ObjectiveEncrypt individual files with GPG.
DistributionsThis will work with any Linux distribution.
RequirementsA working Linux install with GPG installed or root privileges to install it.
- # - requires given command to be executed with root privileges either directly as a root user or by use of
- $ - given command to be executed as a regular non-privileged user
IntroductionEncryption is important. It's absolutely vital to protecting sensitive information. Your personal files are worth encrypting, and GPG provides the perfect solution.
Install GPGGPG is a widely used piece of software. You can find it in nearly every distribution's repositories. If you don't have it already, install it on your computer.
$ sudo apt install gnupg
# dnf install gnupg2
# pacman -S gnupg
# emerge --ask app-crypt/gnupg
Create a KeyYou need a key pair to be able to encrypt and decrypt files. If you already have a key pair that you generated for SSH, you can actually use those here. If not, GPG includes a utility to generate them.
$ gpg --full-generate-keyGPG has a command line procedure that walks you through the creation of your key. There is a much more simplified one, but it doesn't let you set key types, sizes or expiration, so it really isn't the best.
The first thing GPG will ask for is the type of key. Use the default, if there isn't anything specific that you need.
The next thing that you'll need to set is the key size.
4096is probably best.
After that, you can set an expiration date. Set it to
0if you want the key to be permanent.
Then, it will ask you for your name.
Finally, it asks for your email address.
You can add a comment if you need to too.
When it has everything, GPG will ask you to verify the information.
GPG will ask if you want a password for your key. This is optional, but adds a degree of protection. As it's doing that, GPG will collect entropy from your actions to increase the strength of your key. When it's done, GPG will print out the information pertaining to the key you just created.
Basic EncryptionNow that you have your key, encrypting files is very easy. Create a blank text file in your
/tmpdirectory to practice with.
$ touch /tmp/test.txtTry encrypting it with GPG. The
-eflag tells GPG that you'll be encrypting a file, and the
-rflag specifies a recipient.
$ gpg -e -r "Your Name" /tmp/test.txtGPG needs to know who is going to be opening the file and who sent it. Since this file is for you, there's no need to specify a sender, and you are the recipient.
Basic DecryptionYou have an encrypted file. Try decrypting it. You don't need to specify any keys. That information is encoded with the file. GPG will try the keys that it has to decrypt it.
$ gpg -d /tmp/test.txt.gpg
Sending A FileSay you do need to send the file. You need to have the recipient's public key. How you get that from them is up to you. You can ask them to send it to you, or it may be publicly available on a keyserver.
Once you have it, import the key into GPG.
$ gpg --import yourfriends.keyThat key will have their name and email in it, just like the one you made. Remember that in order for them to be able to decrypt your file, they need your public key too. Export it, and send it to them.
gpg --export -a "Your Name" > your.keyYou're ready to encrypt your file for sending. It's more-or-less the same as before, you just need to specify that you're the one sending it.
$ gpg -e -u "Your Name" -r "Their Name" /tmp/test.txt