GPG/PGP Keys-Part 2: How to send and receive encrypted files using GPG key
Welcome to the Part 2 of GPG/PGP Key series.
What we learnt already: In Part 1 we saw how to generate our own unique GPG key in Linux and how to register your key to GPG keyservers.
What we will learn: In this part we will learn how to use those keys to send and receive encrypted file.
So let’s get started…
Suppose you would like to send an encrypted message or encrypted file to your friend. We are making following assumptions:
Person 1 – You
Person 2 -Your Friend
Now let’s say Person 1 wants to send an encrypted file, account.txt, to Person 2. The file account.txt looks like this:
Bank Account Number: 12345678
Transaction Amount: $ 500,000
Steps for Person 1
Step 1: Import Person 2′s key
The first step is to import the person’s (Person 2) public key information, to whom you would like to send the secret file, into your system. You can do this in two ways:
Method 1:
Import Person 2′s public key using a file that he/she might have send you in an email. Suppose the file is called person2_pub_key.txt. Give the following command to import it:
person1:~# gpg --import person2_pub_key.txt
Note: The public key is generated as explained in Step 5 of Part 1. We are assuming that Person 2 has followed Part 1 and generated the file pubkey.txt and send it to you after renaming it to person2_pub_key.txt
Method 2:
Another method is to search for Person 2′s public key information on the GPG keyserver. We can only use this method if the Person 2 did Step 6 of Part 1. You can search for Person 2′s key using the following command:
person1:~# gpg --search-keys --keyserver hkp://subkeys.pgp.net 'person2@abc.com'
or
person1:~# gpg --search-keys --keyserver hkp://subkeys.pgp.net 'Person 2 name'
or
person1:~# gpg --search-keys --keyserver hkp://subkeys.pgp.net 'Key-ID'
Basically you can either search by Person 2′s Name, e-mail or Key ID as noted in Step 3 of Part 1.
You should be able to see something like this:
gpg: requesting key EE6E8046 from hkp server subkeys.pgp.net
gpg: key EE6E8046: “Person 2 name (Public Key) <person2@abc.com>” not changed
gpg: Total number processed: 1
gpg: unchanged: 1
Step 2: Verify the import
We need to verify whether Person 2′s key successfully imported into our system or not by giving the following command:
person1:~# gpg --list-keys
and you should be able to see something like this:
/root/.gnupg/pubring.gpg
————————
pub 1024D/E4635BBE 2009-03-16
uid John Doe (My first key) <gpg@abc.com>
sub 2048g/0AC353C2 2009-03-16pub 1024D/EE6E8046 2009-02-20
uid Person 2 name (My GPG key) <person2@abc.com>
sub 2048g/AE3B1BD4 2009-02-20
The 2nd key information (in Italics) is Person 2′s information to whom you would like to send the encrypted file.
Step 3: Encrypt the file using your private key
Now we are fully ready to encrypt the file using public key of Person 2 from above steps.
person1:~# gpg --encrypt --recipient 'person2@abc.com'' account.txt
Note: You might get some warning messages regarding the authenticity of the public key. Simple ignore and say yes (“y”), since we fully trust Person 2.
Now a file called account.txt.gpg should be created. This is our encrypted file and you if you try to open it using a text editor you see garbage in it which basically means that your encryption process was successful.
Step 4: Send the encrypted file to Person 2
Now we simply need to send this encrypted file to Person 2 through e-mail or any other storage media. Once you (Person 1) send it the file to your friend (Person 2) your job is done and now the Person 2 has to do some work to decrypt it so that he/she can read the message.
Steps for Person 2
Now Person 2 has to do the exact same Step 1 and Step 2 from above with the only difference of substituting Person 2′s information with Person 1′s. Basically he/she will fist have to import Person 1′s public key and then verify if it got imported successfully or not. I have summarized this as follow:
person2:~# gpg --import person1_pub_key.txt
or
person2:~# gpg --search-keys --keyserver hkp://subkeys.pgp.net 'gpg@abc.com'
person2:~# gpg --list-keys
Decrypt the file
Finally the Person 2 can decrypt the file account.txt.gpg with the following command:
person2:~# gpg --output account.txt --decrypt account.txt.gpg
You will be asked for your paraphrase (from Step 2 in Part 1) in order to decrypt the file. After entering your paraphrase you should see a file called account.txt (as specified in the –output option in above command) and you now view it content’s using any text editor.
person2:~# less account.txt
Bank Account Number: 12345678
Transaction Amount: $ 500,000
account.txt (END)
That’s it. Your friend (Person 2) is happy to receive the message with all the important details and he/she says “Thank you” to you (Person 1).
Part 3: Verify encrypted sign files like ISO images
Other Related Posts:
Email Subscription
Loading ...
March 18th, 2009 at 1:40 pm
[...] Part 2: How to send and receive encrypted files using GPG key [...]
January 5th, 2010 at 5:09 am
[...] rimanendo in tema con le chiavi GPG ho trovato un altro post molto interessante sul blog linux.koolsolutions.com che ho deciso di [...]
June 2nd, 2010 at 11:56 am
This is a bit complex… too many parts. If you want a simple guide to encrypt decrypt and generate keys using GNUPG just look at this article
http://www.usingcsharp.net/2010/05/using-pgp-encryption/
It also explains what to do when there is not high enough trust level for the public key.
Reply to this comment