GPG (GNU Privacy Guard)

Last modified: 2023-06-27


GPG is a free-software replacement for Symantec's PGP cryptographic software suite.


1. Crack Passphrase from Private Key

  • gpg2john

    First of all, you need to format the private key to make the John to recognize it.

    gpg2john private.key > key.txt
    gpg2john private_key.asc > key.txt
    gpg2john private_key.sig > key.txt

    Crack the passphrase using the formatted text.

    john --wordlist=wordlist.txt key.txt
  • custom script

    If you cannot crack the passphrase using gpg2john for some reasons (error, etc), you can use the script as alternative.

    ./ example.gpg passwords.txt

2. Import the Private Key

gpg --import private.key
gpg --import private_key.asc
gpg --import private_key.sig

To list the imported keys,

gpg --list-keys
gpg --list-secret-keys

3. Decrypt GPG (PGP) using the Passphrase

At that time, you'll be asked for the passphrase, so enter the passphrase you gotten in the previous section.

# -d: decrypt
gpg -d example.gpg
gpg -d example.pgp

Decrypt ASC File

We can decrypt .asc file by importing private key.

gpg --import private.key
gpg --decrypt example.asc


We can encrypt a message using a PGP public key.

1. Import a Public Key

If we have already a public key, we can import it by the following command.

gpg --import public_key.asc

To list public keys, run the following command.

# -k / --list-keys / --list-signatures
gpg -k

2. Encrypt a Message

If the public key was added, we can encrypt a message using it.

# -e: Encrypt
# -r: Recipient name
gpg -e -r "recipient name" example.txt

# -c: Encrypt only with symmetric cipher
gpg -c example.txt

# --cipher-algo: Encryption type
gpg --cipher-algo AES-256 -c example.txt

After that, hello.txt.gpg will be generated.


To sign a message with GPG, of course we need to GPG keys.
We can generate a public/secret key by running the command below.

gpg --gen-key

# Output
Real name: test
Email address:

To display the contents of the public key, run the following command.

# -a: Ascii armored output
# --export: Export keys
# <key_name>: Optional. If you want to specify the key, specify the name.
gpg -a --export <key_name>

# Output the public key file
gpg -a -o public.key --export

After that, we can sign a message using the public key. At this time, we’re asked for a passphrase, so we need to enter it.

echo 'hello' | gpg --clear-sign

Delete Keys

First off, we can list existing keys as below.

# List public keys
gpg --list-keys
# List secret keys
gpg --list-secret-keys

To delete specific key, run the following commands.

# Delete a public key
gpg --delete-key <key_id>
# e.g.
gpg --delete-key D6BA9423021A0839CCC6F3C8C61D429110B625D4

# Delete a secret key
gpg --delete-secret-key <key_id>
# e.g.
gpg --delete-secret-key D6BA9423021A0839CCC6F3C8C61D429110B625D4