How to PGP encrypt, decrypt or digitally sign files via GnuPG GUI on GNOME Desktop

Pretty Good Privacy (PGP) is an encryption/decryption program that provides cryptographic privacy and authentication for data communication. PGP is popularly used to digitally sign, encrypt or decrypt email messages or files being transferred over the Internet. In Linux, there exists GnuPG, a GPL-licensed alternative to PGP.

While it is possible to use GnuPG to encrypt or decrypt files manually, you can use various GUI frontends for GnuPG. One such GUI frontend is GNOME Seahorse, which can manage various types of encryption keys including PGP keys, SSH keys, passphrases, etc. Seahorse offers various plugins to interface with other applications. There is also a Seahorse plugin for Nautilius.

In this tutorial, I will describe how to PGP-encrypt, decrypt or digitally sign documents on Nautilus by using Seahorse plugin. This set up was tested in Ubuntu environment.

Install Seahorse Plugin for Nautilius

On Ubuntu Oneiric (11.10) or earlier:

$ sudo apt-get install seahorse-plugins

On Ubuntu Precise (12.04) or later:

$ sudo apt-get install seahorse-nautilus

Generate a PGP Key

The first step is to create a default PGP key to use for encryption/decryption. To do so, launch Seahorse application either by executing seahorse command manually, or typing "Passwords and Keys" in Ubuntu Dash.

$ seahorse

Click on "+" icon to create a new encryption key.

Choose "PGP Key" option.

Type in your name and email address, and customize encryption options (e.g., encryption type, key strength and expiration date).

Enter the passphrase for a new PGP key, and click on "OK" button. The minimum length of the passphrase is 20 characters.

When generating a PGP key, Seahorse uses GnuPG in the backend. Since key generation requires a lot of random data, it is recommended to conduct some activities during key generation, such as typing on keyboards, moving the mouse, running applications, etc, so that the system gets enough random data needed.

After a new key has been generated, close Seahorse application, and reload Nautilus as follows.

$ nautilus -q
$ nautilus

PGP-Encrypt or Decrypt a File on Nautilus

To encrypt a file, right-click the file and choose "Encrypt".

It will launch a pop-up window showing the default PGP key that you created earlier. Choose the default key, and optionally sign message as yourself. Click on "OK" button.

When prompted for a passphrase, enter it.

It will create an encrypted file with .pgp extension. If you want to decrypt the .pgp file, right-click it and choose "Decrypt" option.

Subscribe to Xmodulo

Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

Support Xmodulo

Did you find this tutorial helpful? Then please be generous and support Xmodulo!

The following two tabs change content below.
Dan Nanni is the founder and also a regular contributor of He is a Linux/FOSS enthusiast who loves to get his hands dirty with his Linux box. He likes to procrastinate when he is supposed to be busy and productive. When he is otherwise free, he likes to watch movies and shop for the coolest gadgets.

One thought on “How to PGP encrypt, decrypt or digitally sign files via GnuPG GUI on GNOME Desktop

  1. Many thanks Dan,

    the above instructions offered me a quick path to setup and begin to use seahorse / nautilus encryption in the 17.1 release (Rebecca) of LINUX Mint.

    Kind regards,


Leave a comment

Your email address will not be published. Required fields are marked *