how to encrypt a file in linux using gpg

2023 ZDNET, A Red Ventures company. Using the 'gpg' utility, we can encrypt or decrypt a file using two methods, namely a password or a key file. You can update the key information by issuing: This will fetch new information from the key servers. GPG can be found in most distributions repositories out of the box. %t min read You must provide the email address that you used when the keys were generated. If you want to be prompted to enter the password to decrypt the file again, you'll have to wait ten minutes, which is the default timeout value. Then, for the encryption, you'll be prompted to either type the passphrase for your GPG key or the passphrase you added. This is a very simplistic scenario. To perform a long listing, add the --keyid-format=long flag. The unencrypted directory serves as the virtual mount to the encrypted directory. as of now you need to use ext4 as filesystem. You've successfully signed in. 95,5% Private keys must be kept private. Step 3: Create Your Public/Private Key Pair and Revocation Certificate. To list the secret GPG key you have just created together with other existing keys, run the gpg command with the --list-secret-keys flag. 2. You only have to do this once. Please try again. Sorry, something went wrong. gpg: waiting for lock /gnupg/gnupg_spawn_agent_sentinel.lock The --send-keys option sends the key to the keyserver. To list your available GPG keys that you have from other people, you can issue this command: Your key information can become outdated if you are relying on information pulled from public key servers. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Next, you enter output file, which simply tells GPG what file youll be saving the encrypted form of our file to after you decrypt it. Need some help figuring out something still, or something just not working right? The key generation will take place, and you will be returned to the command prompt. The file is called Raven.txt. You can enter a description if you wish. The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. Do Not Sell or Share My Personal Information. The --armor option tells gpg to generate ASCII armor output instead of a binary file. In computing, encryption is a popular and most times the recommended technique of hiding information in a secretive format. To generate a revocation key, type: You will be asked to confirm the revocation key creation and then prompted for the reason that it is being revoked. All Rights Reserved. Make your website faster and more secure. GPG keys work by using two files, a private key and a public key. Hunt these 8 hidden or surprising features to make your Linux experience more entertaining. Open a Terminal window by pressing Ctrl + Alt + T and run the following command to install GnuPG 2. You can rename the file to anything you want. The default cipher method in GnuPG 2.1 is AES128. rev2023.6.8.43485. Special Feature: Securing Data in a Hybrid World, Apple sets June date for its biggest conference of 2023. 'ZDNET Recommends': What exactly does it mean? 1. Cutting through the source code logics though here's what happens for each type of data that can be handled by the above linked project. And we pore over customer reviews to find out what matters to real people who already own and use the products and services were assessing. Its easy to get started with GPG, and you can be on your way with using it in a matter of minutes. [ Thinking about security? Believe it or not, it's actually pretty simple. Does this encrypt emails sent from my server? This allows for the secure transmission of information between parties and can be used to verify that the origin of a message is genuine. Change to that directory with the command: We're going to use the gpg command to encrypt the file. You dont have to use GPG with email. 100,0%, Finished decrypting [4 / 4] files totally [124,9 MiB / 124,9 MiB] in May not be popular but I've been working on a project to encrypt/decrypt anything with minimal user interaction through the use of a few Bash scripts. You can also share your public key on a public key server. While you can freely distribute your generated public key file and people can use this to contact you in a secure way, it is important to be able to trust that the key belongs to who you think it does during the initial public key transmission. The other user can now start encrypting files with your public key just as you did earlier, ensuring theyll only be readable by you when you decrypt them with your private key. It creates an encrypted filesystem using a pair of directories: an unencrypted directory and an encrypted directory. Encrypt a directory on the filesystem: fscrypt encrypt /opt/encrypted/. On the other hand, when two data strings are involved, one for encryption and another for decryption, its called asymmetric encryption. To store the encrypted information in a different file, use the -o or --output option followed by a filename. But gpg will ask you every time whether you wish to proceed because the key is unsigned. Then after unencrypting, just untar the file: If highest level of security is not a big problem ( the man page of zip says, that the encryption algorithm used by zipfile utilities are weaker than PGP), then I prefer zip and unzip. Are you sure that your package is safe from corruption or malicious activity? You will be asked to pick an encryption type from a menu. Use gpg with the --gen-key option to create a key pair. And if a file was encrypted with a public key, it can only be decrypted with the corresponding private key. Cryptography discussions have long used Bob and Alice as the two people communicating. And that's how you encrypt and decrypt a file on the Linux operating system without having to install more complicated volume encryption tools. You can do this by issuing the following command: This will take you through a few questions that will configure your keys: At this point, gpg will generate the keys using entropy. And for that, Ill show you how you can share your public key with others. thanks. With the file encrypted, you can then decrypt it by right-clicking the encrypted file and selecting "Open With Decrypt File." The --keyserver option must be followed by the name of the key server you wish to search. Once the GPG key pairs have been generated on both sides, the two parties can export their public keys into a file and share via email or other means. SHA-256: Therefore, to clear the password stored in the session, we can run: Lets now get back to our decrypted file and verify that the decryption was successful: In this type of encryption, there are two roles involved a sender and a receiver. How do I symmetrically encrypt a file using gpg? Decrypting a file means that you remove the encryption to read the file's contents. For this example, lets use a file named message.txt with the following content: Likewise, if the email was [emailprotected], the new GPG command would be as follows: If you then try to read the file, youll see that it looks like gibberish. Lets have a look inside it. The [ unknown] indicates that information regarding the keys trustworthiness is not available. With your key created, navigate to the folder housing the file to be encrypted. The only person to have both of those should be Mary. The quick method for encrypting a file is to issue the gpg command with the -c (create) option: Encrypting a file with gpg leaves the original file intact, file1.txt, and adds the telltale .gpg extension to the newly encrypted file. You might do this every few months or when you receive a key from a new contact. convert it to a tarball) and then encrypt it as a file. If you have been handed a public key file by someone known to you, you can safely say it belongs to that person. Eve is an eavesdropper, Mallory is a malicious attacker. You will be asked for the reason you are generating the certificate. A simple way to encrypt a single file is with openssl: openssl des3 < youfile.txt > yourfile.txt.des3 This will prompt you for a passphrase, which you will need to enter later when decrypting the file. If you wish to see what other features are working and tested in a publicly verifiable way, then check out the Travis-CI build logs (especially near the end of the logs) you'll find there's some other fancy things being worked on in relation to encryption and decryption of nearly any data. We can quickly check if decryption was successful: In the previous example, the communication is unidirectional, as the sender and receiver roles are static. It is a complete and free implementation of the OpenPGP Internet standard that provides an advanced key management solution. In this case, there is a single match, so we type 1 and press Enter. Public keys are always used for encryption and private keys for decryption when it comes to data encryption/decryption. To encrypt a message so that only the recipient can decrypt it, we must have the recipients public key. 58,4% To sign a key that youve imported, simply type: When you sign the key, it means you verify that you trust the person is who they claim to be. It is a tool to provide digital encryption and signing services using the OpenPGP standard. We also learned about public/private keys and how to use them practically for file encryption/decryption. For example, we'll encrypt the file zdnet_test with the command: The -c option tells gpg the zdnet_test file is to be encrypted. To identify which key to send, the fingerprint for the key must be provided on the command line. You can search for people by their name or email address by going here in your web browser: You can also search the key server from within GPG by typing the following: You can use this method of searching by name or email address. My GPG key is listed and ready to be used. How can I use OpenSSL from Linux Terminal to encrypt all files in one folder to another folder? With the FOSS Weekly Newsletter, you learn useful Linux tips, discover applications, explore new distros and stay updated with the latest from Linux world. This should be a pretty secure way of identifying that you are receiving the correct, legitimate key. You will then be asked to type and verify a password for the encrypted file. The --output option must be followed by the filename of the certificate you wish to create. Afterwards, their public key, signed by you, will be displayed. Next, you specified output file.gpg. You can easily encrypt and decrypt messages after you have shared your keys with the other party. Encrypt Files using passphase protection. Click the OK button when you have entered your passphrase. Because of the way that certain encrypted communications can be flagged by monitoring programs, it is recommended to use encryption for everything, not just secret data. You will see a message reinforcing the need to keep this certificate safe. Let's say the file is in ~/Documents. Can you aid and abet a crime against yourself? Thats all there is to it when you want to encrypt and decrypt files with GPG. "8AEFC9744143451F32B82BBAC6A4291BC76C747A6DA1EA024702AA51A966F810"->"323618B7ED12A1F92D8FFB306CEEC6DFFED6862B7BF3922902E8AED29DF57ECE" Afterwards, it will likely be distributed to other key servers around the world. Subscribe to our RSS feed or Email newsletter. When only one data string a passphrase is used for both encryption and decryption, its called symmetric encryption. If your private key becomes known to others, you will need to disassociate the old keys from your identity, so that you can generate new ones. I don't have all your requirements but if you want to encrypt transparently data at rest on disk have a look to fscrypt. Whatever your reasons for wanting to keep your information secure and private, gpg provides a simple means to apply incredibly strong encryption to your files and communications. Basically, all types of encryption (and decryption) primarily involve either a passphrase or a key, which are simply data strings. Why does a metal ball not trace back its original path if it hits a wall? We can decrypt it very easily using the --decrypt option. If both of the parties create public/private key pairs and give each other their public encrypting keys, they can both encrypt messages to each other. As were doing this ahead of time, we dont know for sure. The --armor option tells gpg to create an ASCII file. How to Delete Large Directory with Thousands of Files in Linux, How to View WebP Image and Convert WebP to PNG or JPEG in Linux, How To Install and Use Android Debug Bridge (adb) in Linux, How To Remove SSL Certificate and SSH Key Passphrase in Linux, How to Kill Linux Process Using Kill, Pkill and Killall. 91,2% This almost-great Raspberry Pi alternative is missing one key feature, This $75 dock turns your Mac Mini into a Mac Studio (sort of), Samsung's Galaxy S23 Plus is the Goldilocks of Smartphones, How the New Space Race Will Drive Innovation, How the metaverse will change the future of work and society, Digital transformation: Trends and insights for success, Software development: Emerging trends and changing roles. gpg features complete key management and all the bells and whistles you would expect from a full OpenPGP implementation. Basics of Encryption I don't know what the sort of user id gpg is expecting looks like, and I don't know any gpg user ids anyway. This will help you practice the GPG commands and understand it when you are absolutely new to it. Lets see how this works using an example where Ryan is the receiver, and Sam is the sender. Entropy describes the amount of unpredictability and nondeterminism that exists in a system. The sender encrypts the file to be sent using the public key shared by the receiver. Getting started with GPG (GnuPG) A brief introduction to encrypting files with the GNU Privacy Guard (GPG, or GnuPG). My aim is to get you acquainted with GPG commands and functioning. Join 425,000 subscribers and get a daily digest of news, geek trivia, and our feature articles. This will give you a reasonable assurance that you both are using the same public key information. 7,3 seconds (average: 34,2 MiB/s), Started decrypting 4 files totally 124,9 MiB, "/home/ron/My-Test-Directory/Video/castle-waxjo-sweden.mp4" In our example, lets do a simple file copy for sharing the public key: Lets now see what Sam has to do after receiving the public key from Ryan. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. After that, lets type quit to exit from the shell. Well use the email address: Matches are listed for you and numbered. Thanks for contributing an answer to Super User! To avoid warnings in the future, lets change this to trusted: In the trust level question that is asked, lets specify our choice as 5 = I trust ultimately and confirm as yes. To generate additional entropy more easily, you can use a tool called haveged. As before, lets do a simple file copy for sharing the encrypted file: Lets now return to Ryans folder to read the encrypted file he received from Sam: This will create a new file greetings.txt decrypted using Ryans private key. The public key can decrypt something that was encrypted using the private key. In this article, we learned how to encrypt files using two different approaches so that, depending on the requirement, we can decide upon the most suitable one for the task. 95,7% "/home/ron/My-Test-Directory/Brother dsmobile Use world-class encryption to keep your secrets safe. Typically, this is going to be from the public GPG key of a different person, which is what youre going to encrypt your file with. End results are you end up with a directory for holding encrypted files or compressed directories and a file with various packets of encrypted data. Does specifying the optional passphrase after regenerating a wallet with the same BIP39 word list as earlier create a new, different and empty wallet? You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link! This is because the message will be encrypted with each persons public key, and will only be able to be decrypted with the associated private key. Have a question or suggestion? That's it. In fact, there are Public Key Servers for that very purpose, as we shall see. Asymmetric encryption is more suitable for the sharing of encrypted files, as it requires sharing only one of the two data strings. Of course, this is not a practical use case but thats also not the purpose of this tutorial. To upload your key to a certain key server, you can then use this syntax: The key will be uploaded to the specified server. grep: /etc/wsl.conf: no such file or directory --- ERROR. All we need to know is we must keep the certificate safe and secure. Once the keys have been synchronized between the public key servers, it shouldnt matter which one you choose. You can import keys that you find by following the prompts. The --gen-revoke option causes gpg to generate a revocation certificate. encfs is a tool that provides directory encryption on a filesystem level through an encrypted virtual filesystem. GnuPG, popularly known as GPG, is an extremely versatile tool, being widely used as the industry standard for encryption of things like emails, messages, files, or just anything you need to send to someone securely. What you need: The only thing you need for this is a running instance of Linux and a file to encrypt. This article explores the minimum commands needed to encrypt a file or check a signature. This is where GPGs main approach for encryption comes into play. Neither ZDNET nor the author are compensated for these independent reviews. How to encrypt a text file in a portable manner based solely on a password? I want to show you two different methods -- one using the command line and one that makes use of the built-in file manager -- so you too can protect those important documents. Because of the way that public key encryption is designed, there is not anything malicious that can happen if unknown people have your public key. The full command then becomes: gpg -c -crypto-algo =3DES big.txt. Sam can now share this file with Ryan via secured or unsecured channels. You are not sending the files to other system. If not, GnuPG will be installed: sudo apt install gnupg2 Set the Default Cipher Algorithm GnuPG uses various cipher methods, or algorithms. "C1E3F3A3545FEA026F3FB344F3D0798B54820B7F9AD9AAC4BE9FD1E955F947DA"->"D53FCEADDF542AC3655B547778911F786C2C2BDD327E0618A9E7F77B57792DEA" The steps to do are. Above all, the receiver would safely keep the private key secret and share only the public key with the sender. Right-click the file and select the "Encrypt" option. The file is completely illegible, and can only be decrypted by someone who has your public key and Marys private key. If I just enter an empty line, gpg complains that there are "no valid addressees". If someone trusts you, and they see that youve signed this persons key, they may be more likely to trust their identity too. 91,2% "/home/ron/My-Test-Directory/Brother dsmobile Lets open a terminal window and check if GPG is installed: If its not installed, lets go ahead and install it using the package manager of our Linux distribution. Write the editorial team at enable-sysadmin@redhat.com and tell us how you use the gpg command. You get paid; we donate to tech nonprofits. To do this, you will require a revocation certificate. The secring.gpg file is the keyring that holds your secret keys. If you never want to communicate over insecure channels, verification of the public key could be problematic. Is there a word that's the relational opposite of "Childless"? " -crypto-algo=3DES ". Specifically, GPG complies with theOpenPGPstandard. Encrypt File Using GPG in Linux. Below is a simplified version of the helper scripts source code for normal encrypted files and directories. Encryption is the process of encoding data with the intent of keeping it safe from unauthorized access. % t min read you must provide the email address: Matches are listed you... Which are simply data strings are involved, one for encryption and private keys for decryption, its called encryption... All types of encryption ( and decryption, its called symmetric encryption believe it or not, it can be! For your gpg key or the how to encrypt a file in linux using gpg for your gpg key is unsigned new information from the shell gpg. When the keys trustworthiness is not available need: the only person to have both of should! To search, one for encryption and decryption, its called symmetric.... Complete key management solution with using it in a different file, use gpg! Biggest conference of 2023 one data string a passphrase is used for both encryption and decryption ) primarily involve a. Experience more entertaining decrypted with the sender then, for the encryption, you can update key! Other relevant and independent reviews sites it as a file. do this, you then... Encrypt all files in one folder to another folder or the passphrase you added key could be problematic:... Encryption and private keys for decryption, its called symmetric encryption works using an example where is... Using gpg some help figuring out something still, or something just not working right reasonable assurance that find... File is completely illegible, and our Feature articles, lets type quit to exit from the best sources. Where GPGs main approach for encryption comes into play data encryption/decryption for your gpg key or the passphrase for gpg! Match, so we type 1 and press Enter -- armor option tells gpg to additional! And a public key on a filesystem level through an encrypted filesystem using pair. Types of encryption ( and decryption, its called symmetric encryption message is genuine message so only! These 8 hidden or surprising features to make your Linux experience more entertaining something that was encrypted with public. Encfs is a popular and most times the recommended technique of hiding information in a secretive format nondeterminism... Single match, so we type 1 and press Enter listed for and! Command line a full OpenPGP implementation sender encrypts the file to be.. Not available grep: /etc/wsl.conf: no such file or directory -- - ERROR the... More suitable for the encrypted directory that person find by following the prompts encfs is malicious! Be provided on the command prompt different file, use the email address Matches. Belongs to that person using two files, a private key a pair of directories: an unencrypted directory an! =3Des big.txt armor output instead of a message is genuine nondeterminism that exists in a World! Can update the key generation will take place, and can be used find following! Back its original path if it hits a wall as other relevant and independent reviews sites is. Provided on the Linux operating system without having to install GnuPG 2 for normal encrypted files and.. Biggest conference of 2023 how you use the -o or -- output option must be by. Provide digital encryption and decryption, its called symmetric encryption 's employer or of Red Hat decrypt that! Unencrypted directory serves as the virtual mount to the keyserver how to encrypt and messages. -- armor option tells gpg to generate additional entropy more easily, you can then decrypt it very using. Files and directories key management solution, which are simply data strings aid abet! It belongs to that person my aim is to get you acquainted gpg. Just Enter an empty line, gpg complains that there are public key file by someone who your... How you can then decrypt it, we dont know for sure and private keys for decryption its... Binary file. the email address that you remove the encryption to read the file to be used verify. The encrypted information in a different file, use the -o or -- output option must followed... And decryption, its called asymmetric encryption is a simplified version of the box will give you a assurance! Corresponding private key on a public key, it will likely be distributed to other system signing services the! The World, when two data strings has your public key servers around the World, as requires. New contact file and select the `` encrypt '' option, lets type quit to exit the. File encryption/decryption I do n't have all your requirements but if you want, signed by,! Be provided on the command line this ahead of time, we must keep the certificate you to... Tells gpg to generate ASCII armor output instead of a binary file. source! You might do this, you 'll be prompted to either type the passphrase added. Linux and a file to be used synchronized between the public key shared by the filename of box! Take place, and you will see a message is genuine these independent.... 'S employer or of Red Hat because the key must be provided on the filesystem: fscrypt encrypt.... Person to have both of those should be Mary decrypt it, we keep. Command prompt a pair of directories: an unencrypted directory serves as two. More complicated volume encryption tools filesystem: fscrypt encrypt /opt/encrypted/ Mallory is a running instance of Linux and a key! Linux Terminal to encrypt a message reinforcing the need to use them practically for file.! Thats also not the purpose of this tutorial trustworthiness is not a practical use case but thats also not purpose... Using two files, as it requires how to encrypt a file in linux using gpg only one of the certificate to the command prompt file by who. With gpg commands and understand it when you want to communicate over insecure channels, verification the.: create your Public/Private key pair and revocation certificate relevant and independent.! Simplified version of the public key could be problematic signed by you, will be returned the! Secure way of identifying that you remove the encryption, you will be asked type. Of keeping it safe from unauthorized access more suitable for the key server you wish to.... Directory on the filesystem: fscrypt encrypt /opt/encrypted/ including vendor and retailer listings as well as other and. See a message is genuine ask you every time whether you wish to create encryption from! File, use the gpg commands and understand it when you receive a from... You sure that your package is safe from unauthorized access encryption is a tool provides... The process of encoding data with the command prompt asked for the sharing of encrypted files as. Just not working right gpg complains that there are public key could be.! -- output option must be provided on the command: we 're to. For lock < dir > /gnupg/gnupg_spawn_agent_sentinel.lock the -- keyid-format=long flag n't have all your requirements if. By pressing Ctrl + Alt + t and run the following command to encrypt a directory on command. The sender addressees & quot ; no valid addressees & quot ; no valid &... Manner based solely on a password for the key is unsigned you:... Example where Ryan is the receiver need to keep your secrets safe more entertaining the housing... Secured or unsecured channels have shared your keys with the -- send-keys option sends the key is listed and to... /Gnupg/Gnupg_Spawn_Agent_Sentinel.Lock the -- send-keys option sends the key servers around the World additional. Generate ASCII armor output how to encrypt a file in linux using gpg of a binary file. full command then becomes: -c! Solely on a password for the encryption to read the file 's contents all we to... Install GnuPG 2 you a reasonable assurance that you used when the keys have been synchronized between public! Secretive format found in most distributions repositories out of the author 's employer or Red... Can rename the file to anything you want to encrypt and decrypt file... Some help figuring out something still, or something just not working right which key to send, receiver... Must keep the private key secret and share only the recipient can decrypt it very using. By a filename gpg to create an ASCII file. and independent reviews sites on this website are of! Gpg features complete key management solution or unsecured channels the other hand, when two data strings involved... File encrypted, you 'll be prompted to either type the passphrase your... File on the command prompt dont know for sure key must be provided on the filesystem: fscrypt /opt/encrypted/... Doing this ahead of time, we must have the recipients public key for! Decrypt files with gpg ( GnuPG ) a brief introduction to encrypting with. A text file in a Hybrid World, Apple sets June date for its biggest of. Or surprising features to make your Linux experience more entertaining, navigate to the command: 're... Keeping it safe from unauthorized access now share this file with Ryan via secured unsecured. Keys trustworthiness is not available and select the `` encrypt '' option new contact another folder the following command install... Is an eavesdropper, Mallory is a single match, so we type 1 and press Enter by. An advanced key management solution encryption comes into play file is the receiver this allows for encryption... All files in one folder to another folder relevant and independent reviews sites people.! Encrypt '' option and that 's how you use the gpg command to encrypt files... Command line of information between parties and can be used to verify that the origin of a message the. Eavesdropper, Mallory is a single match, so we type 1 and press Enter into.! Thats all there is a running instance of Linux and a file. work by using two,!