Image
File encryption and decryption made easy with GPG
GPG is a popular Linux encrypting tool. Find out how to use its power to keep private files private.
The GNU Privacy Guard (GPG or gpg) tool is a native/baseos security tool for encrypting files. According to the gpg man page:
gpg is the OpenPGP (Pretty Good Privacy) part of the GNU Privacy Guard (GnuPG). It is a tool to provide digital encryption and signing services using the OpenPGP standard. gpg features complete key management and all the bells and whistles you would expect from a full OpenPGP implementation.
The gpg utility has a lot of options, but fortunately for us, encrypting and decrypting are easy to do and only require that you know three options for quick use: Create or encrypt (-c
), decrypt (-d
), and extract and decrypt (no option).
[ You might also like: How to encrypt a single Linux filesystem ]
Encrypting a file
The quick method for encrypting a file is to issue the gpg
command with the -c
(create) option:
$ echo This is an encryption test > file1.txt
$ gpg -c file1.txt
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Enter passphrase x
x x
x x
x Passphrase: ***********_____________________________ x
x x
x <OK> <Cancel> x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Please re-enter this passphrase x
x x
x Passphrase: ***********_____________________________ x
x x
x <OK> <Cancel> x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
$ ls
file1.txt file1.txt.gpg
Encrypting a file with gpg leaves the original file intact, file1.txt
, and adds the telltale .gpg
extension to the newly encrypted file. You should probably remove the original file, file1.txt
, so that the encrypted one is the sole source of the information contained in it. Alternatively, if you're going to share the encrypted version, you can rename it before sharing.
The .gpg
extension isn't required, but it does let the user know which decryption tool to use to read the file. You can rename the file to anything you want.
$ file file2.txt.gpg
file2.txt.gpg: GPG symmetrically encrypted data (AES cipher)
$ mv file2.txt.gpg testfile01.doc
$ file testfile01.doc
testfile01.doc: GPG symmetrically encrypted data (AES cipher)
Decrypting a file
Decrypting a file means that you remove the encryption to read the file's contents. There's no extraction of content or creation of the original file when you decrypt.
$ cat cfile.txt
This is an encryption and decryption test
$ gpg -c cfile.txt
< Set passphrase and repeat passphrase >
$ ls
$ cfile.txt cfile.txt.gpg
$ rm cfile.txt
$ gpg -d cfile.txt.gpg
gpg: AES encrypted data
gpg: encrypted with 1 passphrase
This is an encryption and decryption test
$ ls
cfile.txt.gpg
$ cat cfile.txt.gpg
o@yAw?D??^a??!s?????;??!?v9-3, ???XA??!?9v?}???
Ž??m??1./fKˡ??R???:j?F?|?AS?O
Note that there was no passphrase prompt to decrypt the file. If you want to be prompted to enter the password to decrypt the file again, you'll have to wait ten minutes, which is the default timeout value.
Decrypting and extracting a file
If you want to extract the original file while decrypting it, strangely enough, you issue the gpg
command with no options.
$ ls
cfile.txt.gpg
$ gpg cfile.txt.gpg
< Passphrase prompt >
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: AES encrypted data
gpg: encrypted with 1 passphrase
$ ls
cfile.txt cfile.txt.gpg
You have restored your original file, and both the encrypted and decrypted versions exist.
[ Thinking about security? Check out this complimentary guide to boosting hybrid cloud security and protecting your business. ]
Wrap up
Of course, gpg
has many more options than I've shown here. But these three are easy-to-use encryption and decryption options that will get you started protecting your files right away. I will demonstrate some of the other options in a future article unless one of you wants to do that and submit it to Enable Sysadmin for publication. Write the editorial team at enable-sysadmin@redhat.com and tell us how you use the gpg
command.
Image
A brief introduction to encrypting files with the GNU Privacy Guard (GPG, or GnuPG).
Image
Creating GPG keypairs in Linux is a simple process, but understanding how it works can enhance your security.
Image
Are you sure that your package is safe from corruption or malicious activity? Here's how signature verification can help.
Ken Hess
Ken has used Red Hat Linux since 1996 and has written ebooks, whitepapers, actual books, thousands of exam review questions, and hundreds of articles on open source and other topics. Ken also has 20+ years of experience as an enterprise sysadmin with Unix, Linux, Windows, and Virtualization. More about me