In Linux, you keep your data in form of files. But what if the data you are storing is sensitive. How can you protect that from unauthorized access? One of the ways is encrypting the files using GPG. In this blog, I’ll tell you what GPG is and how you can use it to encrypt and decrypt files in the Linux system.
What are GPG keys
GPG stands for GNU Privacy Guard. It uses the concept of Asymmetric encryption. Let’s see how asymmetric encryption works and how is it different from Symmetric encryption which we generally use.
In Symmetric encryption, there is only one key, generally known as password, which we use to encrypt/decrypt the files. Now the problem here is, how will you share the same password over the network to the sender/receiver. This problem is solved in Asymmetric Encryption. Le’s see how.
In Asymmetric encryption, there is a pair of keys, one public and one private. The owner can share the public key with anyone whosoever wants to send the files in an encrypted format. That encrypted file is then sent back to the owner and that can only be decrypted by the corresponding private key.
GPG Use Cases
- Encryption: Used to encrypt files. We can some content to someone and you don’t want anyone in the middle to read it.
- Signing Commits: Helpful for proving your identity. For eg, you can use this GPG key to sign your commits in Github, to basically verify that you’re the one actually done it.
- Encrypting Passwords: Very helpful if you use a command line password utility like a password manager called pass. It uses your GPG keys to handle the encryption for all your secrets you want to store in that password manager.
For Ubuntu/any Debian based distributions
sudo apt install gnupg
For CentOS/ RHEL based distributions
sudo yum install gnupg
Generate a new key with default configuration (Quick Key Generation)
gpg --generate-key ## It will prompt you for the following # Real Name # Email Address # Passphase
Generate a new key with your own configuration (Full Key Generation)
gpg --full-generate-key ## It will prompt you for the following # Key Encryption Type # Key Size # Key Expiry # Real Name # Email Address # Comment # Passphase
List all GPG public keys
List all GPG private key pairs
Export Public Key in ASCII Format
## Output to STDOUT gpg --armor --export <email-Id> ## Output to a file gpg --armor --export --output <file.txt> <email-Id>
Encrypt a file for a specific user using GPG (Using Asymmetric Encryption)
gpg --encrypt --recipient <recipient-user-email> <file-name>
Encrypt a file using GPG (Uses Symmetric Encryption)
gpg --symmetric <file-name> ## It will prompt for a password
Decrypt that encrypted file (For Both, Symmetric and Asymmetric Encryption)
gpg --decrypt <encrypted-file>
After reading this blog, you will now be able to understand what GPG keys are and why do we need them. I have tried covering some basic commands that are useful for a beginner, but still if you have any doubts/suggestions, you can contact me directly at email@example.com.
Also, I would like to thank you for sticking to the end. If you like this blog, please do show your appreciation by giving thumbs-ups and share this blog and provide suggestions on how can I improve my future posts to suit your needs. Follow me to get updates on different technologies.