Home / How to / Encrypting and decrypting files with password in Linux

Encrypting and decrypting files with password in Linux

Sometimes you need to send a file containing sensitive information across to someone over internet and you started thinking, “Gee, I’ve got some pretty sensitive information in the file. How can I send it securely?” There are many ways to send encrypted files. A good way for encrypting files is using a long password with GPG or GNU Privacy Guard (GnuPG or GPG) tool. Once you’ve encrypted the file, you can do few things.Encrypting Decrypting files with password in Linux - blackMORE Ops - 3

  1. Put the file in an FTP or Web server the requires a second set of username and passwords.
  2. To further secure, you can put a firewall rule to allow a single IP/Network to access that location.
  3. Send the file via email as an attachment.
  4. Send the file via encrypted email. (double encryption). We will look into email encryption soon.
  5. Create a torrent file and send it securely as a private torrent if the file is too big. (i.e. movies, large files etc.)

So the possibilities are endless. GnuPG or GPG works in Windows, Linux, Mac (any iOS devices), Android, Blackberry etc. In short GnuPG or GPG is supported on all platforms and that’s what makes it such a good encryption tool.

GNU Privacy Guard (GnuPG or GPG)

GnuPG is a hybrid encryption software program in that it uses a combination of conventional symmetric-key cryptography for speed, and public-key cryptography for ease of secure key exchange, typically by using the recipient’s public key to encrypt a session key which is only used once. This mode of operation is part of the OpenPGP standard and has been part of PGP from its first version.
GnuPG encrypts messages using asymmetric keypairs individually generated by GnuPG users. The resulting public keys may be exchanged with other users in a variety of ways, such as Internet key servers. They must always be exchanged carefully to prevent identity spoofing by corrupting public key “owner” identity correspondences. It is also possible to add a cryptographic digital signature to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon has not been corrupted.

Downloan GnuPG

You can download GnuPG for the following Operating systems from this Download GnuPG link.

  1. Windows
  2. OS X
  3. Debian
  4. RPM
  5. Android
  6. VMS (OpenVMS)
  7. RISC OS
  8. *BSD
  9. *NIX
  10. AIX
  11. HPUX
  12. IRIX
  13. Solaris, SunOS

List of supported Operating systems can be found in GnuPG Supported Operating Systems list.

Apart from these, most operating systems have their own implementation of GnuPG which are supported by each other as the underlying encryption and decryption works in a similar way.

Encrypting files in Linux

To encrypt a single file, use command gpg as follows:

root@kali:~# gpg -c secretfilename

To encrypt secretfilename.txt file, type the command:

root@kali:~# gpg -c secretfilename.txt

Sample output:

Enter passphrase:
Repeat passphrase:

Encrypting files with password in Linux - blackMORE Ops - 1

This will create a secretfilename.txt.gpg file. GnuPG or GPG help doco below:

GnuPG or GPG help menu

GnuPG or GPG help menu

root@kali:~# gpg --help

gpg (GnuPG) 1.4.12
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, 
        CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Syntax: gpg [options] [files]
sign, check, encrypt or decrypt
default operation depends on the input data

Commands:
 
 -s, --sign [file]             make a signature
     --clearsign [file]        make a clear text signature
 -b, --detach-sign             make a detached signature
 -e, --encrypt                 encrypt data
 -c, --symmetric               encryption only with symmetric cipher
 -d, --decrypt                 decrypt data (default)
     --verify                  verify a signature
     --list-keys               list keys
     --list-sigs               list keys and signatures
     --check-sigs              list and check key signatures
     --fingerprint             list keys and fingerprints
 -K, --list-secret-keys        list secret keys
     --gen-key                 generate a new key pair
     --delete-keys             remove keys from the public keyring
     --delete-secret-keys      remove keys from the secret keyring
     --sign-key                sign a key
     --lsign-key               sign a key locally
     --edit-key                sign or edit a key
     --gen-revoke              generate a revocation certificate
     --export                  export keys
     --send-keys               export keys to a key server
     --recv-keys               import keys from a key server
     --search-keys             search for keys on a key server
     --refresh-keys            update all keys from a keyserver
     --import                  import/merge keys
     --card-status             print the card status
     --card-edit               change data on a card
     --change-pin              change a card's PIN
     --update-trustdb          update the trust database
     --print-md algo [files]   print message digests

Options:
 
 -a, --armor                   create ascii armored output
 -r, --recipient NAME          encrypt for NAME
 -u, --local-user              use this user-id to sign or decrypt
 -z N                          set compress level N (0 disables)
     --textmode                use canonical text mode
 -o, --output                  use as output file
 -v, --verbose                 verbose
 -n, --dry-run                 do not make any changes
 -i, --interactive             prompt before overwriting
     --openpgp                 use strict OpenPGP behavior
     --pgp2                    generate PGP 2.x compatible messages

(See the man page for a complete listing of all commands and options)

Examples:

 -se -r Bob [file]          sign and encrypt for user Bob
 --clearsign [file]         make a clear text signature
 --detach-sign [file]       make a detached signature
 --list-keys [names]        show keys
 --fingerprint [names]      show fingerprints

Please report bugs to <gnupg-bugs@gnu.org>.

If you ever forgot your password (passphrase), you cannot recover the data as it use very strong encryption.

Decrypt a file

To decrypt file use the gpg command as follow:

root@kali:~# gpg secretfilename.txt.gpg

Sample outputs:

gpg secretfilename.txt.gpg
gpg: CAST5 encrypted data
Enter passphrase:

Decrypting files with password in Linux - blackMORE Ops - 2

Decrypt file and write output to file secretfilename.txt you can run command:

root@kali:~# gpg secretfilename.txt.gpg –o secretfilename.txt

Famous usage of GnuPG

In May 2014, The Washington Post reported on a 12-minute video guide “GPG for Journalists” posted to Vimeo in January 2013 by a user named anon108. The Post identified anon108 as fugitive NSA leaker Edward Snowden, who it said made the tutorial—”narrated by a digitally disguised voice whose speech patterns sound similar to those of Snowden”—to teach journalist Glenn Greenwald email encryption. Greenwald said that he could not confirm the authorship of the video.

Conclusion

As you can see, GnuPG does have real life usage and in many cases it was used in both legal and illegal activities. I won’t go in to discuss about the legality of the usage, but if you are ever in the need of sending and transferring a file that requires encryption, then GnuPG or GPG is definitely a worthy tool to consider for encrypting files in Linux, Unix, Windows or any known platforms.

Hope you’ve enjoyed this little guide. Please share and RT.

Check Also

How to add RBL check on Zimbra Server - blackMORE Ops - 2

How to add RBL on Zimbra Server?

A DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) is an effort to stop …

Android vulnerability allows attackers root access - blackMORE Ops - 2

Android vulnerability allows attackers root access

In an Android Security Advisory issued on March 18th, Google revealed it was notified of …

One comment

Use WordPress.com, Twitter, Facebook, or Google+ accounts to comment (anonymous comments allowed)

This site uses Akismet to reduce spam. Learn how your comment data is processed.