So we know we can think of GPG public keys and private keys as locks and keys. That is, we send our locks to other people so that they can lock their stuff up before they send it back to us, and then only we can use our key to unlock the package and get the stuff inside.

# encrypt
gpg --output optional --recipient recipient_key --encrypt filename
# decrypt
gpg --output optional --decrypt filename

But sometimes that’s not enough. With encryption and decryption, we can now at best successfully protect our privacy, but sometimes, we want to make sure we are talking to whom we think we are talking to. That’s when we need GPG to sign our messages.

gpg --output optional --local-user your_key --sign file
# your_key can be either email or name. There are other options
# if you want to use, say, fingerprint of a key, check the man page

This way you will get a binary file with the content of your file hidden in it and the content is not encrypted at all. If you want to encrypt the file when signing it, you can just tell GPG which “lock” it should use

gpg --output optional_filename 
--local-user your_key
--sign --encrypt --recipient recipient_key file

Naturally, to use encryption, in addition to your own key (GPG uses your private key here), you also need to provide the public key (the lock) of the recipient. There’s something called detached signing, but I won’t talk about that here.