Summery: This articles covers how to install and use GPG encrytion in linux.

Confidentiality is one of the main concerns when it comes to IT security. We can achieve this state using Cryptography. If you are unfamiliar with the filed Cryptography, there is a really simple article that I wrote few weeks ago. You can check that out from here

In today’s article I’m going to talk about GPG Encryption in Linux. So let’s get started.

What is GPG or GNU Privacy Guard

GPG or GNU Privacy Guard is a free and open source software which you can used to encrypt, sign, decrypt your data and communications. Werner Koch is the original author of this application and now this application is developed by the GNU Project. This was written in C programming language.

Installing GPG on Linux

If your Linux distribution is deb or apt based distribution you can install GPG using the following command.

sudo apt install gnupg

If your Linux distribution is rpm or yum based distribution you can install GPG using the following command.

sudo yum install gnupg

Using the GPG Package

GPG uses a method of encryption known as public key (asymmetric) cryptography (This method is well explained in here). Therefore, we need to generate our Private and Public Keys.

Generating Keys

We can generate our public and private keys using the below command.

gpg --gen-key

Once you enter the above command it will prompt you to fill out some questions like your real name, email address etc…

Also Read: The Magic Happens Inside Your Computer Explained.

Sometimes it will take much time to generate the key. Because this process needs to generate lot of random bytes. Therefore, high entropy is needed from your system. To overcome this process, you can do some other work in your pc while the key is generating. Or you can install a package called “haveged” into your system. This package increases your system entropy and make the key generation process fast.

Exporting key to a File.

GPG Key

After generating the key, we can export the public key to a file. So that we can exchange it with anyone. Use the below command to export your key.

gpg -a –export <key-id> > <name of your key file.pub>
Exporting gpg key

Sending an exported key file to another host in your network.

You can use ssh to send and receive these key files from other machines in your network.

First of all, make sure that your pc has ssh client program installed. If not install it using the below command.

apt install openssh-client

Now start your ssh server using the below command.

/etc/init.d/ssh start

Now send the file using the below command.

scp <exported key file name> [email protected] of the receivers machine :<directory where you want send the key file>
Sending an exported gpg key file

Downloading a key file from a server (for this you need to have access to that specific server.)

scp [email protected]:<directory where the key file is located> .

Importing the Downloaded key file to our key-ring.

Once we receive the key file we need to import it t our keyring. You can do it using the below command.

gpg –import < <Name of the received key file> 

Encrypting a file

Use the below command to encrypt your files.

gpg -e -u <your key-id> -r <received key-id> <file that you need to encrypt>
Encrypting a file using gpg
GPG Encrypted file content

Decrypting a file

Use the below command to decrypt your files.

gpg –output <any name that you wish to have in your decrypted file> --decrypt <encrypted .gpg file> 
Decrypting a file in GPG
GPG Decrypted file content

Whats inside .gnupg directory

.gnupg directory

Random_seed – Contains settings that enable gpg to create random numbers

trustdb.gpg – Contains the information concerning the trust values.

pubring.gpg – Contains the public keys that you have imported

secring.gpg – Conatins the private keys of your identity.

From GnuPG 2.1 upwards they switched to a new keyring fromat. That’s why you don’t see the files pubring.gpg and secring.gpg. In new version the keys are stored in the pubring.kbx file. Another change was the merging of public and private keyrings. As a result, you want be able to see the secring.gpg file.

Inside .gnupg directory


0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *