javablogspot

Just another WordPress.com weblog

Encrypting and Decrypting files with GPG

Posted by damuchinni on February 15, 2009

GPG is a tool to encrypt and decrypt messages. It uses asymmetrical key cryptography. This means one key is used to encrypting, called private key, and another is used to decrypting, called public key.

Creating Keys

gpg is already installed in Ubuntu. To generate keys run :

$ gpg --gen-key
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection?

Type 1 and press Enter.

This allow you to encrypt, decrypt and sign.

DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048 )

Here choose the size key. The longer the key the most secure it will be, conversely, encryption and decryption will require more time than it would with a shorter key.

To use default value press Enter.

Please specify how long the key should be valid.
0 = key does not expire
<n>  = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)

Here choose the date at which the key will cease to be usable for encryption and signing.

Type 6m, for expiration in 6 months, and press Enter.

Key expires at Thu 13 Aug 2009 10:59:08 PM CEST
Is this correct? (y/N)

Type ‘y’ and press Enter.

You need a user ID to identify your key; the software constructs the user ID

from the Real Name, Comment and Email Address in this form:

"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name:

Type the name to identify the key, for example Tux Mascot.

Email address:

Type the email address and press Enter.

Comment:

Type a comment and press Enter.

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?

Type O and press Enter.

Enter passphrase:

Enter the passphare, it’s a password containing space(s) character(s), and press Enter. It is used to encrypt the private key while it is in hard disk.

Repeat passphrase:

Repeat passphare and press Enter.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++++++++++++++++++++++++++++++++++++++++++.++++++++++.+++++.++++++++++++++++++++.+++++++++++++++.++++++++++++++++++++++++++++++.+++++>++++++++++...............................................................................+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++..+++++++++++++++++++++++++.+++++++++++++++++++++++++++++++++++.+++++++++++++++.+++++++++++++++....++++++++++.+++++++++++++++.+++++++++++++++++++++++++>+++++..+++++>+++++>+++++........................................>......+++++<..+++++.................................................................................+++++^^^
gpg: key 7908DF97 marked as ultimately trusted

public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   5  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 5u
gpg: next trustdb check due at 2009-08-13
pub   1024D/7908DF97 2009-02-14 [expires: 2009-08-13]
Key fingerprint = 3073 2C54 4D58 6D5E 5E8C  7A39 7816 C031 7908 DF97
uid  Tux Mascot <tux@gun.com>
sub   2048g/CDFE4336 2009-02-14 [expires: 2009-08-13]

Now you have keys generated.

Encrypting Files

The command is :

$ gpg -e -r <name> <file_name>

The output from this command is a binary file with .gpg extension. If you use data as file the output becomes data.gpg.

Example

$ gpg -e -r Tux ~/data

Decrypting Files

The command is :

$ gpg -d -o output_file file.gpg

The parameter -d means decrypt, -o to specify output file, file.gpg is the file to decrypt.

During the decryption, you will asked to provide your private key’s passphrase.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: