Security

Encrypt any file with symmetric cryptography using GPG

Encryption lets you keep your sensitive data, banking information and conversations safely protected by code. Learn how you can use the free GPG utility to protect your data.

Encryption lets you keep your sensitive data, banking information and conversations safely protected by code. Learn how you can use the free GPG utility to protect your data.

It's finally getting to the point that many folk are approaching a sensible level of care about security. Virus scanners, firewalls and anti-spam systems have become commonplace enough that running one doesn't make people look at you in the same way as the guy in the tin foil hat who talks intensely and earnestly about how the government is watching his every move. Times have changed so that that's not really a stretch anymore either.

Still, even with a newfound acceptance of the realities of net security, it seems people are still wilfully ignorant of encryption. Some don't know what it is, others don't see the point, but for many it's just as simple as not realising how simply and painlessly they can protect their files from outside interference.

First up take the GNU Privacy Guard or GPG — a free program that can encrypt any file you like with any password you choose from the console. Let's take a sample file with some lines out of Hamlet:

$ cat hamlet
    To be, or not to be- that is the question:
    Whether 'tis nobler in the mind to suffer
    The slings and arrows of outrageous fortune
    Or to take arms against a sea of troubles,
    And by opposing end them. To die- to sleep-
    No more; and by a sleep to say we end
    The heartache, and the thousand natural shocks
    That flesh is heir to. 'Tis a consummation  
    Devoutly to be wish'd. To die- to sleep.
    To sleep- perchance to dream: ay, there's the rub!
    For in that sleep of death what dreams may come

To encrypt a file with a passphrase (like a password, but can include spaces and be much longer) you just need to run the following:

$ gpg -c hamlet
Enter passphrase:

This creates an encrypted file, hamlet.gpg, which cannot be read by any text editor. To decrypt the file, all you have to do is:

$ gpg -d hamlet.gpg 
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
    To be, or not to be- that is the question:
    Whether 'tis nobler in the mind to suffer
    The slings and arrows of outrageous fortune
    Or to take arms against a sea of troubles,
    And by opposing end them. To die- to sleep-
    No more; and by a sleep to say we end
    The heartache, and the thousand natural shocks
    That flesh is heir to. 'Tis a consummation  
    Devoutly to be wish'd. To die- to sleep.
    To sleep- perchance to dream: ay, there's the rub!
    For in that sleep of death what dreams may come
gpg: WARNING: message was not integrity protected

This method encrypts your file using a symmetric cryptographic algorithm, one that uses the same key on both sides — meaning you decrypt using the same passphrase that you decrypt with. This is perfect if you're encrypting files for safety on your local computer and you know its you that types the passphrase in to decrypt.

If you're transmitting the file over the wires and you want somebody else to decrypt it then you've got a problem. Somehow you've got to get the passphrase to them as well. You can't just send the passphrase with the encrypted file, that's the same as no protection at all. You need to organise another channel to send the passphrase.

For two people who wish to share password protected information there are two main ways in which is occurs. In the first, person A and person B arrange the password and how the file is transferred previously in person. This depends on the ability to meet securely in person, at which point the original data could be transferred itself in safety — In many cases this cannot be guaranteed.

The second method: person A sends the encrypted file through one channel, and the passphrase through another. For example, the data is e-mailed, and then person B calls person A to confirm and receive the passphrase. This means that in order to intercept the information, an attacker would need to compromise both the e-mail system and phone lines — not impossible, but harder than either one.

That's the downside of symmetric key cryptography, you've got to share information between parties separately. If both parties are yourself, then there's no problem at all, but whenever you must transmit the password you run the risk of being eavesdropped upon. The alternative is to use asymmetric or public key cryptography, which solves many of these problems, but at a cost of speed and ease of use.

Editor's Picks

Free Newsletters, In your Inbox