GPG : Encrypting / Decrypting

GPG index

Finaly …we can start using gpg to encrypt the very secret stuff we need to keep secret for the public eye.

Bob has very secret information in a file which he wants to send to Alice. Since the wellbeing of the nation depends on this, he wants to make sure that only Alice can read this information.

Let’s see what he can do. First…what is this very secret message:

[bob@radijs ~]$ ls -l secret_stuff.txt 
-rw-rw-r--. 1 bob bob 18 20 nov 17:01 secret_stuff.txt

OK….what’s in it:

[bob@radijs ~]$ cat secret_stuff.txt 
Very secret stuff

Well let’s encrypt it. Only alice@maboc.nl must be able to decrypt this file (-r recipient).

[bob@radijs ~]$ gpg --encrypt -r alice@maboc.nl secret_stuff.txt 

This will give a binary encrypted file which may not be allowed by some preocessing (thin email). So we can also create a version which is ascii readable:

[bob@radijs ~]$ gpg --encrypt -r alice@maboc.nl --armor secret_stuff.txt

Let’s have a look at the files which we now have

[bob@radijs ~]$ ls -l secret_stuff.txt*
-rw-rw-r--. 1 bob bob  18 20 nov 17:01 secret_stuff.txt
-rw-rw-r--. 1 bob bob 549 20 nov 18:04 secret_stuff.txt.asc
-rw-rw-r--. 1 bob bob 359 20 nov 18:03 secret_stuff.txt.gpg
[bob@radijs ~]$

The binary file we are not going to look in (it will mess up my terminal), the ascii armored file looks like:

[bob@radijs ~]$ cat secret_stuff.txt.asc 
-----BEGIN PGP MESSAGE-----

hQEMA0t1KIcPP+tcAQgAkVtaxl3jXQAM/o307uXcVLuRYyXJzSJaCxIvCRHa0Lki
b0m8C25Ps/HGrodog/B4Gcor7P29Mg26fuDhLsYGpivjgZ5aDGXnAOi7NQDfkUBz
fo9A7fwWEiFmxp7kilESDRCX+43+kDMaEmHSedi0Xj44/o9Upt/c5IFl+OX7VDpI
nYItoWpvGrfCHx1h5bDhN6sN/UxzVei4tBekgaSX2KqBZAJm+9nhSaJ3w6//dL3x
A9OvhDSxhb21DTOtOyDqHF+v2ORRlIA0eT9kXg9bO6JWYk/qe4bS0z3y9eLx+pdW
UMnwxewz4CkMiDHpirIA4h3E8Ye+XR1cN47uwEQpjdJWAUG2LeD96qH4oxPjBUR0
s3wOjCsilV5KwrVGJNUK1KWjq1u7iPqpOvXcqfQgCe50d0tCsSSoqqfuP9V8CbIa
QYXPeoxFZpdYtGxu3h2//kLWbmbMykA=
=GVZV
-----END PGP MESSAGE-----
[bob@radijs ~]$

So … the encrypting is done.

Bob, for instance, mails this encrypted file to Alice. As she get’s it she needs to decrypt it..let’s have a look:

[alice@radijs ~]$ ls -l secret_stuff.txt.*
-rwxrwxr-x. 1 alice alice 549 20 nov 18:19 secret_stuff.txt.asc
-rwxrwxr-x. 1 alice alice 359 20 nov 18:19 secret_stuff.txt.gpg

Let’s decrypt the ascii armored file:

[alice@radijs ~]$ gpg --decrypt secret_stuff.txt.asc 
gpg: encrypted with 2048-bit RSA key, ID 4B7528870F3FEB5C, created 2020-11-12
      "Alice "
                                <=== gpg here asks for the password of Alice 
                                <=== at my system that's in a separate curses-window
                                <=== That window is not shown here
Very secret stuff
[alice@radijs ~]$ 

As you can see, gpg writes the output the STDOUT.

Now decrypt the "regular" file:

[alice@radijs ~]$ gpg --decrypt secret_stuff.txt.gpg 
gpg: encrypted with 2048-bit RSA key, ID 4B7528870F3FEB5C, created 2020-11-12
      "Alice "
                                <=== gpg here asks for the password of Alice 
                                <=== at my system that's in a separate curses-window
                                <=== That window is not shown here
Very secret stuff
[alice@radijs ~]$ 

Again, the output is on the STDOUT.

For a small text file that may not be a problem. For a picture or so, this might produce a lot of garbage, let's redirect to a file:

[alice@radijs ~]$ gpg --decrypt secret_stuff.txt.gpg > secret_bob.txt
gpg: encrypted with 2048-bit RSA key, ID 4B7528870F3FEB5C, created 2020-11-12
      "Alice "
                                <=== gpg here asks for the password of Alice 
                                <=== at my system that's in a separate curses-window
                                <=== That window is not shown here

And what is actually in that file:

[alice@radijs ~]$ cat secret_bob.txt 
Very secret stuff
[alice@radijs ~]$

Allright...that's all there is to it.

Leave a Reply

Your email address will not be published. Required fields are marked *