No-hassle file encryption with gnupg

It’s somehow fitting that this should be the first post for 2010 for me. After all, getting a grasp of gpg has been on my to-do list for quite a while now. And while I wouldn’t claim to have wrapped my brain around it completely, I do have a functional and practical use for it, for day-to-day uses.

The situation is that I want to e-mail information — it could be sensitive, like a credit card number — and I would prefer it wasn’t openly readable to GMail. I don’t wish to enter yet another discussion of whether or not GMail screens your e-mails (I know for a fact that they do), the point of this being to avoid that situation at the start.

In this case, both I and the recipient have a password that we both know and agreed upon. I have a file or text message that I want to send, and we both have gnupg installed (it’s default in a number of distributions, including a command-line Ubuntu system). Here’s the original text message, so you can see an example.

And now we encrypt, using the symmetric option. No keyservers, no personal keys required, since both I and my recipient know the password to unlock it.

gpg --symmetric message.txt

This is what you should see.

I enter the password and confirm it, and the result is a file called message.txt.gpg. It’s a binary file, which means if you try to display the contents, you get a lot of bizarre characters spilled on your screen and it’ll probably screw with your terminal display.

But you can attach it to an e-mail, send it spinning off through the magic of the Internets, and your recipient can decode it almost as easily.

gpg --decrypt message.txt.gpg

Enter the password on the receiving end and. …

The text or contents spill out onto the screen, which you can pipe into a new file or do with as you like. Notice that warning at the bottom there; that’s not an error so much as a reminder. If you like, the encrypter can use the --force-mdc flag to avoid that message. I do that only because I prefer that my recipient not worry about warnings or errors.

That’s it. I know gnupg and the keyserver system are capable of much more than just this, but for simple person-to-person e-mails and maybe personal file protection, this is probably more than adequate.

Edit, 2010-01-06: It’s worth mentioning that this technique works fine with other types of files as well, not just text files. Photos, for example, can also be encrypted and decrypted; when you decrypt them, be sure to direct the output into a file, i.e., your decryption command will look like gpg --decrypt encrypted.jpg.gpg > decrypted.jpg.

About these ads

2 thoughts on “No-hassle file encryption with gnupg

  1. Pingback: A simple batch encryption loop « Motho ke motho ka botho

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s