It’s somehow fitting that this should be the first post for 2010 for me. After all, getting a grasp of gpg has been on my to-do list for quite a while now. And while I wouldn’t claim to have wrapped my brain around it completely, I do have a functional and practical use for it, for day-to-day uses.
The situation is that I want to e-mail information — it could be sensitive, like a credit card number — and I would prefer it wasn’t openly readable to GMail. I don’t wish to enter yet another discussion of whether or not GMail screens your e-mails (I know for a fact that they do), the point of this being to avoid that situation at the start.
In this case, both I and the recipient have a password that we both know and agreed upon. I have a file or text message that I want to send, and we both have gnupg installed (it’s default in a number of distributions, including a command-line Ubuntu system). Here’s the original text message, so you can see an example.
And now we encrypt, using the symmetric option. No keyservers, no personal keys required, since both I and my recipient know the password to unlock it.
gpg --symmetric message.txt
This is what you should see.
I enter the password and confirm it, and the result is a file called message.txt.gpg. It’s a binary file, which means if you try to display the contents, you get a lot of bizarre characters spilled on your screen and it’ll probably screw with your terminal display.
But you can attach it to an e-mail, send it spinning off through the magic of the Internets, and your recipient can decode it almost as easily.
gpg --decrypt message.txt.gpg
Enter the password on the receiving end and. …
The text or contents spill out onto the screen, which you can pipe into a new file or do with as you like. Notice that warning at the bottom there; that’s not an error so much as a reminder. If you like, the encrypter can use the
--force-mdc flag to avoid that message. I do that only because I prefer that my recipient not worry about warnings or errors.
That’s it. I know gnupg and the keyserver system are capable of much more than just this, but for simple person-to-person e-mails and maybe personal file protection, this is probably more than adequate.
Edit, 2010-01-06: It’s worth mentioning that this technique works fine with other types of files as well, not just text files. Photos, for example, can also be encrypted and decrypted; when you decrypt them, be sure to direct the output into a file, i.e., your decryption command will look like
gpg --decrypt encrypted.jpg.gpg > decrypted.jpg.