This guide teaches you how to encrypt a file such as text file before transporting them over the internet to your friend so that nobody else can open and read it. This is essential for maintaining data privacy and security.
GnuPG (GNU Privacy Guard) is a powerful open-source encryption tool that allows users to encrypt and decrypt files using public-key cryptography. To follow this guide, you need to have:
- Either a PC running Ubuntu Linux
- Or a server running Ubuntu Linux
- Or a Windows PC with WSL (Ubuntu) configured
- Or an Android phone with Termux installed
In any case, you will be able to run a terminal window with apt package management.
Steps to Encrypt a File for Transport with GnuPG
GnuPG is required to be installed on your Ubuntu system. If not installed, you can install it using the following command:
---
1 | sudo apt-get install gnupg |
Generate a Key Pair
Before encrypting files, you need to generate a key pair consisting of a public key and a private key. The public key is used to encrypt files, while the private key is used to decrypt them. To generate a key pair, follow these steps. Run the following command to generate a new key pair:
1 | gpg --gen-key |
You’ll receive this prompt:
1 2 3 4 5 6 | Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 |
Select (1) RSA and RSA. Next, it will ask you the key size. A key size of 2048 bits is still considered adequate:
1 | What keysize do you want? (2048) 2048 |
Next, it will ask for an expiration period. That is a complicated topic and will be discussed in a separate article. For ordinary works and testing purposes, you can choose no expiration:
1 2 3 4 5 6 7 | Please specify how long the key should be valid. 0 = key does not expire <n> d = key expires in n days <n> w = key expires in n weeks <n> m = key expires in n months <n> y = key expires in n years Key is valid for? (0) 0 |
Next, it will ask your name, email, comment and a password:
1 2 3 | Real name: Abhishek Ghosh Email address: admin@abhishekghosh.com Comment: Example for thecustomizewindows.com |
Use a difficult-to-guess password. Once the key pair is generated, your public key will be stored in the GnuPG keyring. GnuPG maintains two keyrings, one for public keys and one for private keys. Whenever we use a private key to decrypt, GnuPG will ask us for the passphrase.
These keys are stored under ~/.gnupg directory.
Import Recipient’s Public Key
If I intend to encrypt files for you as recipient, you’ll need to export your public key:
1 2 | # you gpg -o yourpublickey.asc --export -a you@example.com |
It will go to the keyring. I have to import your public key into my keyring:
1 2 | # me gpg --import yourpublickey.asc |
But your foe may have replaced your public key with your public key while it was in transit to me. To verify that key is the public key, I will check the fingerprint of the key, phone you and read the fingerprint to match:
1 2 3 4 5 | gpg --fingerprint you@example.com pub 3348T/694F0DS8 2024-04-25 Key fingerprint = AD5F 2TB3 81V0 C6SA 69ED 597F 9Q15 887B 998E 87W9 uid You <you@example.com> sub 8098T/7S17R3Q0 2024-03-29 |
If you agree that it is your key, then I will sign your key with my private key to make it trusted:
1 | gpg --sign-key you@example.com |
Encrypt a File
Now, I can encrypt any file which I will send to you:
1 2 | echo "secret message to you" > message.txt gpg -o message.encrypted -r you@example.com -e message.txt |
You can run this kind of command to decrypt it:
1 | gpg -o message.txt -d message.encrypted |
Encrypting files with GnuPG is a straightforward process that helps protect sensitive data during transport. By following the steps outlined in this guide, you can encrypt files with ease and ensure that only authorized recipients can access the encrypted data. Remember to securely store your private key and passphrase to maintain the confidentiality and integrity of your encrypted files.
