In Linux, you keep your data in form of files. But what if the data you are storing is sensitive. How can you protect that from unauthorized access? One of the ways is encrypting the files using GPG. In this blog, I’ll tell you what GPG is and how you can use it to encrypt and decrypt files in the Linux system.
What are GPG keys
GPG stands for GNU Privacy Guard. It uses the concept of Asymmetric encryption. Let’s see how asymmetric encryption works and how is it different from Symmetric encryption which we generally use.
In Symmetric encryption, there is only one key, generally known as password, which we use to encrypt/decrypt the files. Now the problem here is, how will you share the same password over the network to the sender/receiver. This problem is solved in Asymmetric Encryption. Le’s see how.
In Asymmetric encryption, there is a pair of keys, one public and one private. The owner can share the public key with anyone whosoever wants to send the files in an encrypted format. That encrypted file is then sent back to the owner and that can only be decrypted by the corresponding private key.
GPG Use Cases
Encryption: Used to encrypt files. We can some content to someone and you don’t want anyone in the middle to read it.
Signing Commits: Helpful for proving your identity. For eg, you can use this GPG key to sign your commits in Github, to basically verify that you’re the one actually done it.
Encrypting Passwords: Very helpful if you use a command line password utility like a password manager called pass. It uses your GPG keys to handle the encryption for all your secrets you want to store in that password manager.
Install GPG
For Ubuntu/any Debian based distributions
sudo apt install gnupg
For CentOS/ RHEL based distributions
sudo yum install gnupg
Verify Installation
gpg --version
GPG Commands
Generate a new key with default configuration (Quick Key Generation)
gpg --generate-key## It will prompt you for the following# Real Name# Email Address# Passphase
Generate a new key with your own configuration (Full Key Generation)
gpg --full-generate-key## It will prompt you for the following# Key Encryption Type# Key Size# Key Expiry# Real Name# Email Address# Comment# Passphase
List all GPG public keys
gpg --list-keys
List all GPG private key pairs
gpg --list-secret-keys
Export Public Key in ASCII Format
## Output to STDOUTgpg --armor --export <email-Id>## Output to a filegpg --armor --export --output <file.txt> <email-Id>
Encrypt a file for a specific user using GPG (Using Asymmetric Encryption)
Encrypt a file using GPG (Uses Symmetric Encryption)
gpg --symmetric <file-name>## It will prompt for a password
Decrypt that encrypted file (For Both, Symmetric and Asymmetric Encryption)
gpg --decrypt <encrypted-file>
Conclusion
After reading this blog, you will now be able to understand what GPG keys are and why do we need them. I have tried covering some basic commands that are useful for a beginner, but still if you have any doubts/suggestions, you can contact me directly at[email protected].
Also, I would like to thank you for sticking to the end. If you like this blog, please do show your appreciation by giving thumbs-ups and share this blog and provide suggestions on how canI improve my future posts to suit your needs. Follow me to get updates on different technologies.
Related
I'm Yatharth Sharma, a seasoned Linux enthusiast and Studio-DevOps asymmetric encryption specialist. I have a robust background in utilizing GNU Privacy Guard (GPG) for securing sensitive data on Linux systems. Allow me to delve into the intricacies of GPG keys and their application, substantiating my expertise with practical insights.
Understanding GPG Keys:
GPG, an acronym for GNU Privacy Guard, employs asymmetric encryption. In this encryption paradigm, a pair of keys exists—public and private. Asymmetric encryption overcomes the challenge of sharing a single password over the network. The public key can be shared openly, enabling others to send encrypted files. Only the corresponding private key holder can decrypt these files.
GPG Use Cases:
Encryption: Protecting files from unauthorized access by encrypting their content.
Signing Commits: Verifying identity in platforms like GitHub by signing commits with a GPG key.
Encrypting Passwords: Used with command-line password utilities like pass to handle encryption for stored secrets.
Installing GPG:
For Debian-based distributions (e.g., Ubuntu):
sudo apt install gnupg
For CentOS/RHEL-based distributions:
sudo yum install gnupg
Verify the installation:
gpg --version
GPG Commands:
Generate a new key with default configuration (Quick Key Generation):
gpg --generate-key
Generate a new key with custom configuration (Full Key Generation):
Decrypt an encrypted file (Both Symmetric and Asymmetric Encryption):
gpg --decrypt <encrypted-file>
Conclusion:
In this blog, I've elucidated the significance of GPG keys in Linux for securing sensitive data. The provided commands cater to beginners, offering fundamental insights. For further clarification or suggestions, feel free to contact me at [email protected].
I appreciate your time and dedication in reading this blog. If you found it valuable, please express your support by giving thumbs-ups, sharing, and providing suggestions for enhancing future posts. Stay updated on various technologies by following me for regular updates.
right-click the file or folder you want to encrypt in Finder and select Services > OpenPGP: Encrypt File.
select recipients to encrypt the message with their public keys - if you only want to encrypt for yourself you need to tick the Add to Recipients option in the Your Key: section.
The grain per gallon (gpg) is a unit of water hardness defined as 1 grain (64.8 milligrams) of calcium carbonate dissolved in 1 US gallon of water (3.785412 L). It translates into 1 part in about 58,000 parts of water or 17.1 parts per million (ppm). Also called Clark degree (in terms of an imperial gallon).
PGP stand for Pretty Good Privacy. GPG stands for GNU privacy Guard. Both of these programs are used to encrypt and decrypt data, messages, and emails. The difference between the two is that GPG is open-sourced where PGP is not.
How encryption works. Encryption works by encoding “plaintext” into “ciphertext,” typically through the use of cryptographic mathematical models known as algorithms. To decode the data back to plaintext requires the use of a decryption key, a string of numbers or a password also created by an algorithm.
Examining the storage medium or file properties lets you check if your data is encrypted. Encrypted data appears unreadable gibberish, making it inaccessible without the appropriate decryption key. Data encryption, in its simplest sense, is changing data into a code to avoid unauthorized access.
The -d option tells OpenSSL to decrypt the file, and the -k option specifies the password that was used to encrypt the file. It is important to note that the password used to encrypt the file is the only way to decrypt it, so it is important to choose a strong password and keep it safe.
PGP Tool is a free and a very user-friendly OpenPGP desktop application. This application: Allows you to encrypt / decrypt PGP files; Remembers each operation parameters and suggest same parameters when appropriate; Helps you to avoid leaving sensitive data in un-encrypted state.
GPG uses public key encryption. You can use someone's public key to encrypt a message or document, in a way that only the owner of the corresponding private key will be able to decrypt.
PGP uses a passphrase to encrypt your private key on your machine. Your private key is encrypted on your disk using a hash of your passphrase as the secret key. You use the passphrase to decrypt and use your private key. A passphrase should be hard for you to forget and difficult for others to guess.
Within the folder where you would like to enable GPG decryption, click on the Folder Settings button. Expand the GPG encryption/decryption section. Select the Yes, use GPG decryption on all files in this folder and its sub-folders option. Within the Auto decryption section, enter a file suffix into the Suffix text box.
You cannot encrypt multiple files with a single gpg command. However, you could tar them all into an archive and then encrypt the result. See this similar question on the UNIX site for more info. In any case, you will need to list the files you want to include.
GPG provides a secure environment for data communication. Its key features include public-key cryptography, a reliable key management system, and compatibility with other encryption standards.
Both must have the key; the sender encrypts the message by using the key, and the receiver decrypts the message with the same key. Both the sender and receiver must keep the key private to keep their communication private.
Hobby: Reading, Ice skating, Foraging, BASE jumping, Hiking, Skateboarding, Kayaking
Introduction: My name is Cheryll Lueilwitz, I am a sparkling, clean, super, lucky, joyous, outstanding, lucky person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.