Do you intend to secure your sensitive data or even want to send your important information to a friend safely? Then you need to encrypt the data to keep them secure from unauthorized people.
Intention
I regularly create backups from my sensitive information and move them to an external disk drive or cloud to save the space on my laptop. Also sometimes I need to keep a bunch of personal files on the company’s laptop for later use and need to be sure my personal information always remains personal! Furthermore, it is happened to send some personal information to a friend, or company by email, or other sending methods, and my concerns were how to keep them secure. The best solution to all of these requirements is data encryption.
There are many different encryptions solutions based on the requirements, the level of desired security, or the accessible and available tools. So to encrypt your data in a simple way, I am going to talk here about the most used encryption tool on the Linux platform: GnuPG or GPG. In Linux, it is a part of the default GNU package and comes preinstalled and also has the most secure encryption algorithms at work. It is available for Windows or Mac OS as well.
For quick access, these are the main use cases I’ll cover in this quick manual:
Keep Data Safe by Encryption
The simplest requirement for securing the data is to make a file accessible only for authorized people. In other words, for the users that have a password in hand! GPG introduces its symmetric encryption method to solve the problem. In this method, GPG encrypts the file by using a passphrase, and then for decryption, it needs again the same passphrase to restore the information.
To encrypt a file, use the following command:
gpg --symmetric sensitive-information.txt
or
gpg -c sensitive-information.txt
Then GPG will ask you a passphrase twice and generates the encrypted file with the same name and .gpg
extension.
To decrypt a file, use the following command:
gpg --output sensitive-information.txt --decrypt sensitive-information.txt.gpg
Then GPG will ask you for the same passphrase which you had used in the encryption phase to decrypt the file.
Note: If you are using a company computer that GPG is configured on it, you can still use the above command independently to encrypt/decrypt your files by your own passphrase.
Transfer Data Safe by Encryption
In some other cases, we probably need to transfer sensitive information to someone else by email, movable media like flashcards, or an instant messenger application. So, we can still use the symmetric encryption as shown above to encrypt the file before sending, though we will face a problem here: what about the passphrase? Definitely, our audience in the target needs the same passphrase to encrypt the file and the problem is how to transfer the passphrase safely!
This is when the asymmetric cryptography takes into account. In this method instead of a passphrase, each party uses a pair of keys that are known as public/private keys for encryption/decryption purposes. People share their own public keys and they can decrypt the content which is encrypted by their public key.
GPG supports asymmetric encryptions as well, but we need to create our pair keys first, so run the following command to create:
gpg --gen-key
GPG will ask about some configuration, default options are usually good enough. Please enter the email address that you want to use for sending the encrypted content, the keys will be labeled like this:
Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>
For keys passphrase, use something long and easily remembered by you but hard for other people and computers to guess. In the end, GPG will create the pair keys.
Note: If GPG raised an error like this:
you can open another terminal and do some operations to create enough entropy bytes for it like running the following command:
sudo find / -type f | xargs grep somerandomstring > /dev/null
To check how many entropy bytes have been generated you can run the following command and keep continue working with the system until the GPG generates the desired pair of keys:
cat /proc/sys/kernel/random/entropy_avail
It could take a few minutes before this is done.
Share Your GPG Public Key
It is necessary for the sender, to have access to the recipient’s public key. The sender should encrypt the information by using the recipient’s public key. To generate the public key files for sharing run the following command:
gpg --armor --output public-key.asc --export your-registered-email-address@domain.com
Then you can simply share the mypubkey.asc
file with the other parties. Alternatively, you can export/import your public keys to the public key servers by commands like gpg --send-keys
and gpg --import
.
When you received the recipient’s public key file, it should be imported to your system by:
gpg --import public-key.asc
Encryption
To encrypt the file using the recipient’s email ID (public key), run the following command:
gpg --output sensitive-info.txt.gpg --encrypt --recipient recipient-email@domain.com \ sensitive-info.txt
Decryption
To decrypt the file in the recipient side:
gpg --output sensitive-info.txt --decrypt sensitive-info.txt.gpg
Asymmetric Cryptography Advance Features
For sure, the asymmetric cryptography provides more features than just encryption and decryption. It includes data integrity and sender verification by signing the file or a message. This also ensures that the message was not been tampered by someone else.
The sender can generate a SHA256 sum of the unencrypted file (sensitive-info.txt
) and sign that using their private key:
shasum -a 256 sensitive-info.txt | awk '{print $1}' > sensitive-info.txt.sha256sum gpg --output sensitive-info.txt.sha256sum.sig --sign sensitive-info.txt.sha256sum
Then the sender sends the file sensitive-info.txt.sha256sum.sig
to the recipient. Now the recipient can verify the signature by:
gpg --verify sensitive-info.txt.sha256sum.sig
This way the recipient can be sure about the originality and the integration of receipt data.