The Open Source

Appearance

Encrypting and Signing Files

With your key pair ready, you can now encrypt files to keep them secret or sign files to prove authorship. This section explains both processes in a practical, student-friendly way.

Encrypting a file

Encryption keeps a file secret so that only the intended recipient can read it.

Concept:

  • Use the recipient’s public key to encrypt a file
  • Only the recipient’s private key can decrypt it

Example scenario:
You want to send a project report to a teammate securely.

Commands are shown in the Cheatsheet section. Here, focus on the workflow.

Workflow steps:

  1. Obtain the recipient’s public key.
  2. Encrypt the file using their public key.
  3. Send the encrypted file.
  4. The recipient decrypts it using their private key.

Decrypting a file

  • Only the owner of the corresponding private key can decrypt the file.
  • Always keep your private key safe; losing it means losing access.

Workflow steps:

  1. Receive the encrypted file.
  2. Use your private key to decrypt.
  3. Verify the file contents.

Signing a file

Signing proves the file came from you and hasn’t been altered.

Concept:

  • Use your private key to sign a file
  • Anyone with your public key can verify the signature

Example scenario:
You submit a code file for a group project. Signing ensures your teammates know it’s really from you.

Workflow steps:

  1. Sign the file using your private key.
  2. Send the signed file along with your public key.
  3. The recipient verifies the signature.

Important: signing does not encrypt the file — it only proves authorship.

Verifying a signature

  • Verification confirms that a file hasn’t been changed and that it was signed by the key owner.
  • Recipients use your public key to verify the signature.

Workflow steps:

  1. Receive the signed file.
  2. Import the sender’s public key if you don’t have it.
  3. Verify the signature.
  4. If verification succeeds, you know the file is authentic.

Summary

  • Encrypt files to keep them secret
  • Sign files to prove authorship
  • Always use the correct public/private keys
  • Verification allows recipients to trust your files without sharing secrets

Next, you will learn how to sign Git commits using GPG, which applies the same concepts directly to version control workflows.