Data that can be read and understood without any special measures is called plaintext. The process of disguising plaintext to hide its meaning and substance is called encryption. When a plaintext is encrypted, a ciphertext is generated. Decryption is the process of reverting cyphertext back to plaintext.
Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP) is a tool used to encrypt and decrypt texts, emails and files . It uses a mixture of compression, hashing and public-key cryptography.
PGP is the standard of encrypted communication. The execution maybe complex but the concept is actually quite simple. It uses public key encryption system.
GNU Privacy Guard (GPG)
GNU Privacy Guard, also called GPG, is a complete and free implementation of the OpenPGP standard. It is a command line tool that can be easily integrated with other applications.
GPG also uses public key encryption . In this type of system, each user has a pair of keys, a public key and a private key. The private key should be kept secret. The public key on the other hand may be given to anyone with whom the user wants to communicate.
In this guide, we will go through the core functionality of GPG. That is:
- Keypair creation
- Exchanging keys
- Encrypting and decrypting files
Generating a keypair
The following command is used to create a new primary keypair.
There are 4 options available. The DSA keypair is the primary keypair only usable for making signatures. An ElGamal surbodinate keypair is also created for encryption. We will go with the default option.
The next step is to choose a key size. GPG requires that keys be no smaller that 768 bits. The longer the key the more secure it is but the default keysize is adequate.
Increasing the keysize can slow the encryption and decryption and it may also affect the signature length.
You will be required to choose an expiration date. Although changing an expiration date after the key is generated is possible, it may be difficult to communicate this to the users who have your public key.
You will then be prompted to provide a user ID. This will be used to associate the key being generated to a real person. A name and an email address will be required. This name and email address will be used to refer to the key as well.
GPG requires a passphrase to protect your key. This is the only protection you have if another individual gets a hold of your private key. Therefore a good passphrase is crucial to the security of GPG.
In order to be able to communicate with other users, you need to exchange public keys.
Once you have generated the key, you need to share your public key with the person that you intend to communicate with.
The following command is used to list the keys in your public keyring.
Your public key must be exported first for you to be able to share it with other users. This can be done using the following command.
gpg --armor --export nnpubkey > mypublickey.asc
Once the key is exported, it can be shared via email or uploaded to a keyserver.
Importing a public key
To add another public key to your public keyring, the following command is used. Here, we are importing a public key with the name yourpubkey
gpg --import yourpublickey.asc
To view the keys in your public keyring, the command below is used.
Once the key is imported, it should be validated. A key is validated by checking its fingerprint, signing the key to certify it and trusting the key.
In order to do that, the key must be edited first.
gpg --edit-key yourpubkey
You will be prompted for a command to edit the key. The following commands can be used to validate the key:
fpr – Used to verify the key’s owner. If the fingerprint you get is the same as the one the key’s owner gets then you have a correct copy of the key.
sign – Used to certify the key
trust – used to approve the key
Validate the key by signing it and trusting it with the sign and trust commands. Once the key is validated, certified and trusted, you can use it to encrypt files.
Encrypting and Decrypting Files
A public and a private key each has a specific role when it comes to encrypting and decrypting files.
The procedure of encrypting and decrypting files is quite straight forward. If you want to send an encrypted file to another user, you encrypt the message using their public key and they will decrypt it using their private key.
If the other user wants to send an encrypted file to you, they will encrypt it using your public key and then you will use your private key to decrypt the message.
To encrypt a file, you must have the public key of the intended recipient. The following command is used to encrypt a document.
gpg --output document.asc --encrypt --recipient yourpubkey doc
The recipient option takes an argument specifying the public key used to encrypt a file.
To decrypt a a file, the command below is used.
gpg --output document --decrypt document.asc
GPG comes pre-installed by default in most distributions. If for some reason it is not installed, the following commands can be used to install on Debian/Ubuntu and CentOS respectively.
apt get install gnupg yum install gnupg2