Menu
01101110 01100101 01110100 01110111 01101111 01110010 01101011 01100001 01100100 01101101 01101001 01101110 01110100 01101111 01101111 01101100 01110011 00001101 00001010

Background

Manage Engine

Our readers provide the funding for our platform, and we may receive a commission when you make a purchase using the links on our site.

Encrypting Files Conventionally With GnuPG

/ October 3, 2016 — Security

Conventional encryption is where there are no keys involved. This can be done with the -c option on GnuPG. When you use this option you will be asked for a passphrase. To decrypt the file the same passphrase is needed. This is ideal for password lists, where you have the ability to share the passphrase with those who need it. Another application is to encrypt filesystem backups. One caution, though. Be careful about the unencrypted file. If it lived on the filesystem, it often can be recovered. As for memory, GnuPG uses secure memory, and will warn you if it can’t, so at least unencrypted files won’t lay around in memory. Let’s do some encrypting. We are going to use a big 529 meg file as a test, which GnuPG handled quite quickly. Let’s encrypt the file:

u-1@srv-1 gpgt $ ls
s.rr
u-1@srv-1 gpgt $ gpg -c s.rr
u-1@srv-1 gpgt $ ls -l
... 529530880 Mar 11 09:29 s.rr
... 467898628 Mar 11 09:32 s.rr.gpg

You will be asked for your passphrase. Make sure you are doing this at the console or over a secure connection if this is a remote system. Notice that the gpg file is smaller. It is compressed by default. Now, we will move the gpg file to another directory, decrypt it, and make sure it is identical:

u-1@srv-1 gpgt $ mkdir ruk
u-1@srv-1 gpgt $ mv s.rr.gpg ruk
u-1@srv-1 gpgt $ cd ruk
u-1@srv-1 ruk $ ls
s.rr.gpg
u-1@srv-1 ruk $ gpg s.rr.gpg
gpg: CAST5 encrypted data
gpg: WARNING: message was not integrity protected
u-1@srv-1 ruk $ diff s.rr ../s.rr
u-1@srv-1 ruk $

Files are the same. All is good.

Information

About