GnuPG, the open replacement for PGP, is an excellent tool to manage cryptographic signatures to files or e-mails for validity and integrity, as well as a tool to encrypt and decrypt sensitive files. Previously, we looked into creating an initial GPG public/private keypair and looked at embedding a signature into an ASCII document.

GPG can do much more than that. Many e-mail programs provide GPG support so you can use GPG seamlessly with your e-mail client. This allows you to digitally sign e-mails to assure recipients that you did indeed write the message. It also allows you to encrypt messages to a recipient with their public key, meaning that only the individual with the passphrase to the equivalent private key can decode and read the e-mail.

Likewise, GPG can do the same for files. If you wish to encrypt a file for someone else, you would use his or her public key to encrypt the file. However, if you wished to keep your own files private and safe from theft or prying eyes, you would encrypt the file with your own public key, ensuring that only you would be able to decrypt it.

It makes no difference to GPG what type of file you are encrypting; it can be binary just as well as text, or an OpenOffice.org spreadsheet. For instance, to encrypt a Word document for yourself, you would execute the following:

$ file private.doc

private.doc: Microsoft Office Document

$ gpg -ea -r user@domain.org private.doc

The original file is untouched, but the document is now stored in an ASCII file called private.doc.asc:


$ file private.doc.asc
private.doc.asc: PGP armored data message
$ gpg -d private.doc.asc >new.doc


You need a passphrase to unlock the secret key for


user: "Real Name (Comment) <user@domain.org>"


2048-bit ELG-E key, ID 7F72A50F, created 2007-12-01 (main key ID 9B1386E2)




Enter passphrase:




gpg: encrypted with 2048-bit ELG-E key, ID 7F72A50F, created 2007-12-01


      "Real Name (Comment) <user@domain.org>"


$ cmp new.doc private.doc


$ echo "" >>new.doc


$ cmp new.doc private.doc


cmp: EOF on private.doc


The cmp command at the end was a slight demonstration to indicate that that resulting decrypted file is exactly the same as the original, which is visible in the slight modification done to it prior to the second invocation of cmp.


The result of the above is an ASCII armored file, making it quite portable but at the expense of size.  To create a binary file, omit the -a option:




$ gpg -e -r user@domain.org private.doc $ file private.doc.gpg


private.doc.gpg: GPG encrypted data


$ ls -l private.doc*


-rw-------    1 user     user        30720 Nov 29 15:36 private.doc


-rw-r--r--    1 user     user         7340 Dec  2 17:27 private.doc.asc


-rw-r--r--    1 user     user         5352 Dec  2 17:33 private.doc.gpg




As you can see, some compression can take place as well; a 30-KB Word document turns into a 7-KB ASCII-armored file or a 5-KB GPG encrypted file.


If you are only interested in integrity checking and validity of a file, you can create digital signatures for those files to ensure that they haven’t changed.







$ gpg -ba -u user@domain.org private.doc




You need a passphrase to unlock the secret key for


user: "Real Name (Comment) <user@domain.org>"


1024-bit DSA key, ID 9B1386E2, created 2004-09-09




Enter passphrase:


$ gpg --verify private.doc.asc


gpg: Signature made Sun Dec  2 17:37:02 2007 MST using DSA key ID 9B1386E2


gpg: Good signature from "Real Name (Comment) <user@domain.org>"


$ echo "" >>private.doc


$ gpg --verify private.doc.asc


gpg: Signature made Sun Dec  2 17:37:02 2007 MST using DSA key ID 9B1386E2


gpg: BAD signature from "Real Name (Comment) <user@domain.org>"


Again, the above creates an ASCII-armored version of the signature; to create a binary copy, change -ba to simply -b to drop the switch to enable ASCII output.  The second command verifies the file, by checking the signature.  Next, just for testing, we slightly modify the file and you can see that on the next run, the verification fails.


There are many places where GPG has practical application.  This has touched only on a few of the very basic uses for GPG, but not only does it have more features to tap into, but the uses for it are many and varied.


Delivered each Tuesday, TechRepublic’s free Linux and Open Source newsletter provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!




    


        
        

            

                                

                    Subscribe to the Developer Insider Newsletter                

                
                
                                

                    From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays                

                            


            

                

                    
                    
                


                                

                    

                        
                        
                    

                

                
                
            

        

    








    


    


                

            
        

        
        

            

                                

                    Subscribe to the Developer Insider Newsletter                

                
                
                                

                    From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays