قالب وردپرس درنا توس
Home / Tips and Tricks / How to Encrypt and Decrypt Files with GPG on Linux

How to Encrypt and Decrypt Files with GPG on Linux



  Linux terminal window on a laptop
Fatmawati Achmad Zaenuri / Shutterstock.com

Protect your privacy with the Linux command gpg . Use world-class encryption to protect your secrets. We'll show you how to use gpg to work with keys, encrypt files and decrypt files.

GnuPrivacy Guard (GPG) allows you to securely encrypt files so that only the intended recipient can decrypt them. In particular, GPG conforms to the OpenPGP standard. It is based on a program called Pretty Good Privacy (PGP). PGP was written in 1

991 by Phil Zimmerman.

GPG is based on the idea of ​​two encryption keys per person. Each person has a private key and a public key. The public key can decrypt something that has been encrypted with the private key.

To securely send a file, encrypt it with your private key and the recipient's public key. To decrypt the file, you need your private key and your public key.

This shows that public keys have to be shared. You will need the recipient's public key to encrypt the file, and the recipient will need your public key to decrypt it. There is no danger of making your public keys public. Just for this purpose, as we shall see, there are public key servers. Private keys must be kept private. If your public key is public domain, your private key must be kept secret and secure.

Setting up GPG requires more steps than using it. Fortunately, you usually only need to set it up once.

Generating Your Keys

The command gpg was installed on all tested Linux distributions, including Ubuntu, Fedora, and Manjaro. [19659004] You do not need to use GPG for emails. You can encrypt and make files available for download or physically pass them to the recipient. However, you must assign an e-mail address to the keys you have generated. Therefore, select the e-mail address you want to use.

Find the command to generate your keys. The option - Generate Key Completely generates your keys in an interactive session in your terminal window. You will also be prompted for a passphrase. Make sure you remember the passphrase. Three or four simple words associated with punctuation marks provide a good and reliable model for passwords and passwords.

  gpg - full-generate-key 

  gpg - full-generate-key in a terminal window 


<p><img class=

You must select a bit length for the encryption keys. Press Enter to accept the default.

 Key generation questions in a terminal window

You must specify how long the key should last. When testing the system, enter a short duration such as 5 for five days. If you want to keep this key, enter a longer duration of 1 year. The key has a term of 12 months and must be renewed after one year. Confirm your selection with a J .

You must enter your name and e-mail address. If you want, you can add a comment.

 Key generation questions in a terminal window

You will be asked to enter your passphrase. You need the passphrase when working with your keys. Make sure you know which passphrase your passphrase is. While working with gpg this window is displayed. So do not forget to save your passphrase.

Key generation is in progress and you are returned to the command prompt.

 Generation of the GPG Key Completed in a Terminal Window

Generating a Revocation Certificate

If your private key becomes known to others, you must unassign the old keys to your identity so that you can generate new ones. For this you need a revocation certificate. We'll do it now and keep it in a safe place.

After the option - output specify the filename of the certificate you want to create. The option - gen-revoke causes gpg to generate a revocation certificate. You must specify the e-mail address you used when generating the keys.

  gpg --output ~ / revocation.crt --gen-revoke dave-geek@protonmail.com 

  gpg --output ~ / revocation. crt --gen-revoke dave-geek@protonmail.com in a terminal window

You will be asked to confirm that you want to create a certificate. Press Y and press Enter. You will be asked for the reason for creating the certificate. Since we do this in advance, we do not know exactly. Press 1 as a plausible guess and press Enter.

You can enter a description if you wish. Press Enter twice to exit the description.

You will be asked to confirm your settings, press Y and press Enter.

 Questions about GPG certificates in a terminal window [19659004] The certificate is being generated. A message will appear confirming the need to protect this certificate.

This message mentions a person named Mallory. Cryptographic discussions have long used Bob and Alice as the two communicating individuals. There are other supporting characters. Eva is an eavesdropper, Mallory is a malicious attacker. All we need to know is that we need to keep the certificate safe.

Let's remove at least all permissions except ours from the certificate.

  chmod 600 ~ / revocation.crt 

  chmod 600 ~ / revocation.crt in a terminal window

Let's check out ls what permissions are available now:

  ls -l 

  http://cryptocouple.com/ in a terminal window

That's perfect. Nobody but the file owner – we – can do anything with the certificate.

Importing another person's public key

To encrypt a message that someone else can decrypt, we need their public key.

If you provided your key in a file, you can import it with the following command. In this example, the key file is called "mary-geek.key".

  gpg --import mary-geek.key 

  gpg --import mary-geek.key in a terminal window

The key is imported and you will see the name and email address of the Key displayed. Of course, this should match the person from whom you received the key.

 Key successfully imported into a terminal window

There is also the possibility that the person from whom you need a key has uploaded their key to a public key server. These servers store the public keys of people from all over the world. The key servers are regularly synchronized so that the keys are generally available.

MIT's public key server is a popular and regularly synchronized key server. Therefore, the search should be successful there. If someone recently uploaded a key, it may take a few days for it to appear.

After the key server option, specify the name of the key server that you want to search. The option - search key must be followed either by the name of the requested person or their e-mail address. We use the e-mail address:

  gpg --keyserver pgp.mit.edu --search-keys mary-geek@protonmail.com 

  gpg --keyserver pgp.mit.edu --search-keys mary -geek@protonmail.com in a terminal window

Matches are listed and numbered for you. To import one, enter the number and press Enter. In this case, there is a single match. Type 1 and press Enter.

 The gpg key server leads to a terminal window

The key is imported and we The name and the e-mail address of this key are displayed.

Checking and signing a key

If someone has given you a public key file from someone you know, you can safely say that it belongs to that person. If you have downloaded it from a public-key server, you may need to verify that the key belongs to the person for whom it is intended.

The - Fingerprint option causes gpg to create a short series of ten sentences with four hexadecimal characters. You can ask the person to send you the fingerprint of their key.

You can then use the - Fingerprint option to generate and compare the same fingerprint sequence of hexadecimal characters. If they match, you know that the key belongs to that person.

  gpg --fingerprint mary-geek@protonmail.com 

  gpg --fingerprint mary-geek@protonmail.com in a terminal window [19659004] The fingerprint is generated.

 gpg fingerprint in a terminal window

If you are satisfied that the key is genuine and belongs to the person to whom you want to assign it, you can sign their key.

If you do not, you can still use it to encrypt and decrypt messages from and to this person. But gpg asks you every time if you want to continue because the key is not signed. We use the option - Signature Key and specify the person's e-mail address so that gpg knows which key to sign.

  gpg --sign -key mary-geek@protonmail.com 

  gpg --sign-key mary-geek@protonmail.com in a terminal window

You will see information about the key and the person and asks if you really want to sign the key. Press Y and press Enter to sign the key.

 GPG key signature confirmation in a terminal window

To free your public key as a file: We need to export it from the local keystore gpg . We use the option - Export followed by the e-mail address with which you generated the key. The option - Output must be followed by the name of the file into which the key is to be exported. The option - armor instructs gpg to generate an ASCII armor output instead of a binary file.

  gpg --output ~ / dave-geek.key --armor --export dave-geek@protonmail.com 

  gpg --output ~ / dave-geek.key --armor --export dave-geek @ protonmail.com in a terminal window

We can take a look inside The key file with less .

  less dave-geek.key 

  Less public key file in a terminal window

The key is shown in all its glory: [19659004]   Less public key file in a terminal window

You can also share your public key on a public key server. The option - send-keys sends the key to the keyserver. The option - Key Server must follow the web address of the public key server. To determine which key to send, the fingerprint for the key must be specified on the command line. Note that there are no spaces between the four characters.

(You can see the fingerprint for your key with the - Fingerprint option.)

  gpg --send-keys - keyserver pgp.mit.edu 31A4E3BE6C022830A804DA0EE9E4D6D0F64EEED4 

<img class = " alignnone size-full wp-image-428078 "data-pagespeed-lazy-src =" https://www.howtogeek.com/wp-content/uploads/2019/07/xgpg_19.png.pagespeed.gp+jp+jw + pj + ws + js + rj + rp + rw + ri + cp + md.ic.7bzrLBZlZz.png "alt =" gpg –send-keys –keyserver pgp.mit.edu 31A4E3BE6C022830A804DA0EE9E4D6D0F64EE4 1965004  The confirmation key was

Encrypting Files

Finally, we can encrypt a file and send it to Mary, the file is called Raven.txt.

The option - encrypt instructs gpg to encrypt the file, and instructs the option - sign to sign the file with your entry n. The option - armor instructs gpg to create an ASCII file. The option -r (recipient) must follow the e-mail address of the person to whom you are sending the file.

  gpg --encrypt --sign --armor - r mary - geek @ protonmail.com 

 gpg --encrypt --sign --armor - r mary - geek@protonmail.com in a terminal window

The file is created with the same name as the original, but appended to the file name with ".asc". Let's take a look inside.

  less Raven.txt.asc 

 less Raven.txt.asc in a terminal window

The file is completely unreadable and can only be decrypted by someone who has done so and Mary's private key. The only person who has both should be Mary.

 Encrypted content of raven.txt.asc in a terminal window

Now we can send the file to Mary without anyone else being able to decrypt it.

Decrypt Files

Mary has sent a reply. It's in an encrypted file called coded.asc. We can easily decode it with the option - decrypt . We will redirect the output to another file called plain.txt.

Note that we do not need to tell gpg who the file came from. This can be determined from the encrypted contents of the file.

  gpg --decrypt coded.asc> plain.txt 

 gpg --decrypt coded.asc> plain.txt in a terminal window [19659004] Let 's look at the file plain.txt:

  less plain.txt 

 less plain.txt in a terminal window

The file was successfully decrypted for us.

 Decrypts File in Less in a Terminal Window

Updating Your Keys

Periodically, you can request gpg to validate the keys on a public key server and to update the changed keys , You can do this every few months or if you get a key from a new contact.

The option - Refresh Keys causes gpg to perform the test. The key server option must be followed by the key server of your choice. Once the keys have been synchronized between the public key servers, it should not matter which one you select.

  gpg - Key Server pgp.mit.edu --refresh-keys 

 gpg - Key Server pgp.mit. edu - refresh keys in a terminal window

gpg replies with the list of verified and updated keys and tells you if they have been changed or updated.

 gpg key Updates in a terminal window

Privacy is hot topic

Privacy is always up to date. Regardless of your reasons to keep your data secure and private, gpg provides a simple means to encrypt your files and communications incredibly hard.

There are other ways to use gpg ]. You can get a plugin for Thunderbird called Enigmail. It integrates directly with your gpg configuration so that you can encrypt e-mail messages from within Thunderbird.




Source link