Encrypting files with GnuPG
GnuPG (Gnu Privacy Guard) is a free PGP (Pretty Good Privacy) replacement. GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signature. GnuPG does not use any patented algorithms so it cannot be compatible with PGP2 because it uses IDEA (which is patented wordwide) and RSA. RSA's patent expired on 20th September 2000, and it is now included in GnuPG.
We will learn how to use GnuPG to manage public key encryption.
[root@server1~]# gpg --gen-key
Generates a new key pair for the user you will be asked for:
1. Kind of Key (RSA/RSA is default).
2. Key length in bits (longer is stronger).
3. Expiration (in case of key compromise).
4. Name, Email Comment to Identify the owner of the key.
5. Passphrase (required to protect the private key so it cannot be used if stolen).
[root@server1~]# gpg --list-keys
List of the public keys the owner has.
Their own and any they've imported from other people they communicate with.
[root@server1~]# gpg --export --armor key-ID > /tmp/encryption.key
[root@server1~]# gpg --export --armor 4C6721AD > /tmp/encryption.key
Exports your public key into a file so that other people can have it. The '--armor' option puts the output in text rather than binary format. The key-ID is the email address or an 8 hexadecimal digit number listed on the pub like from '--list-keys'.
[root@server1~]# gpg --import /tmp/encryption.key
Imports another person's public key from a key file that has been sent to you.
[root@server1~]# gpg --encrypt --armor -r key-ID file
[root@server1~]# gpg --encrypt --armor -r email@example.com test.txt
Encrypts a message with the public key for ‘key-ID’. If ‘-r key-ID’ is not given the command will prompt for recipient. Default output file is 'test.txt.asc'.
[root@server1~]# gpg --decrypt test.asc