Tuesday, May 19, 2015

Encrypting and decrypting files with password in Linux

http://www.blackmoreops.com/2015/05/07/encrypting-files-with-password

Sometimes you need to send a file containing sensitive information across to someone over internet and you started thinking, “Gee, I’ve got some pretty sensitive information in the file. How can I send it securely?” There are many ways to send encrypted files. A good way for encrypting files is using a long password with GPG or GNU Privacy Guard (GnuPG or GPG) tool. Once you’ve encrypted the file, you can do few things.Encrypting Decrypting files with password in Linux - blackMORE Ops - 3
  1. Put the file in an FTP or Web server the requires a second set of username and passwords.
  2. To further secure, you can put a firewall rule to allow a single IP/Network to access that location.
  3. Send the file via email as an attachment.
  4. Send the file via encrypted email. (double encryption). We will look into email encryption soon.
  5. Create a torrent file and send it securely as a private torrent if the file is too big. (i.e. movies, large files etc.)
So the possibilities are endless. GnuPG or GPG works in Windows, Linux, Mac (any iOS devices), Android, Blackberry etc. In short GnuPG or GPG is supported on all platforms and that’s what makes it such a good encryption tool.

GNU Privacy Guard (GnuPG or GPG)

GnuPG is a hybrid encryption software program in that it uses a combination of conventional symmetric-key cryptography for speed, and public-key cryptography for ease of secure key exchange, typically by using the recipient’s public key to encrypt a session key which is only used once. This mode of operation is part of the OpenPGP standard and has been part of PGP from its first version.
GnuPG encrypts messages using asymmetric keypairs individually generated by GnuPG users. The resulting public keys may be exchanged with other users in a variety of ways, such as Internet key servers. They must always be exchanged carefully to prevent identity spoofing by corrupting public key “owner” identity correspondences. It is also possible to add a cryptographic digital signature to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon has not been corrupted.

Downloan GnuPG

You can download GnuPG for the following Operating systems from this Download GnuPG link.
  1. Windows
  2. OS X
  3. Debian
  4. RPM
  5. Android
  6. VMS (OpenVMS)
  7. RISC OS
  8. *BSD
  9. *NIX
  10. AIX
  11. HPUX
  12. IRIX
  13. Solaris, SunOS
List of supported Operating systems can be found in GnuPG Supported Operating Systems list.
Apart from these, most operating systems have their own implementation of GnuPG which are supported by each other as the underlying encryption and decryption works in a similar way.

Encrypting files in Linux

To encrypt a single file, use command gpg as follows:
root@kali:~# gpg -c secretfilename
To encrypt secretfilename.txt file, type the command:
root@kali:~# gpg -c secretfilename.txt
Sample output:
Enter passphrase:
Repeat passphrase:
Encrypting files with password in Linux - blackMORE Ops - 1
This will create a secretfilename.txt.gpg file. GnuPG or GPG help doco below:

GnuPG or GPG help menu

If you ever forgot your password (passphrase), you cannot recover the data as it use very strong encryption.

Decrypt a file

To decrypt file use the gpg command as follow:
root@kali:~# gpg secretfilename.txt.gpg
Sample outputs:
gpg secretfilename.txt.gpg
gpg: CAST5 encrypted data
Enter passphrase:

Decrypting files with password in Linux - blackMORE Ops - 2

Decrypt file and write output to file secretfilename.txt you can run command:
root@kali:~# gpg secretfilename.txt.gpg –o secretfilename.txt

Famous usage of GnuPG

In May 2014, The Washington Post reported on a 12-minute video guide “GPG for Journalists” posted to Vimeo in January 2013 by a user named anon108. The Post identified anon108 as fugitive NSA leaker Edward Snowden, who it said made the tutorial—”narrated by a digitally disguised voice whose speech patterns sound similar to those of Snowden”—to teach journalist Glenn Greenwald email encryption. Greenwald said that he could not confirm the authorship of the video.

Conclusion

As you can see, GnuPG does have real life usage and in many cases it was used in both legal and illegal activities. I won’t go in to discuss about the legality of the usage, but if you are ever in the need of sending and transferring a file that requires encryption, then GnuPG or GPG is definitely a worthy tool to consider for encrypting files in Linux, Unix, Windows or any known platforms.
Hope you’ve enjoyed this little guide. Please share and RT.

No comments:

Post a Comment