The usual way to decrypt a file with GPG is to import your own public and private keys first, then run a command like this:
1 | gpg -o outputfile -d encryptfile |
That works, but it is not always a very safe habit. What if you need to decrypt something on someone else’s computer? If you forget to remove the imported secret key afterwards with gpg --delete-secret-keys, that can easily become a problem.
If you prefer to carry your keys on a USB drive or other removable media, you can decrypt files without importing them into the local keyring at all.
For example, on Windows, suppose your secret keyring file secring.skr and public keyring file pubring.pkr are stored in the root of a USB drive mounted as F:. You can decrypt like this:
1 | gpg --secret-keyring F:\\secring.skr --keyring F:\\pubring.pkr -o outputfile -d encryptfile |
The --secret-keyring and --keyring options point GPG to the external secret and public keyring files. This allows you to decrypt files without importing either key into the machine you are using.
