No-hassle file encryption with gnupg

It’s somehow fitting that this should be the first post for 2010 for me. After all, getting a grasp of gpg has been on my to-do list for quite a while now. And while I wouldn’t claim to have wrapped my brain around it completely, I do have a functional and practical use for it, for day-to-day uses.

The situation is that I want to e-mail information — it could be sensitive, like a credit card number — and I would prefer it wasn’t openly readable to GMail. I don’t wish to enter yet another discussion of whether or not GMail screens your e-mails (I know for a fact that they do), the point of this being to avoid that situation at the start.

In this case, both I and the recipient have a password that we both know and agreed upon. I have a file or text message that I want to send, and we both have gnupg installed (it’s default in a number of distributions, including a command-line Ubuntu system). Here’s the original text message, so you can see an example.

And now we encrypt, using the symmetric option. No keyservers, no personal keys required, since both I and my recipient know the password to unlock it.

gpg --symmetric message.txt

This is what you should see.

I enter the password and confirm it, and the result is a file called message.txt.gpg. It’s a binary file, which means if you try to display the contents, you get a lot of bizarre characters spilled on your screen and it’ll probably screw with your terminal display.

But you can attach it to an e-mail, send it spinning off through the magic of the Internets, and your recipient can decode it almost as easily.

gpg --decrypt message.txt.gpg

Enter the password on the receiving end and. …

The text or contents spill out onto the screen, which you can pipe into a new file or do with as you like. Notice that warning at the bottom there; that’s not an error so much as a reminder. If you like, the encrypter can use the --force-mdc flag to avoid that message. I do that only because I prefer that my recipient not worry about warnings or errors.

That’s it. I know gnupg and the keyserver system are capable of much more than just this, but for simple person-to-person e-mails and maybe personal file protection, this is probably more than adequate.

Edit, 2010-01-06: It’s worth mentioning that this technique works fine with other types of files as well, not just text files. Photos, for example, can also be encrypted and decrypted; when you decrypt them, be sure to direct the output into a file, i.e., your decryption command will look like gpg --decrypt encrypted.jpg.gpg > decrypted.jpg.

About these ads

2 Responses to “No-hassle file encryption with gnupg”


  1. 1 n2j3 2010/01/01 at 10:16 PM

    Happy new year K.Mandla :D

    you should really see gnupg at work in this jewel of a cli password wallet http://code.google.com/p/password-wallet/

    I’m sure it’s right up your street.


  1. 1 A simple batch encryption loop « Motho ke motho ka botho Trackback on 2010/02/05 at 10:05 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




Welcome!



Visit the Wiki!

Some recent desktops


May 6, 2011
Musca 0.9.24 on Crux Linux
150Mhz Pentium 96Mb 8Gb CF
 


May 14, 2011
IceWM 1.2.37 and Arch Linux
L2300 core duo 3Gb 320Gb

Some recent games


Apr. 21, 2011
Oolite on Xubuntu 11.04
L2300 core duo 3Gb 320Gb

Enter your email address to subscribe to this blog and receive notifications of new posts.

Join 405 other followers

License

This work is licensed under the GNU Free Documentation License. Please see the About page for details.

Blog Stats

  • 3,959,958 hits

Archives


Follow

Get every new post delivered to your Inbox.

Join 405 other followers

%d bloggers like this: