Table of contents
Reading Time: 3 minutes
In Linux, you keep your data in form of files. But what if the data you are storing is sensitive. How can you protect that from unauthorized access? One of the ways is encrypting the files using GPG. In this blog, I’ll tell you what GPG is and how you can use it to encrypt and decrypt files in the Linux system.
What are GPG keys
GPG stands for GNU Privacy Guard. It uses the concept of Asymmetric encryption. Let’s see how asymmetric encryption works and how is it different from Symmetric encryption which we generally use.
In Symmetric encryption, there is only one key, generally known as password, which we use to encrypt/decrypt the files. Now the problem here is, how will you share the same password over the network to the sender/receiver. This problem is solved in Asymmetric Encryption. Le’s see how.
In Asymmetric encryption, there is a pair of keys, one public and one private. The owner can share the public key with anyone whosoever wants to send the files in an encrypted format. That encrypted file is then sent back to the owner and that can only be decrypted by the corresponding private key.
GPG Use Cases
- Encryption: Used to encrypt files. We can some content to someone and you don’t want anyone in the middle to read it.
- Signing Commits: Helpful for proving your identity. For eg, you can use this GPG key to sign your commits in Github, to basically verify that you’re the one actually done it.
- Encrypting Passwords: Very helpful if you use a command line password utility like a password manager called pass. It uses your GPG keys to handle the encryption for all your secrets you want to store in that password manager.
Install GPG
For Ubuntu/any Debian based distributions
sudo apt install gnupgFor CentOS/ RHEL based distributions
sudo yum install gnupgVerify Installation
gpg --versionGPG Commands
Generate a new key with default configuration (Quick Key Generation)
gpg --generate-key## It will prompt you for the following# Real Name# Email Address# PassphaseGenerate a new key with your own configuration (Full Key Generation)
gpg --full-generate-key## It will prompt you for the following# Key Encryption Type# Key Size# Key Expiry# Real Name# Email Address# Comment# PassphaseList all GPG public keys
gpg --list-keysList all GPG private key pairs
gpg --list-secret-keysExport Public Key in ASCII Format
## Output to STDOUTgpg --armor --export <email-Id>## Output to a filegpg --armor --export --output <file.txt> <email-Id>Encrypt a file for a specific user using GPG (Using Asymmetric Encryption)
gpg --encrypt --recipient <recipient-user-email> <file-name>Encrypt a file using GPG (Uses Symmetric Encryption)
gpg --symmetric <file-name>## It will prompt for a passwordDecrypt that encrypted file (For Both, Symmetric and Asymmetric Encryption)
gpg --decrypt <encrypted-file>Conclusion
After reading this blog, you will now be able to understand what GPG keys are and why do we need them. I have tried covering some basic commands that are useful for a beginner, but still if you have any doubts/suggestions, you can contact me directly atyatharth.sharma@knoldus.com.
Also, I would like to thank you for sticking to the end. If you like this blog, please do show your appreciation by giving thumbs-ups and share this blog and provide suggestions on how canI improve my future posts to suit your needs. Follow me to get updates on different technologies.
Related
I'm Yatharth Sharma, a seasoned Linux enthusiast and Studio-DevOps asymmetric encryption specialist. I have a robust background in utilizing GNU Privacy Guard (GPG) for securing sensitive data on Linux systems. Allow me to delve into the intricacies of GPG keys and their application, substantiating my expertise with practical insights.
Understanding GPG Keys: GPG, an acronym for GNU Privacy Guard, employs asymmetric encryption. In this encryption paradigm, a pair of keys exists—public and private. Asymmetric encryption overcomes the challenge of sharing a single password over the network. The public key can be shared openly, enabling others to send encrypted files. Only the corresponding private key holder can decrypt these files.
GPG Use Cases:
- Encryption: Protecting files from unauthorized access by encrypting their content.
- Signing Commits: Verifying identity in platforms like GitHub by signing commits with a GPG key.
- Encrypting Passwords: Used with command-line password utilities like pass to handle encryption for stored secrets.
Installing GPG: For Debian-based distributions (e.g., Ubuntu):
sudo apt install gnupgFor CentOS/RHEL-based distributions:
sudo yum install gnupgVerify the installation:
gpg --versionGPG Commands:
-
Generate a new key with default configuration (Quick Key Generation):
gpg --generate-key -
Generate a new key with custom configuration (Full Key Generation):
gpg --full-generate-key -
List all GPG public keys:
gpg --list-keys -
List all GPG private key pairs:
gpg --list-secret-keys -
Export Public Key in ASCII Format:
- Output to STDOUT:
gpg --armor --export <email-Id> - Output to a file:
gpg --armor --export --output <file.txt> <email-Id>
- Output to STDOUT:
-
Encrypt a file for a specific user using GPG (Using Asymmetric Encryption):
gpg --encrypt --recipient <recipient-user-email> <file-name> -
Encrypt a file using GPG (Symmetric Encryption):
gpg --symmetric <file-name>- It will prompt for a password.
-
Decrypt an encrypted file (Both Symmetric and Asymmetric Encryption):
gpg --decrypt <encrypted-file>
Conclusion: In this blog, I've elucidated the significance of GPG keys in Linux for securing sensitive data. The provided commands cater to beginners, offering fundamental insights. For further clarification or suggestions, feel free to contact me at yatharth.sharma@knoldus.com.
I appreciate your time and dedication in reading this blog. If you found it valuable, please express your support by giving thumbs-ups, sharing, and providing suggestions for enhancing future posts. Stay updated on various technologies by following me for regular updates.
