Finaly …we can start using gpg to encrypt the very secret stuff we need to keep secret for the public eye.
Bob has very secret information in a file which he wants to send to Alice. Since the wellbeing of the nation depends on this, he wants to make sure that only Alice can read this information.
Let’s see what he can do. First…what is this very secret message:
[bob@radijs ~]$ ls -l secret_stuff.txt -rw-rw-r--. 1 bob bob 18 20 nov 17:01 secret_stuff.txt
OK….what’s in it:
[bob@radijs ~]$ cat secret_stuff.txt Very secret stuff
Well let’s encrypt it. Only alice@maboc.nl must be able to decrypt this file (-r recipient).
[bob@radijs ~]$ gpg --encrypt -r alice@maboc.nl secret_stuff.txt
This will give a binary encrypted file which may not be allowed by some preocessing (thin email). So we can also create a version which is ascii readable:
[bob@radijs ~]$ gpg --encrypt -r alice@maboc.nl --armor secret_stuff.txt
Let’s have a look at the files which we now have
[bob@radijs ~]$ ls -l secret_stuff.txt* -rw-rw-r--. 1 bob bob 18 20 nov 17:01 secret_stuff.txt -rw-rw-r--. 1 bob bob 549 20 nov 18:04 secret_stuff.txt.asc -rw-rw-r--. 1 bob bob 359 20 nov 18:03 secret_stuff.txt.gpg [bob@radijs ~]$
The binary file we are not going to look in (it will mess up my terminal), the ascii armored file looks like:
[bob@radijs ~]$ cat secret_stuff.txt.asc -----BEGIN PGP MESSAGE----- hQEMA0t1KIcPP+tcAQgAkVtaxl3jXQAM/o307uXcVLuRYyXJzSJaCxIvCRHa0Lki b0m8C25Ps/HGrodog/B4Gcor7P29Mg26fuDhLsYGpivjgZ5aDGXnAOi7NQDfkUBz fo9A7fwWEiFmxp7kilESDRCX+43+kDMaEmHSedi0Xj44/o9Upt/c5IFl+OX7VDpI nYItoWpvGrfCHx1h5bDhN6sN/UxzVei4tBekgaSX2KqBZAJm+9nhSaJ3w6//dL3x A9OvhDSxhb21DTOtOyDqHF+v2ORRlIA0eT9kXg9bO6JWYk/qe4bS0z3y9eLx+pdW UMnwxewz4CkMiDHpirIA4h3E8Ye+XR1cN47uwEQpjdJWAUG2LeD96qH4oxPjBUR0 s3wOjCsilV5KwrVGJNUK1KWjq1u7iPqpOvXcqfQgCe50d0tCsSSoqqfuP9V8CbIa QYXPeoxFZpdYtGxu3h2//kLWbmbMykA= =GVZV -----END PGP MESSAGE----- [bob@radijs ~]$
So … the encrypting is done.
Bob, for instance, mails this encrypted file to Alice. As she get’s it she needs to decrypt it..let’s have a look:
[alice@radijs ~]$ ls -l secret_stuff.txt.* -rwxrwxr-x. 1 alice alice 549 20 nov 18:19 secret_stuff.txt.asc -rwxrwxr-x. 1 alice alice 359 20 nov 18:19 secret_stuff.txt.gpg
Let’s decrypt the ascii armored file:
[alice@radijs ~]$ gpg --decrypt secret_stuff.txt.asc
gpg: encrypted with 2048-bit RSA key, ID 4B7528870F3FEB5C, created 2020-11-12
"Alice "
<=== gpg here asks for the password of Alice
<=== at my system that's in a separate curses-window
<=== That window is not shown here
Very secret stuff
[alice@radijs ~]$
As you can see, gpg writes the output the STDOUT.
Now decrypt the "regular" file:
[alice@radijs ~]$ gpg --decrypt secret_stuff.txt.gpg
gpg: encrypted with 2048-bit RSA key, ID 4B7528870F3FEB5C, created 2020-11-12
"Alice "
<=== gpg here asks for the password of Alice
<=== at my system that's in a separate curses-window
<=== That window is not shown here
Very secret stuff
[alice@radijs ~]$
Again, the output is on the STDOUT.
For a small text file that may not be a problem. For a picture or so, this might produce a lot of garbage, let's redirect to a file:
[alice@radijs ~]$ gpg --decrypt secret_stuff.txt.gpg > secret_bob.txt
gpg: encrypted with 2048-bit RSA key, ID 4B7528870F3FEB5C, created 2020-11-12
"Alice "
<=== gpg here asks for the password of Alice
<=== at my system that's in a separate curses-window
<=== That window is not shown here
And what is actually in that file:
[alice@radijs ~]$ cat secret_bob.txt Very secret stuff [alice@radijs ~]$
Allright...that's all there is to it.