In this HowTo we will discuss to encypt files using GnuPG. Encryption is a method which protect data stored on your computer or sending over the network from compromise. It can be used to ensure and verify data comes from a rightful owner, and also to maintain confidentiality of the data. We will used a tool GnuPG (GNU Privacy Guard) to encrypt individual files or validate files.

GnuPG is an opensource implementation of the OpenPGP public key encryption system. Public Key Encryption uses asymmetric encryption, in which a matching pair of public and private keys are used to encrypt or decrypt. A person who accomplished this has to generate two keys i.e Private Key and Public Key.

Private Key is the one kept by owner secretly and what is encrypt by private key can decrypt by the one who has the matching public key or what is encrypt by the public key by anyone can decrypt by the private key owner. Beside encryption it also verify that messages comes from the holder of the private or public keys.

1) Generate Keys

Use following command to generate Public and Private Keys.

gpg –gen-key

It will ask series of questions, you can answer as per your need but this is what I used for example.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? Press Enter to have default RSA

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) Press Enter

Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) Press Enter
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter) ”

Real name: Sohail Riaz
Email address: sohail@sohailriaz.com
Comment: Press Enter
You selected this USER-ID:
“Sohail Riaz ”

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

You need a Passphrase to protect your secret key.
redhat

Use following commands to list your keys. You need to note the key-id to export your key. In below you can see the key-id after pub2048R which is ABF9DEAB.

gpg –list-keys
/home/sohail/.gnupg/pubring.gpg
——————————-
pub 2048R/ABF9DEAB 2012-02-16
uid Sohail Riaz
sub 2048R/68DA88B7 2012-02-16

2). Export Public Key

Use following command to export your public key.

gpg -a -o sohail-public.key –export ABF9DEAB

It will create a file named sohail-public.key on current location. Now transfer this file to your partner which you need to have it to decrypt or verify your files.

Where -a is to put output in text rather than binary format. key-id will ensure we are using same key.

scp sohail-public.key imran@192.168.122.152:

Now let your partner to import your public key.

gpg –import sohail-public.key

It will list your information with key-id. It has to noted it down or grep on every gpg –list-key whenever it need to encrypt file for partner sohail.

3) Encrypt and Decrypt the File.

Lets now test it by encrypting one file by imran using sohail public key and then decrypt it.

echo ‘This text is encrpted and can only be view by using sohail public key’ > decrypt-me.txt

gpg –encrypt -a -r ABF9DEAB decrypt-me.txt

It will create encrypted file with appended .asc extension. where -r will require to pub recipient name or key-id to whom this encryption has done.

ls
decrypt-me.txt.asc

Now transfer this file to your partner computer.

scp imran@192.168.122.152:decrypt-me.txt.asc .

Now decrypt the file on your computer.

First see what it contain.

cat decrypt-me.txt.asc

—–BEGIN PGP MESSAGE—–
Version: GnuPG v1.4.11 (GNU/Linux)

hQEMAy7GnyBo2oi3AQgAg1m/6bcLj+RZ4IKSr0HitWWyWc3mkIUkZ6KAMJnY2kSx
JmZ6e0Sc+D/D9CUy0cmD6PGQcO2LjfQvTKpPvups9Ug3mr9JCqJyjfeDb59uiKN1
8cvq2U0/OVppLb+yf4Z19OryuCdX2MlDdkmhlUaNbftWOA3YlYubi5Db0Fwl+e+X
nt6SZv51XnQ1wM3fsGN0q5+DAfPsIYtmRkDHvMkkdojkdO8Oxnj4LNu3/iFhgNTl

—–END PGP MESSAGE—–

Now decrypt and save output on a file named decrypted.txt, note it will require passphrase which you used while creating keys.

gpg –decrypt decrypt-me.txt.asc > decrypted.txt

You need a passphrase to unlock the secret key for
user: “Sohail Riaz ”
2048-bit RSA key, ID 68DA88B7, created 2012-02-16 (main key ID ABF9DEAB)

gpg: encrypted with 2048-bit RSA key, ID 68DA88B7, created 2012-02-16
“Sohail Riaz “

cat decrypted.txt
This text is encrypted using sohail public key and can only be decrypt by sohail

For more options you can see man pages of gpg using following command.

man gpg

For any question please comment.

By Sohail Riaz

I am a First Red Hat Certified Architect - RHCA (ID # 110-082-666) from Pakistan with over 14 years industry experience in several disciplines including LINUX/UNIX System Administration, Virtualization, Network, Storage, Load Balances, HA Clusters and High Performance Computing.

2 thoughts on “How To Encrypt Files Using GnuPG”

Leave a Reply

Your email address will not be published. Required fields are marked *