The easiest way to encrypt a file is to use the symmetric encryption provided by GPG (GNU Privacy Guard). This helps you to encrypt a file by providing a password. The same password is later used to decrypt the file.
Encryption
[safeer@LinuxBox1 ~]$echo "This is plain text" > file1_txt
Now encrypt this file with gpg
[safeer@LinuxBox1 ~]$ gpg -c file1_txt
Enter passphrase:
You will be prompted to enter the passphrase twice. Once the password is entered the encrypted file will be saved as "file1_txt.gpg". This will be a binary file. If you open this you will see a lot of unreadable characters. Instead if you want to make this readable use the armor option (ASCII format) as follows
[safeer@LinuxBox1 ~]$ gpg -c -a file1_txt
This will create a file "file1_txt.asc"
[safeer@LinuxBox1 ~]$ cat file1_txt
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.5 (GNU/Linux)
jA0EAwMCvQn1YCJCMmFgyTBooxld2Zo/Vb5hYg00Pyg1OMeaZ3CXIrICjUwHqj50
RKRRZMoQmvRnZzISt01uoZs=
=3UMZ
-----END PGP MESSAGE-----
This format is particularly useful when you are sending this file to somebody, most probably through e-mail. You will also have to let the receiver know the passsphrace, may be through phone or some other secure channel. Otherwise he wont be able to decrypt the file.
You can alternatively specify an output file other than the default -filename.(gpg/asc).
[safeer@LinuxBox1 ~]$ gpg -c -a --output file1.secure file1_txt
Now the encrypted output will be stored in "file1.secure".
Decryption
[safeer@LinuxBox1 ~]$ cp file1_txt.asc /tmp
[safeer@LinuxBox1 tmp]$ gpg file1_txt.asc
gpg: CAST5 encrypted data
Enter passphrase:
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
This will create the plain text file file1_txt. If a file of this name already exist in the current directory, yo will be prompted whether to overwrite it, or provide an alternative file name as follows:
[safeer@LinuxBox1 tmp]$ gpg file1_txt.asc
gpg: CAST5 encrypted data
Enter passphrase:
gpg: encrypted with 1 passphrase
File `file1_txt' exists. Overwrite? (y/N) N
Enter new filename: file1_plain
gpg: WARNING: message was not integrity protected
If you want the decrypted output to be printed to standard output:
[safeer@LinuxBox1 tmp]$ gpg --decrypt file1_txt.asc
gpg: CAST5 encrypted data
Enter passphrase:
gpg: encrypted with 1 passphrase
This is plain text
gpg: WARNING: message was not integrity protected
Here also you can give an alternate output file name:
[safeer@LinuxBox1 tmp]$ gpg --decrypt --output file1.plain file1_txt.asc
Decryption method is the same for asc and gpg files.
This method uses symmetric key encryption which is not considered much secure nowadays, because the passphrase should also be shared. Generally asymmetric/public key encryption is preferred. But for a starter, this is good enough.
Beware! If you forget the encryption password, you are done. You will never be able to decrypt the file.
No comments:
Post a Comment