How To Secure Your Work like a Pro.
Utilizing PGP Keys to Encrypt Everything you have.
If have some super private or confidential data on your computer and don’t want anyone to have it, even if they have login access of your computer, then you already know the answer to “Why should we do this”.
Now all that remains is “What” & “How” and that’s what we are going to talk about today. Let’s have quick look into TOC for this article…
Difficulty : Intermediate, (or easy, once you know the basic concepts and process of public-key crypto.)
What’s PGP & GPG?
Pretty Good Privacy or PGP uses several encryption technologies, like hashing, data compression, and public/private PGP keys to protect an organization’s critical information. BUT, it’s propriety owned by Symantec.
Yes the makers of Norton Antivirus.
Luckily there is OpenPGP, it is an open source standard that allows PGP to be used in software that is typically free to the public. The term “Open PGP” is often applied to tools, features, or solutions that support open-source PGP encryption technology.
And now GnuPG or GPG, stands for GNU Privacy Guard. GPG is a different implementation of the Open PGP standard and a strong alternative to Symantec’s official PGP software.
“GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications” ~ https://gnupg.org/
And that’s what we are gonna use.
How to set up our GPG keys?
Installing GPG in Linux and MacOS 🐧 🍎
Usually it’s already installed, but should this is not be the case with you, you can download the GPG source from :-
and Compile it using the Instructions from official manual :-
If you are in Debian-base system, then you might be able to do:-
$ sudo apt-get install gnupg to install it via repos.
or $ sudo yum install gnupg for CentOS, Fedora, RHEL etc.
Installing in Windows
GPG is not usually default in windows and you might need to install it on your own, don’t worry you can download gpg4win from official source :
OR you can refer following PDF (might take time to show-up embedded in medium)
In short it follows the simple windows installation and the command are same for everything via powershell.
So once you’ve installed it, you are golden.
Generating New Key Pair 🔑
Now as we have installed gpg, we need to generate our new key pair to be used for signing and encryption.
Why I said key “pair” ? Check this out ➡️
Anyways, let’s generate ours.
To generate key pair, open terminal and type :-
$ gpg --full-generate-key
Select 1 , it means we will use RSA for both signing and encryption.
Next it will ask for Key Size. To be on safe side use 4096 bits long key. Just input 4096.
Next it will ask you to set expiration, for now we will set key does not expire, input 0 here and continue.
Next it will confirm your input, just say y and continue. Then it will ask you to enter your basic details, to associate your keys with, give ’em that.
After that it will confirm your inputs, check it and if it’s okay, input O and continue.
Then it will ask you for your password, FILL THIS CAREFULLY.
Here I chose 1234 for the sake of this article, make sure you provide strong password that you can remember.
Confirm the password and select OK (press enter key).
After this you might see something like this :-
This is because we need to generate high entropy random number, just move your mouse around and it would be fast, you don’t need to do anything special in this, gpg is collecting random values from your system so just wait.
After this is done, we will have our keys generated :
YAY !! Now you have your own key pair !
See your keys 👀
You can see all you keys in the key-ring by:-
gpg --list-keys
How to use these keys ?
So now we have our keys, let’s put them to good use for encrypting and signing (topic for another article :-) )
Encrypt Your Data 🔐
To encrypt any data :-
gpg --encrypt <file_to_encrypt>
In this case, I am trying to encrypt imp.txt with former key we generated.
It will ask for recipients, type your Name or EmailID here (which is used to generate keys) and Press “enter key” to end the prompt. This will encrypt the file with your encryption public key (or someone else’s public key if you have it in your keyring and provide their Name or Email in recipients section.)
After that, you will see new file imp.txt.gpg which is our encrypted file.
Let’s see the difference:-
As we can see that our imp.txt.gpg is encrypted, and we can delete original imp.txt file.
Now we only have our encrypted file.
Decrypt Your Data 🔓
To decrypt the file :-
gpg --decrypt <encrypted_gpg_file>
Provide your password that we used when creating the key, in this case 1234.
In this case we got our answer on stdout, we can divert it into a file by redirection :-
gpg --decrypt imp.txt.gpg > imp.txt
We can check the contents of the decrypted file by simply using cat in this case.
Closing words ✏️
Now we have basic setup for gpg encryption and can encrypt ANY file we want in our workflow.
There is more to it, can we can combine different tactics for ultimate security / signing etc. but that we will try to cover in future articles. (Including ‘how to delete or revoke the keys, and how to backup and sync. keys)
So see ya in next one, till then, stay caffeinated!
