Batch encrypt with public key using Gpg4win command line
We are setting up our first EDI system that relies on incoming and outgoing file encryption using OpenPGP. The incoming files that are encrypted with our public key, we can successfully decrypt using our private key using Gpg4win's command line option:
gpg --batch --passphrase "SOME_KEY" --decrypt-files "%decryptingdir%\*.pgp"
What I now need to do, is the reverse, and encrypt the outgoing files using our partners public key.
I have been unable to find any command line documentation around batch encryption using a public key. I assumed it would be something in the order of:
gpg --batch --encrypt-files "%encryptingdir%\*.pgp" --key "SOME_KEY_PATH"
Can anyone advise how I can achieve this encryption via the command line?
Answer
Use the --recipient option to denote keys to encrypt for. GnuPG has a distinction between options and commands, while options should better go first.
gpg --batch --recipient [key-id] --encrypt-files "%encryptingdir%\*.pgp"
GnuPG expects keys to be imported to the keychain, so gpg --import [key-file] it first. There are hacks using --keyring [your-key-file], but simply importing the key file is the safer way to go.
For scripted/programmed operations, best practice is to always denote the full fingerprint. Read about key ID collisions to understand the issues with short key IDs.