Encrypting files with GPG

So I heard that you want to encrypt some files before sending them to your friends? Indeed you should! As we all know, plaintext networks are dangerous places, and actually, anyone out there shuffling your traffic around the series of tubes may be able to intercept what you send and receive. This tutorial will explain some basics about how to turn your files into next level encrypted files.

Since you have already worked your way around the GPG-tutorial, it is now time to get down to encrypting files. Your computer may be lost or stolen, which means that encrypting the data is a good plan. Also, GPG is very clever. Not only can you encrypt files for yourself, but also for your friends!

Lets begin with this fictional diary of mine. I have written it in plaintext using the program nano, which is an averate text editor. However, this little text file can be replaced with any type of data; images, videos, sound files, even multiple files that you add to a compressed archive.

Then I encrypt the file deardiary.txt with the commands gpg -e -s deardiary.txt. The -e means to encrypt, and the -s means to sign it with your identity. Then you give your secret passphrase and plaintext has been made into ciphertext.

Now you have a new file called deardiary.txt.gpg which looks like this if you try to read it. Yes, this what ciphertext looks like. Only I can decrypt this file!

However, lets say I want my friend Karin to be able to read my secret diary? Now comes the clever thing with GPG. If I use her key, which I have signed and stored on my computer since she is in my web of trust, I can simply choose to encrypt the file so that only she is able to decrypt it. This way, I can e-mail her the file without anyone but her being able to read it. I can even upload it to this page, like here maybe, it doesn’t matter because her key is the only thing that opens it.

Trying to read it, well, you are busted again with ciphertext.

To decrypt a message, you simply write gpg -d deardiary.txt.gpg. Then ciphertext is made into plaintext again.

If you have a long file, however, you don’t want to just print it on your screen. So instead you can make a new plaintext file with gpg -d deardiary.txt.gpg >deardiary.txt and the plaintext will appear in a new file.

Stay safe, stay in cipher!

3 reaktioner till “Encrypting files with GPG”

  1. Great tutorial!

    Another way of encrypting files is by storing them inside a filesystem located in an encrypted container. It works as an encrypted folder for private documents. Since the encrypted container is a regular file, there is no need of formatting your hard disk drive or usb stick.

    This how to prepare a 1 GB ”encrypted folder” on Linux:

    1. Create an empty 1 GB file. Later we’ll encrypt this file and use it as container for a filesystem.

    dd if=/dev/zero of=/home/nils/container bs=1M count=1000

    2. Setup container as a loop device

    su root
    losetup /dev/loop0 /home/nils/container

    3. Encrypt container

    cryptsetup luksFormat /dev/loop0 (here you need to enter a passphrase)

    4. Create a filesystem in the container

    cryptsetup luksOpen /dev/loop0 encrypted_container
    mkfs.ext3 /dev/mapper/encrypted_container

    5. The preparation is complete, let’s close things down…

    cryptsetup luksClose /dev/mapper/encrypted_container
    losetup -d /dev/loop0

    To use the filesystem, take these steps:

    losetup /dev/loop0 /home/nils/container
    cryptsetup luksOpen /dev/loop0 encrypted_container
    mount /dev/mapper/encrypted_container /mnt/encrypted_container

    Now, private documents can be moved into /mnt/encrypted_container. They will be encrypted on-the-fly. When you leave the computer, close down the encryption layer and your private documents will be safe:

    unmount /mnt/encrypted_container
    cryptsetup luksClose /dev/mapper/encrypted_container

Kommentera

E-postadressen publiceras inte. Obligatoriska fält är märkta *

Time limit is exhausted. Please reload CAPTCHA.