GPG & its Benefits
In brief GPG (Gnu Privacy Guard) is a system for encryption of data that afterwards can be transmitted through open communication channels and kept in not protected storage. Open communication channels are email, cloud storage, instant messengers, and many others you probably use daily. These tools don’t provide any dependable data protection.
GPG is available in almost all repositories and Linux distributives. It is used for creating digital signatures and files encrypting. GPG is an open source analog of PGP (Pretty Good Privacy).
GPG shield is quite reliable. It’s not possible to hack it using simple tools since it uses 2048-bit keys and it is very resistant to the most complex hacking algorithms.
For transferring sensitive information it’s enough to compress the data using the gpg utility. After that it can be transferred using any convenient method regardless of its built-in security means. Besides compressing data GPG can also be used for files signing to confirm the file authorship.
Now let’s have a closer look at how it works and how to use it…
How to Use GPG for Transmitting Sensitive Data
In order to encrypt the file the sender should have a private open key of the person to whom the file is going to be sent. The open key is used by the sender to encrypt the data and cannot be used to decrypt it. This is why the open key can be sent using open communication channels.
The recipient can decrypt the file using his private secret key and a passphrase. It is extremely important to keep both the private key and the passphrase or you won’t be able to decrypt the file.
The main component of GPG are a private (secret) and a public (open) keys.
The private key should be safely kept only by its owner and it can be used for signing data and decryption of encrypted files. In all operations where the private key is used you should provide the passphrase as well.
A public key can be used for checking a digital signature and for encrypting files. It can be made available for various users you communicate with.
Thus if you would like to send somebody encrypted sensitive data you should take that person’s public key and use it to encrypt your data. After receiving that data the person should use his private key to decrypt it.
If you would like to send an email with your digital signature you should use your private key to generate it. The recipient of such a signed email can use your public key to validate your signature and make sure the email has been sent by you personally.
Generating & Managing Keys
You can generate both the private and the public keys using the following command:
It will ask you about the kind of key you would like to have, its length, and period of validity. For start choose defaults. Now you should enter your details:
User: Giant Leap Lab
Passphrase: My top secret phrase for decryption
You can import keys from files. Later we will show how to generate such files.
Public and private:
gpg –import gll.prv.key
Public only (you also may need to change the level of trust for this key):
gpg –import gll.pub.key
gpg –allow-secret-key-import –import gll.prv.key
gpg –export –a “Giant Leap Lab” > gll.pub.key && cat gll.pub.key
gpg –export-secret-key –a “Giant Leap Lab” > gll.prv.key && cat gll.prv.key
Checking if a Key is Installed
Show the public key:
Show all private keys:
gpg –delete-keys ‘Giant Leap Lab’
gpg –delete-secret-keys ‘Giant Leap Lab’
GPG allows editing level of trust for public keys. This level reflects how high is trust to a particular user and his ability to properly sign his files.
Sometimes for example when importing a key you also can get the following warning message:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
In order to fix this and set proper trust level use the following command:
gpg –edit-key ‘Giant Leap Lab’
and you’ll get the following options to choose from:
1 = Don’t know
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
s = please show me more information
m = back to the main menu
Transferring an Encrypted File
Encrypting & Sending
This will create a file called top_secret_file.txt.gpg that can be sent by email or transferred using other open communication channels.
If you add the “-a” option the content of the generated encrypted file (top_secret_file.txt.asc) can be sent as text for example through an instant messenger.
Receiving & Decrypting
gpg –o top_secret_file.txt –d top_secret_file.txt.gpg
This will restore the original top_secret_file.txt file from top_secret_file.txt.gpg.
Sometimes it might be necessary to add a digital signature to a file to confirm its authorship. The command below creates a digital signature for the signGLL.txt file. The signature is saved as a separate file signGLL.txt.sig (detached signature). The “-u” argument defines what key should be used for generating the signature.
Instead of “ – detach-sign” you can also use “-b”:
You can also compress the file so that it includes the signature:
Then the received signGLL.txt.gpg file can be decrypted using this command:
gpg –output signGLL.txt –decrypt signGLL.txt.gpg
In order to verify a signature use the command below. Note that the original file should be in the same folder as the validated signature.
gpg –verify signGLL.txt.sig
If the file named differently you can add his name:
gpg –verify signGLL.txt.sig lincense.txt