GnuPG: Encryption and Decryption

Cryptography (crypto + graphy = secret writing) is the process of safeguarding valuables by turning it into cipertext. There are two distinct types of cryptography – symmetric and asymmetric cryptography. The most commonly used of which is asymmetric cryptography. In asymmetric cryptography, a key pair is used – one is public and the other is private. The private key is kept private and the public key is “public” and can be viewed by anyone.

Cryptography, on a Linux machine, is utilized to keep valuables safe and away from prying eyes. Many a thing can be encrypted – files, partitions, volumes, network connections, zip files, backups, etc…

GnuPG: Encryption and Decryption

GPG is a tool on Linux used for encryption and decryption. By default, it uses asymmetric encryption. However, you can force it to use symmetric encryption should you wish.

Generating a Key pair

The fist step in any encryption process is to generate the key pair, and the key ring. In order to generate a key pair in full, type:

gpg --full-generate-key

It will ask you a whole lot of questions. For example, the kind of key you want, the key size, and when you want the key to expire. It will also ask you for your name, email address and comments. So choose them, and enter them. After you finish the first section, you’ll be prompted for a passphrase, choose one. The passphrase is used to protect the private key. Now, the key pair has been generated, and placed on a key ring.

One can also check the key ring for the public key by using the command gpg –list-keys.

gpg --list-keys

Sharing your public key

Your public key can be shared with anyone. Your public key was meant to be public, so it can even be on a web page! Your private key, on the other hand, must be kept secret at all times!! You can export your public key for sharing.

gpg --export [name] > [key file]

Ex:

gpg --export’ kalyani raj’ > kalyaniraj.pub

Another individual’s public key can be added on our key king using the gpg –import command.

gpg --import [key file]

Ex:

gpg --import johndoe.pub

In this case, we are importing John Doe’s public key onto our key ring.

Encrypt a file

Here, the point to make is that you can encrypt the file to keep for yourself with your public key, or you can encrypt a file with someone else’s public key and send it to that someone else so that they can open it with their private key.

So suppose that I wanted to send a message to John Doe. Suppose further that I had his public key on my key ring. Now in order for me to create an encrypted message for John Doe, I would write the following:

gpg --out ForJohnDoe --recipient “John Doe” --encrypt “ForJohnDoe.txt”

So basically, what you’re doing in the lines above is:

A) Using the –encrypt switch to choose the file you want to encrypt. In this case, the file ForJohnDoe.txt will be encrypted.
B) Using the –out switch to decide the name of the output file. In this case, it will be ForJohnDoe.
C) Using the –recipient switch to decide the public key that will be used to encrypt the file. In this case, we are selecting the key “John Doe” from the key ring.

Now suppose that I wanted to encrypt a file with my own key, and keep the file for myself. Then I would write the following:

gpg --out mysecretfile --recipient “Kalyani Raj” --encrypt “mysecretfile.txt”

In this case, I’m using my own public key from the key ring to encrypt the file called mysecretfile.txt. Since I’m using my own public key to encrypt the file, only my private key can decrypt it.

Decrypt a file

In order for John Doe to decrypt the message created and sent to him in the previous section, he must use his own private key. So, John Doe would write:

gpg --out decryptedmessage --decrypt ForJohnDoe

The latter will open up a prompt which will ask him for his passphrase so that the private key can be accessed. John Doe will have to enter his passphrase and subsequently, open the decrypted message.

Please remember that the order in which you write these will matter for gpg. If you write the –out switch after the –decrypt switch, it’ll throw an error.

GPG or GnuPG is a very good tool that is used on Linux systems to encrypt/decrypt valuables (e: files, partitions, etc…). GPG comes installed by default on Linux, and is by far one of the easiest tools available for use. Keeping files safe has never been easier!

Happy Coding!

FAQs

What is GnuPG?

GPG is a tool on Linux used for encryption and decryption data and communications.

What can you encrypt/decrypt with GnuPG or GPG?

Many a thing can be encrypted – files, partitions, volumes, network connections, zip files, backups, etc…

Which key in a key pair do you share?

In a key pair, you have a public key, and a private key. The public key can be shared with anyone, even put on a website! But the private key must be under lock and key, and secret at all times!

How do you generate a key pair?

The fist step in any encryption process is to generate the key pair, and the key ring. In order to generate a key pair in full, type:

gpg –full-generate-key

Can you import other’s public keys into your key ring?

Yes. You can definitely import another person’s public key into your key ring. This can be done via the gpg –import [key file] command.