Using GnuPG gpg command you can generate public and private keys. In this tutorial, we will use the keys generated by gpg command to send and receive encrypted files, and digitally sign a file.
Encrypt a file and send it to your Friend
1. Import your friend’s public key
When you want to send a secret file to your friend, the first thing to do is to import your friend’s public key. You can import your friends public key from a “Key server” if he/she has exported their public key to a key server.
Refer to the “Export Your Public Keys” section in our GnuPG Basics article to understand how to export your public key to a key server.
To import public key from a key server, do the following. You can import by using any one of the above methods. Provide your friend’s Key-ID or E-Mail ID or Real Name to import the keys correctly.
$ gpg --search-keys --keyserver keyserver.ubuntu.com 'KEY-ID' or $ gpg --search-keys --keyserver keyserver.ubuntu.com 'E-Mail ID' or $ gpg --search-keys --keyserver keyserver.ubuntu.com 'Real Name'
To import public key from a file, do the following. If your friend has E-Mailed you his/her public key, then you can import those keys by using the following command
$ gpg --import myfriends_pub_key.gpg
2. Verify the imported key server
You can verify whether you have successfully imported your friend’s public key using –list-keys option
$ gpg --list-keys /home/lakshmanan/.gnupg/pubring.gpg ----------------------------------- pub 2048R/A7344E7D 2012-10-12 uid lakshmanan (My test GPG keys) sub 2048R/96F8EF9B 2012-10-12 pub 2048R/FB2744A8 2012-12-03 uid raman (Ram's test ID) sub 2048R/88EF55EE 2012-12-03
Now I’ve my friend Raman’s public key imported.
3. Encryp a secret file using your friend’s public key
Now that you have the public key of your friend, you can send him a file, which is encrypted using “Your Friend’s Public Key”, so only your friend ( Who is having the private key ), can decrypt it.
$ gpg --encrypt --recipient raman a.txt gpg: 88EF55EE: There is no assurance this key belongs to the named user pub 2048R/88EF55EE 2012-12-03 raman (Ram's test ID) Primary key fingerprint: FF32 7764 A0AE 1E85 AC4B CF17 8AED B292 FB27 44A8 Subkey fingerprint: D6A5 7107 77C8 6845 2F86 765C EEED DD85 88EF 55EE It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes. Use this key anyway? (y/N) y
Note that there is a warning, which says, there is no guarantee that the “Public Key” belongs to your friend. We will look back at this when time permits. As of now, since I trust my fried, I’ve given “Yes” to use the key.
It will create a file named “a.txt.pgp”, when opened using editor, it will have some binary data. Send this file to your friend by any means.
If you don’t want to send a binary content, or there are issues in sending binary, you can use the –armor option which creates an ASCII file as shown below.
$ gpg --encrypt --armor --recipient raman a.txt
Decrypt a file
Now your friend would have received your encrypted file. In order to view the content of the file, he need to decrypt the file. Since decrypt operation will be performed by using your friend’s private key, it will ask for the passphrase provided by your friend while creating keys.
$ gpg --decrypt a.txt.gpg > secret.txt
Now the file secret.txt will contain the actual text written.
Send an encrypted file to multiple recipient
You can also send a file to multiple recipients by using the –recipient or -r
$ gpg -r raman -r steve -r gopi --encrypt a.txt
Once the above command is given, gpg will use the public key of all the recipients to encrypt the data in such a way that any one of their private keys can decrypt the data.
In our next article in this series, we will explain how to sign the message with data and timestamp on it.