Jump to content
  • Linux: Secure Yourself With GnuPG on Linux

    aum

    • 275 views
    • 6 minutes
     Share


    • 275 views
    • 6 minutes

    With a versatile key management system and access to several public key directories, GPG is a must-have for security-minded Linux users.

     

    GnuPG (aka GNU Privacy Guard) is a free, open source replacement for Symantec’s PGP suite that allows you to encrypt and sign data security. With GnuPG, you can protect files on your local system and even communications with third parties. With a versatile key management system and access to several public key directories, GPG is a must-have for security-minded Linux users.

     

    GnuPG can be used from the command line and is supported by email apps such as Thunderbird. For anyone who needs to encrypt and sign data on Linux, GnuPG is the way to go.

     

    Let’s dive into this tool and see how you can use it to enhance the security and privacy of the data on your Linux systems. GnuPG is also available for other platforms (such as macOS and Windows) but I’ll limit this discussion to Linux only.


    Why Do You Need GPG?

     

    Using GPG ensures the secure transmission of information between parties and offers the ability to encrypt/decrypt files stored on local drives. By using this tool, the information contained within files and emails cannot be read by just anyone.

     

    Of course, GPG uses key pairs to function. Those pairs consist of a public and private key. The private key is retained on your desktop or server and should never leave those machines (or be shared with anyone). The public key is intended to be shared with whoever needs to be able to decrypt your messages.

     

    When using GPG with email, the process looks like this:

     

    1.     The sender sends a public key to the receiver.
    2.     The receiver sends a public key to the sender.
    3.     The sender encrypts a message to the receiver with the receiver’s public key.
    4.     The receiver receives the message and decrypts it with their private key.

     

    Without the private key, the message cannot be decrypted.

     

    The same thing holds true with local files. You can encrypt a file with GPG, using your keypair. When it comes time to decrypt the file, you’ll run the decryption command and, upon successfully typing the password associated with your key, the file will be accessible.

    With that introduction out of the way, let’s see how this is implemented on Linux.


    Install GPG

     

    The first thing to do is install GPG. Since GNU PG can be found in the standard repositories of most Linux distributions, the installation is quite simple.

     

    For example, on Ubuntu, the installation command is:


    sudo apt-get install gnupg -y
       
    If you’re using a Fedora-based distribution, the command would be:


    sudo dnf install gnupg -y


    You might find that GPG is already installed on your machine. If so, huzzah! One less step to take.


    Creating Your First Key Pair

     

    Now that GPG is installed, you have to generate your first key pair. There are two ways to do this, via the command line and one of the available GUIs (such as Seahorse for GNOME and KGpg for Plasma).

     

    First, let’s create a key pair via the command line. This command will be the same, no matter the distribution you use. Generate your first key pair with:


    gpg --full-generate-key


    You’ll be asked to answer a few questions, such as:

     

    •     What kind of key you want
    •     What size key do you want
    •     How long the key should be valid
    •     Real name
    •     email address
    •     Comment (optional)
    •     Password

     

    Whenever possible stick with the defaults (unless you have a reason otherwise). When the creation of the key finishes, you’ll be presented with the details, which you don’t need to save. You can then list your keys with the command:


    gpg --list-keys


    The list will include all keys you’ve created along with their associated name, email addresses, and creation dates.

    If you opt to go the GUI route, the process of creating your first key is very simple. For example, with Seahorse, you only need to click + in the upper left corner, select the GPG key (Figure 1), and then fill out the necessary information.

     

    79daaff4-seahorse.jpg

    Figure 1: You can create other types of keys and even straight-up passwords with Seahorse.

     

    Encrypt a File With GPG

     

    Now that you have your key ready, let me show you how to encrypt a file with GPG. If you want to encrypt a folder, you would first have to pack it into a file, such as you would with a command like:

    tar cfz filename.tgz folder


    How do you encrypt a file with GPG? Easy.

     

    Let’s say the file in question is newstack.txt and you want to encrypt it with your own GPG key. To do that, the command would be something like this:


    gpg --output newstack.tgz.gpg --encrypt --recipient RECEIVER newstack.tgz


    Where RECIEVER is the email address associated with your personal GPG key pair. If you want to encrypt the file to be sent to another user, you would use the receiver’s email address. That, of course, requires you import the receiver’s public key. Here’s how to do that:

     

    1. Request the receiver’s GPG public key.
    2. Save that key to your local drive.
    3. Import the receiver’s GPG public key with the command (run within the directory housing the receiver’s public key you saved) gpg –import file.gpg (Where file.gpg is the public key file you saved from the receiver).

     

    Now that you’ve imported the receiver’s public key, you can encrypt files using it and send the files to them, knowing only the holder of the private key that matches the public encryption key you used can open the file.

     

    To decrypt a file encrypted with GPG, the command would be:


    gpg --output newstack.tgz --decrypt newstack.tgz.gpg


    The receiver of the file will be asked to enter the password for their key pair. Upon successful authentication, the command creates a new file with the name given after the –output option. Once the file has been decrypted, you can unpack it (if it’s a tgz or zip file) and view the contents.

     

    And that’s the basics of using GPG on Linux. To find out more about how this tool works, be sure to read the official documentation, where you can read through the howtos, manuals, man pages, user guides, and more.

     

    Source

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...