Welcome to the Part 2 of GPG/PGP Key series.

What we learnt already: In Part 1 we saw how to generate our own unique GPG key in Linux and how to register your key to GPG keyservers.

What we will learn: In this part we will learn how to use those keys to send and receive encrypted file.

So let’s get started…

Suppose you would like to send an encrypted message or encrypted file to your friend. We are making following assumptions:

Person 1 – You

Person 2 -Your Friend

Now let’s say Person 1 wants to send an encrypted file, account.txt, to Person 2. The file account.txt looks like this:

Bank Account Number: 12345678
Transaction Amount: $ 500,000

Steps  for Person 1

Step 1: Import Person 2′s key

The first step is to import the person’s (Person 2) public key information, to whom you would like to send the secret file, into your system. You can do this in two ways:

Method 1:

Import Person 2′s public key using a file that he/she might have send you in an email. Suppose the file is called person2_pub_key.txt. Give the following command to import it:

person1:~# gpg --import person2_pub_key.txt

Note: The public key is generated as explained in Step 5 of Part 1. We are assuming that Person 2 has followed Part 1 and generated the file pubkey.txt and send it to you after renaming it to person2_pub_key.txt

Method 2:

Another method is to search for Person 2′s public key information on the GPG keyserver. We can only use this method if the Person 2 did Step 6 of Part 1. You can search for Person 2′s key using the following command:

person1:~# gpg --search-keys --keyserver hkp://subkeys.pgp.net 'person2@abc.com'
or
person1:~# gpg --search-keys --keyserver hkp://subkeys.pgp.net 'Person 2 name'
or
person1:~# gpg --search-keys --keyserver hkp://subkeys.pgp.net 'Key-ID'

Basically you can either search by Person 2′s Name, e-mail or Key ID as noted in Step 3 of Part 1.

You should be able to see something like this:

gpg: requesting key EE6E8046 from hkp server subkeys.pgp.net
gpg: key EE6E8046: “Person 2 name (Public Key) <person2@abc.com>” not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

Step 2: Verify the import

We need to verify whether Person 2′s key successfully imported into our system or not by giving the following command:

person1:~# gpg --list-keys

and you should be able to see something like this:

/root/.gnupg/pubring.gpg
————————
pub   1024D/E4635BBE 2009-03-16
uid                  John Doe (My first key) <gpg@abc.com>
sub   2048g/0AC353C2 2009-03-16

pub   1024D/EE6E8046 2009-02-20
uid                  Person 2 name (My GPG key) <person2@abc.com>
sub   2048g/AE3B1BD4 2009-02-20

The 2nd key information (in Italics) is Person 2′s information to whom you would like to send the encrypted file.

Step 3: Encrypt the file using your private key

Now we are fully ready to encrypt the file using public key of Person 2 from above steps.

person1:~# gpg --encrypt --recipient 'person2@abc.com'' account.txt

Note: You might get some warning messages regarding the authenticity of the public key. Simple ignore and say yes (“y”), since we fully trust Person 2.

Now a file called account.txt.gpg should be created. This is our encrypted file and you if you try to open it using a text editor you see garbage in it which basically means that your encryption process was successful.

Step 4:  Send the encrypted file to Person 2

Now we simply need to send this encrypted file to Person 2 through e-mail or any other storage media. Once you (Person 1) send it the file to your friend (Person 2) your job is done and now the Person 2 has to do some work to decrypt it so that he/she can read the message.

Steps  for Person 2

Now Person 2 has to do the exact same Step 1 and Step 2 from above with the only difference of substituting Person 2′s information with Person 1′s. Basically he/she will fist have to import Person 1′s public key and then verify if it got imported successfully or not. I have summarized this as follow:

person2:~# gpg --import person1_pub_key.txt
or
person2:~# gpg --search-keys --keyserver hkp://subkeys.pgp.net 'gpg@abc.com'
person2:~# gpg --list-keys

Decrypt the file

Finally the Person 2 can decrypt the file account.txt.gpg with the following command:

person2:~# gpg --output account.txt --decrypt account.txt.gpg

You will be asked for your paraphrase (from Step 2 in Part 1) in order to decrypt the file. After entering your paraphrase you should see a file called account.txt (as specified in the –output option in above command) and you now view it content’s using any text editor.

person2:~# less account.txt
Bank Account Number: 12345678
Transaction Amount: $ 500,000
account.txt (END)

That’s it. Your friend (Person 2) is happy to receive the message with all the important details and he/she says “Thank you” to you (Person 1).

Part 3: Verify encrypted sign files like ISO images

Be Sociable, Share!