Golang encrypt file using GPG openpgp. Use standard go libs.

gpg-encrypt.go

package main

/**
  Example hack to encrypt a file using a GPG encryption key. Works with GPG v2.x.
  The encrypted file e.g. /tmp/data.txt.gpg can then be decrypted using the standard command
  gpg /tmp/data.txt.gpg

  Assumes you have **created** an encryption key and exported armored version. 
  You have to read the armored key directly as Go cannot read pubring.kbx (yet).

  Export your key using command:
    gpg2 --export --armor [KEY ID] > /tmp/pubKey.asc
*/

import (
	"fmt"
	"golang.org/x/crypto/openpgp"
	"golang.org/x/crypto/openpgp/armor"
	"golang.org/x/crypto/openpgp/packet"
	"io"
	"log"
	"os"
)

// change as required
const pubKey = "/tmp/pubKey.asc"
const fileToEnc = "/tmp/data.txt"

func main() {
	log.Println("Public key:", pubKey)

	// Read in public key
	recipient, err := readEntity(pubKey)
	if err != nil {
		fmt.Println(err)
		return
	}

	f, err := os.Open(fileToEnc)
	if err != nil {
		fmt.Println(err)
		return
	}
	defer f.Close()

	dst, err := os.Create(fileToEnc + ".gpg")
	if err != nil {
		fmt.Println(err)
		return
	}
	defer dst.Close()
	encrypt([]*openpgp.Entity{recipient}, nil, f, dst)
}

func encrypt(recip []*openpgp.Entity, signer *openpgp.Entity, r io.Reader, w io.Writer) error {
	wc, err := openpgp.Encrypt(w, recip, signer, &openpgp.FileHints{IsBinary: true}, nil)
	if err != nil {
		return err
	}
	if _, err := io.Copy(wc, r); err != nil {
		return err
	}
	return wc.Close()
}

func readEntity(name string) (*openpgp.Entity, error) {
	f, err := os.Open(name)
	if err != nil {
		return nil, err
	}
	defer f.Close()
	block, err := armor.Decode(f)
	if err != nil {
		return nil, err
	}
	return openpgp.ReadEntity(packet.NewReader(block.Body))
}

Hi, Thank you for your script. I am using your script to do pgp encryption with the signer. But I am getting error as "cannot encrypt message because no encryption key". Thanks

Do you have a GPG key and exported it to /tmp/pubKey.asc? (If your key is in a different location just change the code on line 26)

Use

gpg -k

to list keys or

gpg --gen-key

to generate a new key. Then export the key using

gpg --export -a "uid of your key here" > /tmp/pubKey.asc

Hope that helps.

Hi,
thanks for the script it works as well. but can you provide how to decrypt the encryption
many thanks!

If the encrypted file is `/tmp/data.txt.gpg` then `gpg /tmp/data.txt.gpg` can be used by the person with the private key to descrypt the file.

…

On Wed, 6 May 2020, 05:15 ranggadablues, ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ Hi, thanks for the script it works as well. but can you provide how to decrypt the encryption many thanks! — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <https://gist.github.com/a83ee23c7c700cdce2f8c5bf5f2e9f20#gistcomment-3291937>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAJQCZC6HTNFRLAMDRRENSDRQDP6LANCNFSM4ISH5YLA> .

Thank you for this script.
I can't figure out how to decrypt in Go. Is there a chance that you have an example script for decrypting?

It has been a while since I looked at this. Do you still need to decrypt in Go?

No, thank you. I found how to decrypt.

@charger @ayubmalik Can you please share the decrypt code?

No, thank you. I found how to decrypt.

please tell how to decrypt in golang

@Sundar-20, @anand24590
Sorry for a delay with answer.
Here is a gist with an example: https://gist.github.com/charger/4b054f90fb9fa648177a9355418c4685

hi @ayubmalik great script you have there,
but i have a question,
i have a case where i need to encrypt the file using another user publicKey, and sign using my private key
and the output is 1 gpg file,
any clue how to do that?
since in your example you already did encrypt the file and put it into gpg file.

Thank You

I have not done this recently but you just need to sign a hash of the file (or any data) using the "crypto/rsa.SignPKCS1v15" or similar. See https://gist.github.com/hansstimer/3517906 for an example. Let me know if that makes sense.

…

On Sat, 20 Jul 2024 at 15:48, Ismail Zakky ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ hi @ayubmalik <https://github.com/ayubmalik> great script you have there, but i have a question, i have a case where i need to encrypt the file using another user publicKey, and sign using my private key and the output is 1 gpg file, any clue how to do that? since in your example you already did encrypt the file and put it into gpg file. Thank You — Reply to this email directly, view it on GitHub <https://gist.github.com/ayubmalik/a83ee23c7c700cdce2f8c5bf5f2e9f20#gistcomment-5127683> or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAJQCZHK6QFMG2IKK46UTM3ZNJ2CDBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVA4DSNJVGMZDMOFHORZGSZ3HMVZKMY3SMVQXIZI> . You are receiving this email because you were mentioned. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> .