Encryption:Files and email
From Linux 101, The beginner's guide to all things Linux.
There are many ways of encrypting files and email. This article will focus on one of the most popular and versatile encryption applications that is available for Linux. This application is Gnu Privacy Guard, or GnuPG.
|
Note: The GnuPG executable is gpg. |
Contents |
[edit] Introduction
GnuPG is a symmetric and public key encryption suite which is compatible with OpenPGP standards. PGP stands for "Pretty Good Privacy" which was one of the first public key encryption applications ever released to the general public. There is a considerable amount of history to the PGP story, particularly with regard to the US Government's (unsucessful) attempts to keep it out of the hands of ordinary civilians.
|
Note: A more thorough history of PGP is available in the External Links section. |
[edit] Symmetric vs Public
Traditional (conventional) encryption relies on a common key, which is used to both encrypt and decrypt the data. Obviously, two parties who wish to exchange encrypted messages must find a secure method to get the key to each other.
Public key encryption provides that secure method. Using mathematically complex algorithms, it is possible to create two separate keys. These keys will be mathematically related, but it will be very, very difficult to determine one key if you know the other. This allows one key to serve as a "public" key, and the other a "private" key. Data can be encrypted one way using the public key can only be decrypted by using the private key. This type of cryptography is called asymmetric, because it works only in one direction.
So, how does this work? With GnuPG, a new random "session key" is used for each message encrypted. This session key is used for the symmetric encryption step.
Next, the symmetric key is encrypted against the recipient's public key, and sent along with the symmetrically encrypted message.
When the recipient receives the encrypted message, the recipient's private key is used to decrypt the session key. (This private key is usually stored on the recipient's disk drive symmetrically encrypted, and requires a passphrase for access). Then, the session key is used to decrypt the symmetrically encrypted message portion.
It couldn't be simpler.
(Okay, maybe it could)
[edit] Encrypting Files
So, how do you encrypt files?
First, try a simple "conventional" encryption of the file.
-
gpg -c samplefile.txt
This method prompts you for a passphrase to use, and does not use any kind of public key encryption.
-
gpg -er bob samplefile.txt
This would encrypt the file using public key encryption, to the key matching 'bob'.
|
Note: This assumes that you have a public key for someone named 'bob' ready. See the next section. |
[edit] Public and Private Keys
Before someone can use your public key, you need to generate one.
-
gpg --gen-key
Follow the given prompts to create your key. The recommended values should be sufficient (but you can use stronger values if you really want to -- it's your choice)
To give your key to others, do the following
-
gpg -ao publickey.asc --export yournamehere
Then, send the file publickey.asc to your friends.
Before you can use someone's public key, you need to import it.
-
gpg --import filecontainingpublickey.asc
|
Note: The file containing the public key does not have to end with .asc |
This will add the public key to your keyring. You can get a list of the keys on your keyring using this command:
-
gpg --list-keys
[edit] Encrypted Email
Email messages can be encrypted using the same method used to encrypt files. There are many frontends available which will make this process easier. Nearly every Linux mail client has some sort of interface available for using GnuPG.
For Mozilla, this is the Enigmail plugin.
For a guide on how to share your Thunderbird/Enigmail installation in both Linux and Windows on a dual-boot system, see Email:Sharing_your_Thunderbird_profile
[edit] External Links
The GNU Privacy Guard
The Enigmail Plugin for Mozilla Mail
A History of Pretty Good Privacy
This article is a stub. You can help Linux 101 by expanding it.
