GPG/GnuPG Encyrption Tutorial

[Tor]

This guide will show you how to use and setup GPG for file encryption. GPG is an encryption and signing tool for the Linux/Unix operating system. GPG is the main program for the GnuPG system.

Getting Started
To start you need to First run the generation commands:

Code:

# gpg --gen-key

gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)

Use the default (1) and press enter.

Code:

DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)

Use the default here, press enter.

Code:

Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years

Again use the default.

Code:

Key does not expire at all
Is this correct? (y/N)

Enter "y" and press enter.

Code:

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name:

Type in a name to identify the key. I use my first name for this example I will use "tor". Remember the name you use (used later).

Then enter your email address and comment.

Code:

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?

Press O and then Enter.

Code:

Enter passphrase:

Type a unique passphrase. This is like a password.

Code:

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++++++++++++++++++++++.+++++.+++++++++++++++.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.++++++++++.++++++++++.>+++++.................................................................>+++++.<+++++.......................................>+++++.....+++++

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 277 more bytes)

Type some buttons or open another terminal. Now you have a key generated with your first name and should not get that error above.


Encrypting a file
Encrypting a file is easy, you'll need the name you used above (which I told you to remember). Issue the command below:

Code:

# gpg -e -r <name> <file>

Which you will need to replace <name> and <file> with valid values. Let us use the name I used, tor, and /home/tor/test.txt as the file name.

Code:

# gpg -e -r tor /home/tor/test.txt

Alternatively you can use the long version of the command:

Code:

# gpg --encrypt --recipient 'tor' /home/tor/test.txt

Here is the file before encryption:

Code:

this is a test

and here is the file after encryption:

Code:

<85>^B^N^CeK^Z^MÂó ?l|[- !S>Ã<91><9f>Mo9âg²ê^?#Y ^XôÃ]ëF$f¿a^WCô^Uqøh"v^]Ã:§`^Nÿ Ã^\Ã
ðïe°¾Ã¹Ã*G/j>^Y<95>½UI<9f>d^F<83>÷@Ã<89>^U;Ã(o^VCAÃHÃ¥?<9c>U~ü<86>w;ZXÃ>§¥ÃL[º² ag^[^[^]        k^HC<8b>^A<98>^P<86>^GFZÃöE<9f>ÿl'+<9b>+3 Ã(Ã<8a>î±ÃÃ86>>             þ^ZÿãWÃ<85>^[^?^K<82>Ã>KÃ4^RZE--xS^E£OlÃÃÃ
FöÃ*<9e>¹».~S{Ãf<855Ã>M|M^Hºy¼?^\|S:[Ãì<8b>çl<94>*b}<93>éÃ7K´<92>î¨*Ã>¶!¯ÃC0´D<95>>
D^PÃh<9d>ÃÃöBÃ^U$^_<89>´é^Cô4þÃÃ
CÃ<I^L!<83>^X©^Tøà       ¶£=<8b>aYüö¢^YóiTut<8e>^^      VA<8a>|Ãâ<95>§S7¢¢ýGO%T*tÃ<81>Ã=ê^]¿/ôCÿÃhKóL^AÃô]?^NÃ=<8e>!Ãþ¼G^MVg>ð<8e>^]<9a>)Ãà Ã<84>»KÃ<96>8ÃÃ^C^Olú÷©       LÃñªÃ^A^VÃ(^E<94>Ã^?mÃþF?Ã<90>qÃ>^^p^@^^
\|9<84>¢6<8d>^VðgäùÃ<8e>µéuÃã<90><8c>^R^X! <9d><90>^\ïñQ<DÃ.^OJ<94>yty>F]¹2Ã^XmìK<9d>:kT

GPG will add a ".gpg" to the end of the encrypted file. This leaves the original intact and makes an encrypted copy.

Decrypting a File
Decrypting a file is just as easy. Simply run this command:

Code:

# gpg --output <output> --decrypt <file.gpg>

Replace <output> with the name of the file you want to produce, decrypted. Replace <file.gpg> with the name of the encrypted file. For example:

Code:

# gpg --output test.txt --decrypt /home/tor/test.txt.gpg

If you only have the the pass phrase (password) you can decrypt using --symmetric

Code:

# gpg --output <target_file> --symmetric <file>.gpg

You will be asked to enter the pass phrase twice.

Conclusion
I hope this helps. If you have any questions feel free to post them here.