For Claude Code, ChatGPT & AI agents

Encrypt your files
by asking.

The bge CLI ships a Claude Code skill — and any agent that can run a shell, ChatGPT included, drives it the same way. Just say “encrypt report.pdf for Alice.”

Install the skill View the skill ↗ a Claude Code skill · drivable by ChatGPT & any shell agent

Strong file encryption usually means remembering flags and juggling key files. The bge-encryption skill teaches Claude Code how to drive the bge command-line tool — which mode to use, how to look up saved contacts, how to feed a passphrase without leaking it, and what each exit code means. You describe the outcome; the agent runs the right command, on your machine, in the open .bge format. The same commands work from ChatGPT's coding/agent tools or any other assistant that can run a shell — see below.

What you can ask

Plain-language requests, and the command the agent runs for each:

💬
“Encrypt the contract for Alice.”
Finds Alice in your saved contacts and seals the file to her public key — only she can open it.
bge encrypt contract.pdf -r Alice          # → contract.pdf.bge
💬
“Encrypt my tax docs so only I can open them.”
With no recipient, bge seals to your own active identity — a one-key backup only your private key unlocks.
bge encrypt taxes-2025.pdf                  # → sealed to you
💬
“Password-protect notes.txt with the passphrase in $PW.”
Pipes the passphrase in via --password-stdin — it never lands on the command line or in your shell history.
printf %s "$PW" | bge encrypt notes.txt --password-stdin
💬
“Decrypt invoice.bge and pull out the total.”
Decrypts to a pipe, not a file — the plaintext is read by the next tool and never written to disk.
bge decrypt invoice.bge -k me.pem -o - | grep -i total
💬
“Who is secret.bge encrypted for?”
Reads only the public header — no key needed — and names the recipient if they're in your address book.
bge inspect secret.bge                      # mode · key ID · Encrypted for: …
💬
“Encrypt this whole folder for Bob, as one file.”
Zips the folder and encrypts it to a single archive that also hides the file names.
bge encrypt project/ -a -r Bob              # → project.zip.bge
💬
“Encrypt this for Carol.” (Carol isn't saved yet)
Doesn't guess. It asks you for Carol's public key or .bgekey card, saves the contact, then encrypts.
bge contact add carol.bgekey               # then: bge encrypt … -r Carol

The guardrails it follows

The skill is written for a shell with no human watching, so it builds in the safe defaults you'd want:

Install the skill

First, make sure the bge CLI is on your PATH:

macOS · Homebrew
brew install --cask dotbge/tap/bge

Then add the skill — it lives in the bge-cli repository under skills/bge-encryption:

# Personal — available in all your projects:
mkdir -p ~/.claude/skills && cp -r skills/bge-encryption ~/.claude/skills/

# …or per-project, checked into a repo:
mkdir -p .claude/skills && cp -r skills/bge-encryption .claude/skills/

That's it. Ask Claude Code “encrypt report.pdf for Alice” and the skill loads on its own. If bge isn't installed yet, it tells you how and stops rather than guessing.

Claude Code, ChatGPT, or any agent

The packaged skill is built for Claude Code, but bge itself is a plain, scriptable tool — deterministic flags, stdin/stdout piping, --password-stdin, and standard sysexits exit codes. Any assistant that can run a shell command drives it the same way:

See the CLI reference for the full command set.

View the skill on GitHub CLI reference →
Can Claude Code actually encrypt and decrypt my files?
Yes. The bge CLI ships a Claude Code skill (skills/bge-encryption). Once the CLI and the skill are installed, you ask in plain language — e.g. “encrypt report.pdf for Alice” or “decrypt invoice.bge and summarise it” — and the agent runs bge locally, in the open .bge format.
Is it safe to let an agent handle passphrases and keys?
The skill is built for an automated shell: it pipes passphrases via --password-stdin (never on the command line or in history), confirms before overwriting files or generating keys, and prefers decrypting to a pipe so plaintext isn't left on disk. The address book holds public keys only, so decrypting still needs a private-key file you provide.
Does it work with ChatGPT or other agents?
Yes. The packaged skill is for Claude Code, but bge is a plain, scriptable CLI — deterministic flags, stdin/stdout piping, --password-stdin, and standard sysexits exit codes — so any assistant that can run shell commands can drive it: ChatGPT's coding/agent tools (such as Codex), editor agents, or a CI script. You can also hand any model the skill file as a plain instruction set.
Can the agent see my private key?
No. The CLI uses file-based keys only and never stores private keys. Decrypting an identity-locked file means pointing bge at a private-key file you control; there's no key store for the agent to read. Encrypting by name uses the public-key address book in ~/.bge.
What do I need installed?
The bge CLI on your PATH (brew install --cask dotbge/tap/bge on macOS, or a build for macOS/Linux), and the skill copied into ~/.claude/skills/ (or a project's .claude/skills/). The skill checks for bge and tells you how to install it if it's missing.