In this HowTo we will discuss to encypt files using GnuPG. Encryption is a method which protect data stored on your computer or sending over the network from compromise. It can be used to ensure and verify data comes from a rightful owner, and also to maintain confidentiality of the data. We will used a tool GnuPG (GNU Privacy Guard) to encrypt individual files or validate files.
GnuPG is an opensource implementation of the OpenPGP public key encryption system. Public Key Encryption uses asymmetric encryption, in which a matching pair of public and private keys are used to encrypt or decrypt. A person who accomplished this has to generate two keys i.e Private Key and Public Key.
Private Key is the one kept by owner secretly and what is encrypt by private key can decrypt by the one who has the matching public key or what is encrypt by the public key by anyone can decrypt by the private key owner. Beside encryption it also verify that messages comes from the holder of the private or public keys.
1) Generate Keys
Use following command to generate Public and Private Keys.
It will ask series of questions, you can answer as per your need but this is what I used for example.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? Press Enter to have default RSA
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) Press Enter
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) Press Enter
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter) ”
Real name: Sohail Riaz
Email address: firstname.lastname@example.org
Comment: Press Enter
You selected this USER-ID:
“Sohail Riaz ”
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
Use following commands to list your keys. You need to note the key-id to export your key. In below you can see the key-id after pub2048R which is ABF9DEAB.
pub 2048R/ABF9DEAB 2012-02-16
uid Sohail Riaz
sub 2048R/68DA88B7 2012-02-16
2). Export Public Key
Use following command to export your public key.
gpg -a -o sohail-public.key –export ABF9DEAB
It will create a file named sohail-public.key on current location. Now transfer this file to your partner which you need to have it to decrypt or verify your files.
Where -a is to put output in text rather than binary format. key-id will ensure we are using same key.
scp sohail-public.key email@example.com:
Now let your partner to import your public key.
gpg –import sohail-public.key
It will list your information with key-id. It has to noted it down or grep on every gpg –list-key whenever it need to encrypt file for partner sohail.
3) Encrypt and Decrypt the File.
Lets now test it by encrypting one file by imran using sohail public key and then decrypt it.
echo ‘This text is encrpted and can only be view by using sohail public key’ > decrypt-me.txt
gpg –encrypt -a -r ABF9DEAB decrypt-me.txt
It will create encrypted file with appended .asc extension. where -r will require to pub recipient name or key-id to whom this encryption has done.
Now transfer this file to your partner computer.
scp firstname.lastname@example.org:decrypt-me.txt.asc .
Now decrypt the file on your computer.
First see what it contain.
—–BEGIN PGP MESSAGE—–
Version: GnuPG v1.4.11 (GNU/Linux)
—–END PGP MESSAGE—–
Now decrypt and save output on a file named decrypted.txt, note it will require passphrase which you used while creating keys.
gpg –decrypt decrypt-me.txt.asc > decrypted.txt
You need a passphrase to unlock the secret key for
user: “Sohail Riaz ”
2048-bit RSA key, ID 68DA88B7, created 2012-02-16 (main key ID ABF9DEAB)
gpg: encrypted with 2048-bit RSA key, ID 68DA88B7, created 2012-02-16
“Sohail Riaz “
This text is encrypted using sohail public key and can only be decrypt by sohail
For more options you can see man pages of gpg using following command.
For any question please comment.
» Linux » How To Encrypt Files Using GnuPG