File Encryption using GPG Key Pair in Linux

Channel: Linux
GPG basic file encryption doesn’t required public/private key. But to make a encrypted file more secure you can use RSA/DSA algorithms. These algorithms generates public and private keys to encrypt file.

This article will help you to do following three tasks for File Encryption using GPG Key Pair in Linux.

  • Create key pair
  • Encrypt/Decrypt file locally for same user account.
  • Encrypt file for other user.
  • Decrypt other users file.
Step 1: Create GPG Key Pair

The very first step is to generate key pair. Use the following command to generate gpg key pair.

# gpg --gen-key


gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection?
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) "

Real name: Rahul Kumar
Email address: [email protected]
Comment: Linux System Admin
You selected this USER-ID:
    "Rahul Kumar (Linux System Admin) "

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 284 more bytes)

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 2AE39E50 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   1024D/2AE39E50 2013-03-14
      Key fingerprint = 0D89 4697 E22A A6CC 3017  5EA1 0389 ED6D 2AE3 9E50
uid                  Rahul Kumar (Linux System Admin) 
sub   2048g/9102AC9C 2013-03-14
Step 2: Encrypt/Decrypt File Current User

Encrypt file for single user only. No one other can decrypt this file.

# gpg --encrypt --recipient 'Rahul Kumar' tecadmin.txt

–recipient name should be same as used in key generation. Above command will automatically generate a encrypted file named tecadmin.txt.gpg

Decrypt your own file tecadmin.txt.gpg

# gpg --output tecadmin2.txt --decrypt tecadmin.txt.gpg

–output or -o is used to specify output file name. Above command will prompt for passphrase used in key pair.

Step 3: Encrypt File for Other User

Use #1 steps to generate encrypted file. Finally share your public key and encrypted file ( tecadmin.txt.gpg ) with other users. To export your public key use following command.

# gpg --armor --output pubkey.txt --export 'Rahul Kumar'

Check your public key. It should be like below

# cat pubkey.txt

Version: GnuPG v1.4.5 (GNU/Linux)

Step 4: Decrypt Other Users File.

To decrypt other users file, It required public key of that user. Import that public key to your account using below command. For example other users public file is otherpub.txt

# gpg --import otherpub.txt

Make sure that file has been imported successfully using below command.

# gpg --list-keys

Above command will show all public key in your account. Make sure the other users public key also exist there.

Now you can decrypt the other users file using below command

# gpg --output otheruserfile.txt otheruserfile.txt.gpg

Thank You for reading this article. Read our next article to File Encryption using GPG Command Line.

Ref From: tecadmin

