How to encrypt files before sharing online?

As a Data Engineer, one faces the need to share files securely over the internet. An easy way of doing that is using PGP keys, where you generate secure private and public key pair. For some background reading, Personal Security – PGP Keys.

1. The public key can be shared with anyone who has the source file and wants to encrypt it.

2. The private key can be used to decrypt the encrypted file. This should NOT be shared.

Without further ado, let’s dive into the demo.

First, let’s say your friend has a file source_file.txt which he/she wants to encrypt. On your computer, you would generate the public and private keys.
You will share the public key with your friend so that he can encrypt the source_file.txt and share with you over email or Dropbox.

[proutray@devnode ~]$ gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: proutray
Email address: test-email@piyushroutray.com
Comment:
You selected this USER-ID:
    "proutray <test-email@piyushroutray.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

In lines 11, 13, 21 and 23 I have selected the first/default options. You will also be asked to create a passphrase for the private key file.

The ‘real name’ you specify here is important, and is attached to the key pair that is generated.

At this point, depending on your system, it might take some time to generate the random bytes! If you feel its taking long, feel free to open another terminal to same instance and use a find command to generate some bytes. eg. find / | xargs file

Now, continuing to generate the private and public keys. We will specify the file names for the key pair.

Notice, how when we try with a random ‘real name’ it is unable to generate the keys.

40gpg: /home/proutray/.gnupg/trustdb.gpg: trustdb created
gpg: key FB142768 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   1024R/FB142768 2020-06-18
      Key fingerprint = 15EF EEA8 DA40 FCA5 B401  B7EC 329D BD20 FB14 2768
uid                  proutray <test-email@piyushroutray.com>
sub   1024R/5365106D 2020-06-18

[proutray@devnode ~]$ gpg --armor --output pubkey.txt --export 'random'
gpg: WARNING: nothing exported
[proutray@devnode ~]$ gpg --armor --output pubkey.txt --export 'proutray'
[proutray@devnode ~]$ ls
pubkey.txt
[proutray@devnode ~]$ gpg --armor --output privkey.asc --export-secret-keys 'proutray'
[proutray@devnode ~]$ ls
privkey.asc  pubkey.txt

Now, you can share the pubkey.txt file, to a friend who will encrypt his file and share it with you.

[ana@friendnode ~]$ echo "Piyush Routray's website is www.piyushroutray.com" > source_file.txt
[ana@friendnode ~]$ gpg --encrypt --recipient 'proutray' source_file.txt
[ana@friendnode ~]$ ls
source_file.txt  source_file.txt.gpg pubkey.txt

Now, when you get the source_file.txt.gpg from you friend, you can use the private key to decrypt the file!

[proutray@devnode ~]$ gpg --output decrypted.txt --decrypt source_file.txt.gpg

You need a passphrase to unlock the secret key for
user: "proutray <test-email@piyushroutray.com>"
1024-bit RSA key, ID 5365106D, created 2020-06-18 (main key ID FB142768)

gpg: encrypted with 1024-bit RSA key, ID 5365106D, created 2020-06-18
      "proutray <test-email@piyushroutray.com>"
[proutray@devnode ~]$ ls
decrypted.txt source_file.txt.gpg  privkey.asc  pubkey.txt

[proutray@devnode ~]$ cat decrypted.txt
Piyush Routray's website is www.piyushroutray.com

That’s it! You received the secure file and were able to read it on your system.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s