OpenPGP Encryption with GnuPG
Using the GNU Privacy Guard, or GnuPG for short, you can encrypt individual files and emails, and digitally sign them. The main command-line tool of GnuPG is gpg, thus called because it started out as a replacement for PGP, which was the first encryption tool available to everyone that had strong cryptography built into it. PGP, which stands for Pretty Good Privacy, was written by Phil Zimmermann in the early 1990s. OpenPGP is the standard that describes the file format of PGP version 5.0 and later. GnuPG and PGP both implement this standard, and hence are able to read each other's files.
Symmetric Encryption
The simplest way to encrypt a file with GnuPG is to encrypt it with a passphrase.[*] This method is called symmetric encryption. The actual cryptography underlying this is beyond the scope of this book. Suffice it to say that the passphrase is used as the encryption key to the file. Everyone knowing the passphrase will be able to decrypt and read the file.[*]
To encrypt the file music.ogg, you simply type gpg --symmetric music.ogg.
GnuPG will prompt you for a passphrase, and then
again to confirm the passphrase in order to avoid typos. The
encrypted file is written to music.ogg.gpg. If you prefer another
output file name, use --output
outfile, like this:
gpg --output music.gpg -c music.ogg
Here, we used the -c and -o shortcuts for --symmetric and --output, respectively.
To decrypt the file, simply call gpg file. For instance, to continue the previous ...
Get Running Linux, 5th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
