --output output --decrypt object.txt.asc
gpg: encrypted with 4096-bit RSA key, ID 5BC0273C015198A1, created 2018-09-23
"(Holloway) Chew, Kean Ho (Personal) <hollowaykeanho@gmail.com>"
# check current directory. Output file appeared.
$ ls
object.txt object.txt.asc output
# read the decrypted file.
$ cat output
This is my message
# check the original file
$ cat object.txt
This is my message
# check both file differences. Should be empty
$ diff output object.txt
$
That's all about decryption GnuPG.