\nmint-desktop tmp # cat mysecretdocument.txt\r\nsecret 1234<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\nNow we can use the gpg option -c<\/code> (or --symmetric<\/code>) to encrypt with a symmetric cipher using a passphrase. The default symmetric cipher used is CAST5, but may be chosen with the --cipher-algo<\/code> option:<\/p>\n\n \n\n\n\nmint-desktop tmp # gpg -c mysecretdocument.txt \r\ngpg: directory `\/root\/.gnupg' created\r\ngpg: new configuration file `\/root\/.gnupg\/gpg.conf' created\r\ngpg: WARNING: options in `\/root\/.gnupg\/gpg.conf' are not yet active during this run\r\ngpg: keyring `\/root\/.gnupg\/pubring.gpg' created<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\nThis was my first use of gpg on this computer and so it has created the directory \/root\/.gnupg<\/code> and some files, this is normal if you have never used gpg, also it asked me twice for a passphradse, once that i typed it 2 times it create the new file, now I\u2019ve on that directory the new encrypted file:<\/p>\n\n \n\n\n\nmint-desktop tmp # ls -alrt\r\n-rw-r--r-- 1 root root 12 Jan 10 23:13 mysecretdocument.txt\r\n-rw-r--r-- 1 root root 67 Jan 10 23:14 mysecretdocument.txt.gpg<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\nAnd we can do a cat<\/code> of the the new file, to verify that it has been encrypted, the default behaviour is to keep the same file name of the original and add at the end the suffix .gpg, :<\/p>\n\n \n\n\n\nmint-desktop tmp # cat mysecretdocument.txt.gpg<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\nThis will show a bunch of unprintable characters, this is fine.<\/p>\n Now we can keep our secret file and delete the one in plain text, or send it via email and once we need to see our secret again, we can use the command:<\/p>\n \n \n\n\n\nmint-desktop tmp # gpg -d mysecretdocument.txt.gpg\r\ngpg: keyring `\/root\/.gnupg\/secring.gpg' created\r\ngpg: CAST5 encrypted data\r\ngpg: gpg-agent is not available in this session\r\ngpg: encrypted with 1 passphrase\r\nsecret 1234\r\ngpg: WARNING: message was not integrity protected<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\ngpg with the -d<\/code> option print the output directly on standard output, to write it to a file you can use the gpg option -o outputfile.txt<\/code>:<\/p>\n\n \n\n\n\nmint-desktop tmp # gpg -o mynewfile.txt -d mysecretdocument.txt.gpg \r\nmint-desktop tmp # ls -l my*\r\n-rw-r--r-- 1 root root 12 Jan 10 23:37 mynewfile.txt\r\n-rw-r--r-- 1 root root 12 Jan 10 23:13 mysecretdocument.txt\r\n-rw-r--r-- 1 root root 67 Jan 10 23:14 mysecretdocument.txt.gpg<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\nSolution 2 \u2013 Encrypt with a public key<\/h3>\nThere is also another approach to encryption, GPG allows you to use public-private key encryption to encrypt and decrypt files on Windows and Linux. The benefit of public-private key encryption is that you can keep your public key out in the open, and use it from anywhere to encrypt files. Once encrypted with the public key, those files can only be decrypted with the private key.<\/p>\n So in the example we will adopt a system that will use a certificate that consists of two distinct keys, one private and one public.<\/p>\n The private key<\/strong> should remain exclusively in the hands of the owner of the certificate.
\nThe owner will use it to decrypt files that are sent to him, that can now be sent also with insecure protocols (email, ftp, http upload)<\/p>\nThe public key<\/strong> can be distributed to the whole world, without incurring in any risk of danger. It will be used to encrypt files addressed to the owner of the certificate, only the owner of the related private key can decrypt that file.<\/p>\nThe public key can be distributed to anyone without any control. The fact that it falls into foreign hands will not constitute any danger. The greatest attention should be given exclusively to the private key, which must remain strictly in the hands of the legitimate owners.<\/p>\n As first thing, you must generate a public\/private keypair. This keypair is generated with the --gen-key<\/code> option of gpg:<\/p>\n\n \n\n\n\n$ gpg --gen-key\r\ngpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.\r\nThis is free software: you are free to change and redistribute it.\r\nThere is NO WARRANTY, to the extent permitted by law.\r\n\u00a0\r\nPlease select what kind of key you want:\r\n (1) RSA and RSA (default)\r\n (2) DSA and Elgamal\r\n (3) DSA (sign only)\r\n (4) RSA (sign only)\r\nYour selection? 1\r\nRSA keys may be between 1024 and 4096 bits long.\r\nWhat keysize do you want? (2048) 4096\r\nRequested keysize is 4096 bits\r\nPlease specify how long the key should be valid.\r\n 0 = key does not expire\r\n = key expires in n days\r\n w = key expires in n weeks\r\n m = key expires in n months\r\n y = key expires in n years\r\nKey is valid for? (0) 0\r\nKey does not expire at all\r\nIs this correct? (y\/N) y\r\n\u00a0\r\nYou need a user ID to identify your key; the software constructs the user ID\r\nfrom the Real Name, Comment and Email Address in this form:\r\n \"Heinrich Heine (Der Dichter) \"\r\n\u00a0\r\nReal name: Linuxaria admin\r\nEmail address: admin@linuxaria.com\r\nComment: \r\nYou selected this USER-ID:\r\n \"Linuxaria admin \"\r\n\u00a0\r\nChange (N)ame, (C)omment, (E)mail or (O)kay\/(Q)uit? o\r\nYou need a Passphrase to protect your secret key.\r\n\u00a0\r\ngpg: gpg-agent is not available in this session\r\nWe need to generate a lot of random bytes. It is a good idea to perform\r\nsome other action (type on the keyboard, move the mouse, utilize the\r\ndisks) during the prime generation; this gives the random number\r\ngenerator a better chance to gain enough entropy.\r\n\u00a0\r\nNot enough random bytes available. Please do some other work to give\r\nthe OS a chance to collect more entropy! (Need 26 more bytes)\r\n...........+++++\r\n........+++++\r\nWe need to generate a lot of random bytes. It is a good idea to perform\r\nsome other action (type on the keyboard, move the mouse, utilize the\r\ndisks) during the prime generation; this gives the random number\r\ngenerator a better chance to gain enough entropy.\r\ngpg: key A7B8B4DD marked as ultimately trusted\r\npublic and secret key created and signed.\r\n\u00a0\r\ngpg: checking the trustdb\r\ngpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model\r\ngpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u\r\npub 4096R\/A7B8B4DD 2013-01-11\r\n Key fingerprint = AF7B 310A 57FF 0524 91A6 E483 83F7 FE98 A7B8 B4DD\r\nuid Linuxaria admin \r\nsub 4096R\/E427331B 2013-01-11<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\nIn this example I\u2019ve created a RSA key 4096 bits long and set as user ID for the key which consists of the real name, e-mail address and optionally a comment \u201cLinuxaria admin \u201c, i can verify the new keys with the options --list-keys <\/code> and --list-secret-keys<\/code><\/p>\nmint-desktop ~ # gpg --list-keys; \r\n\/root\/.gnupg\/pubring.gpg\r\n------------------------\r\npub 4096R\/A7B8B4DD 2013-01-11\r\nuid Linuxaria admin \r\nsub 4096R\/E427331B 2013-01-11\r\n\u00a0\r\nmint-desktop ~ # gpg --list-secret-keys\r\n\/root\/.gnupg\/secring.gpg\r\n------------------------\r\nsec 4096R\/A7B8B4DD 2013-01-11\r\nuid Linuxaria admin \r\nssb 4096R\/E427331B 2013-01-11<\/pre>\n","protected":false},"excerpt":{"rendered":"GNU Privacy Guard (GnuPG or GPG) is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP. Current versions of PGP (and Veridis\u2019 Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems.<\/p>\n Solution 1 \u2013 Encrypt with a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,17],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1857"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1857"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1857\/revisions"}],"predecessor-version":[{"id":4682,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1857\/revisions\/4682"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1857"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1857"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} | | | | | | |