Summery: This articles covers how to install and use GPG encrytion in linux.
Confidentiality is one of the main concerns when it comes to IT security. We can achieve this state using Cryptography. If you are unfamiliar with the filed Cryptography, there is a really simple article that I wrote few weeks ago. You can check that out from here.
In today’s article I’m going to talk about GPG Encryption in Linux. So let’s get started.
What is GPG or GNU Privacy Guard
GPG or GNU Privacy Guard is a free and open source software which you can used to encrypt, sign, decrypt your data and communications. Werner Koch is the original author of this application and now this application is developed by the GNU Project. This was written in C programming language.
Installing GPG on Linux
If your Linux distribution is deb or apt based distribution you can install GPG using the following command.
sudo apt install gnupg
If your Linux distribution is rpm or yum based distribution you can install GPG using the following command.
sudo yum install gnupg
Using the GPG Package
GPG uses a method of encryption known as public key (asymmetric) cryptography (This method is well explained in here). Therefore, we need to generate our Private and Public Keys.
We can generate our public and private keys using the below command.
Once you enter the above command it will prompt you to fill out some questions like your real name, email address etc…
Sometimes it will take much time to generate the key. Because this process needs to generate lot of random bytes. Therefore, high entropy is needed from your system. To overcome this process, you can do some other work in your pc while the key is generating. Or you can install a package called “haveged” into your system. This package increases your system entropy and make the key generation process fast.
Exporting key to a File.
After generating the key, we can export the public key to a file. So that we can exchange it with anyone. Use the below command to export your key.
gpg -a –export <key-id> > <name of your key file.pub>
Sending an exported key file to another host in your network.
You can use ssh to send and receive these key files from other machines in your network.
First of all, make sure that your pc has ssh client program installed. If not install it using the below command.
apt install openssh-client
Now start your ssh server using the below command.
Now send the file using the below command.
scp <exported key file name> [email protected] of the receivers machine :<directory where you want send the key file>
Downloading a key file from a server (for this you need to have access to that specific server.)
scp [email protected]:<directory where the key file is located> .
Importing the Downloaded key file to our key-ring.
Once we receive the key file we need to import it t our keyring. You can do it using the below command.
gpg –import < <Name of the received key file>
Encrypting a file
Use the below command to encrypt your files.
gpg -e -u <your key-id> -r <received key-id> <file that you need to encrypt>
Decrypting a file
Use the below command to decrypt your files.
gpg –output <any name that you wish to have in your decrypted file> --decrypt <encrypted .gpg file>
Whats inside .gnupg directory
Random_seed – Contains settings that enable gpg to create random numbers
trustdb.gpg – Contains the information concerning the trust values.
pubring.gpg – Contains the public keys that you have imported
secring.gpg – Conatins the private keys of your identity.
From GnuPG 2.1 upwards they switched to a new keyring fromat. That’s why you don’t see the files pubring.gpg and secring.gpg. In new version the keys are stored in the pubring.kbx file. Another change was the merging of public and private keyrings. As a result, you want be able to see the secring.gpg file.