How to encrypt a file with gpg on Linux and then decrypt it later.

The gpg utility for Linux is used to create public and private key pairs to encrypt files for secure transmission over the Internet.

To initialize this utility; run this command.

homer@deusexmachina ~ $ gpg --gen-key
gpg (GnuPG) 1.4.14; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
 
gpg: directory `/home/homer/.gnupg' created
gpg: new configuration file `/home/homer/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/homer/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/homer/.gnupg/secring.gpg' created
gpg: keyring `/home/homer/.gnupg/pubring.gpg' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 4y
Key expires at Mon 02 Apr 2018 19:14:45 EST
Is this correct? (y/N) y
 
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and E-mail Address in this form:
    "Heinrich Heine (Der Dichter) <[email protected]>"
 
Real name: John Cartwright
E-mail address: [email protected]@gmail.com
Not a valid e-mail address
E-mail address: [email protected]
Comment: 
You selected this USER-ID:
    "John Cartwright &lt;[email protected]&gt;"
 
Change (N)ame, (C)omment, (E)-mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
 
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, use the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
 
Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy!  (Need 235 more bytes)
...+++++
..............+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, use the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.......+++++
..........+++++
gpg: /home/homer/.gnupg/trustdb.gpg: trustdb created
gpg: key DBEF7849 marked as ultimately trusted
public and secret key created and signed.
 
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2018-04-02
pub   4096R/DBEF7849 2014-04-03 [expires: 2018-04-02]
      Key fingerprint = 6668 2347 5ADF 7577 F09C  B7BF 8B1F 1877 DBEF 7849
uid                  John Cartwright &lt;[email protected]&gt;
sub   4096R/7ED8DC5A 2014-04-03 [expires: 2018-04-02]

Then you may encrypt a file using your keys.

homer@deusexmachina ~/Documents $ gpg --encrypt-file doom02.png 
You did not specify a user ID. (you may use "-r")
 
Current recipients:
 
Enter the user ID.  End with an empty line: John Cartwright
 
Current recipients:
4096R/7ED8DC5A 2014-04-03 "John Cartwright &lt;[email protected]&gt;"

Now we have two files, the original and an encrypted file. This is using 4096 bit RSA encryption, so this would be extremely hard to break.

homer@deusexmachina ~/Documents $ ls -hula doom02*
-rw-r--r-- 1 homer homer 3.0M Apr  3 20:37 doom02.png
-rw-r--r-- 1 homer homer 3.0M Apr  3 20:37 doom02.png.gpg

Now use this command to decrypt the file.

homer@deusexmachina ~/Documents $ gpg --decrypt-file doom02.png.gpg 
 
You need a passphrase to unlock the secret key for
user: "John Cartwright &lt;[email protected]&gt;"
4096-bit RSA key, ID 7ED8DC5A, created 2014-04-03 (main key ID DBEF7849)
 
gpg: encrypted with 4096-bit RSA key, ID 7ED8DC5A, created 2014-04-03
      "John Cartwright &lt;[email protected]&gt;"
File `doom02.png' exists. Overwrite? (y/N) y

That is how simple this is. You need a lot of computer activity to generate some entropy, I just played Community Chest 4 MAP32 “Mutare”, that did the job.

No comments have been made. Use this form to start the conversation :)

Leave a Reply