Showing posts with label gpg. Show all posts
Showing posts with label gpg. Show all posts

Sunday, September 3, 2017

Ubuntu Encrypting Files With GPG

Ubuntu Encrypting Files With GPG


But I already Encrypt My Drives...

The latest Ubuntu 14 release makes it very easy to encrypt your hard drives at installation. However, encrypting a drive only protects your data if your computer is turned off. It will not protect your data whilst your computer is running, which for me is 90% of the time. We need a solution whereby our files remain encrypted, and we only decrypt them as and when we need them. This also protects your data, should you decide to transfer it to a friend or host it "in the cloud". For this, we are going to use the GPG (GNU Privacy Guard) tool to encrypt and decrypt our files.

Encryption Method 1 - Passphrase File

In this first method, we are going to write our passphrase to a file, and use that to encrypt/decrypt our files. The great thing about this is that it should not show your passphrase in the process list, which would be an issue if it is a multi-user system.

Make sure other users cannot read this file!

    Create a passphrase for which you are going to encrypt your files with:

    echo "my awesomely amazing passphrase goes here" > $HOME/passphrase.txt
    If you used a command like above to write your passhprase to a file, rather than using a file editor like vim or nano, then you will need to remove your history history so nobody ever sees your passphrase there! 

    history -c
    rm ~/.bash_history

    Now encrypt your files using the passphrase. 


    gpg 
    --cipher-algo AES256 
    --no-use-agent 
    --passphrase-file "$HOME/passphrase.txt" 
    --symmetric 
    [filename here]
    The encrypted file will appear with the same name, except the
    .gpg
    extension will be added to the end, letting you know that it is an encrypted file.

Encryption Method 2 - Enter Passphrase Interactively

In my opinion, this is the simplest/recommended solution, and it removes the possibility of forgetting to delete the passphrase file which somebody else might find at a later date. It also does not require you to clear your history.

    Encrypt your file and enter the passphrase when prompted: 


    gpg 
    --cipher-algo AES256 
    --no-use-agent 
    --symmetric 
    [filename here]
    The encrypted file will appear with the same name, except the
    .gpg
    extension will be added to the end, letting you know that it is an encrypted file.

Encryption Method 3 - Specify Passphrase In Command

This method is useful for scripts whereby you cannot interactively enter the encryption password. However, this is unsafe to use on machines with multi-user access as the passphrase will appear in the currently executing process list.

Do not use this method on a multi-user server!

    Encrypt your file and enter the passphrase when prompted: 


    gpg 
    --cipher-algo AES256 
    --no-use-agent 
    --symmetric 
    --passphrase "my passphrase here" 
    [filename here]
    The encrypted file will appear with the same name, except the
    .gpg
    extension will be added to the end, letting you know that it is an encrypted file.

Decryption Method 1 - Passphrase File

Here is how to decrypt files using a passphrase file.

gpg -d 
--no-use-agent 
--passphrase-file $HOME/passphrase.txt 
secret-file.txt.gpg > secret-file.txt
You may want to remove the passphrase file afterwards!

Decryption Method 2 - Enter Passphrase

Decrypt without 

gpg -d 
--no-use-agent 
secret-file.txt.gpg > secret-file.txt

Decryption Method 3 - Specify Passphrase In Command

    gpg -d 
    --no-use-agent 
    --passphrase "my passphrase here" 
    secret-file.txt.gpg > secret-file.txt
    Clear your history history so nobody ever sees your passphrase there! 

    history -c
    rm ~/.bash_history

References


download file now

Read more »
Posted by at
Labels: , , , ,
Subscribe to: Posts (Atom)