Linux makes it easy to encrypt and decrypt files using the “gpg” utility that’s included by default in just about every installation. The package is an open source implementation of a tool previously used by Symantec, and which has even received a chunk of funding from the German government.
In this article, I’ll show you a few quick commands to easily encrypt a file using a passphrase.
“GNU Privacy Guard” is the full form of “gpg“, and you can get started with encrypting files immediately. In this screenshot for example, I have a sample file with some random content:
I can encrypt it using the following command:
gpg -c myfile.txt
This will open up a dialogue box asking for a password. Once you enter the password, you’ll be asked to retype it again to confirm:
This contains the encrypted data. You can verify this by opening it and taking a look at the contents as shown above. The output is nothing but junk.
What to Do with the Encrypted File?
Once you have both the original and the encrypted file, you have two options:
- Either delete the original from your hard disk
- Mail the encrypted file to someone else
The first is so that you can hide sensitive data on your own personal system. The second option is to be able to send someone the encrypted version of the file in a secure manner without anyone looking at it. It’s a great way to share sensitive information.
You need to communicate the passphrase that you generated in the first step. This can be over an unrelated medium like the phone for example. Obviously you don’t want to use the same channel over which you send the encrypted file!
Decrypting the File
Once you have the encrypted file in your hands, it’s time to decrypt it. You can do this using the following command:
gpg -d myfile.text.gpg
However, if you run this command on your own system immediately after encrypting the file, gpg won’t ask you for the password and the contents will be displayed on the screen like this:
This is because the “gpg-agent” process has cached the password you just used and won’t ask you for it again in a certain time frame. We can temporarily bypass this by reloading the agent like this:
echo RELOADAGENT | gpg-connect-agent
This time, it asks you for the password when you try and decrypt:
You can make behavior permanent by editing this file:
And adding the following lines:
This sets the expiry of the cache to 1 second.
Note that the decryption dumps the file data onto the screen. If you want, you can send the output to a file using the “-o” parameter as shown here:
gpg -o newfile.txt -d myfile.txt.gpg
Using More Secure Encryption Methods
In the screenshots above, you might have noticed the following message while decrypting:
WARNING: Message was not integrity protected
This means that gpg cannot be sure that the encrypted file has not been tampered with. It’s because by default, gpg uses an older CAST5 encryption protocol. However, newer encryption methods have since been devised that protect against file tampering. The AES protocol for example, is much more secure.
We can force gpg to use 256-bit AES encryption with the following parameter:
So the encryption command becomes:
gpg --cipher-algo AES256 -c myfile.txt
This time when we decrypt, we no longer get the warning:
Even more secure would be to sign the file with your keypair. But that’s for another tutorial!
This post is a Guest from Jeff Wilson from Linux Host Support
If anyone of readers want to share a guest post, he can also do via link Guest-posting Link . Stay connected for more updates coming up next. This one was well 99th post of our blog, We will be starting something new from our 100th post , so stay connected and keep checking.