<!DOCTYPE html><htmllang="en"><head><metacharset="UTF-8"><title>How To Encrypt Your Own Documents Using gpg | tait.tech</title><linkrel="stylesheet"href="/assets/css/style.css"><metaname="viewport"content="width=device-width, initial-scale=1.0"><metaname="author"content="Tait Hoyem"><metaname="keywords"content=""><metaname="description"content=""></head><body><divid="wrapper"><header><nav><inputtype="checkbox"id="menu"><labelfor="menu">☰</label><divclass="menu-content"><ahref="/"class="nav-link">Home</a><ahref="/blog/"class="nav-link">Blog</a><ahref="https://github.com/TTWNO/"class="nav-link"target="_blank"rel="noopener noreferrer">Github</a></div></nav></header><main><article><header><h1class="post-title">How To Encrypt Your Own Documents Using gpg</h1><timedatetime="20-04-06"class="post-date">Monday, April 06 2020</time></header><hr><p>If you have ever wanted to garuntee the utmost security of your emails and documents, then this is the guide for you! It should be noted that in some circles the tools used are more common than in others. These are the everyday tools of many privacy advocates and computer nerds.</p><p>If you have never used Linux however, then the method of doing this will be rather unfamiliar. This tutorial will be done on an <ahref="https://archlinux.org/">Arch Linux</a> machine, but it should be the same on Ubuntu, Fedora, CentOS, Debian, OpenBSD, FreeBSD, MacOSX, etc. The only operating system that does not include these tools by default (or easily accessible) is Windows.</p><p>This tutorial makes heavy use of the terminal. You have been warned.</p><p><em>Let us…begin!</em></p><h2id="glossary">Glossary</h2><ul><li><ahref="https://en.wikipedia.org/wiki/Binary-to-text_encoding#ASCII_armor"><strong>ASCII armour</strong></a> — A way to encode <strong>OpenPGP</strong> documents so they are readable by humans. These files end in .asc</li><li><strong>(Open)PGP</strong> — An open standard for encoding pulbic keys and encrypted documents.</li><li><strong>GPG</strong> — GNUPrivacyGaurd is an implementation of <strong>OpenPGP</strong>. It is installed by default on most Linux distrobutions.</li></ul><h2id="step-0-setup">Step 0: Setup</h2><p>We will be using the utility <codeclass="language-plaintext highlighter-rouge">gpg</code> for this tutorial.</p><p>The other thing to note: The character ‘$’ (dollar sign) is usually not typed when shown in a command. It simply indicates that you do not need administrative privilages to run these commands.</p><p>Test to see if you get this output in your terminal.</p><preclass="terminal">
</pre><p>If this is not successful look into how to install these tools on your system.</p><h2id="step-1-getcreate-a-public-key">Step 1: Get/Create A Public Key!</h2><h3id="get-somebody-elses">Get Somebody Else’s</h3><p>Step one is having somebody to send your encrypted message to. Maybe this is a friend, a journalist, or a whistleblower.</p><p>To encrypt a document with somebody’s public key, you need to first obtain it. My public key is available <ahref="/public-key.asc">at this link</a>, and you can use it to send me encrypted stuff.</p><p>If you are on a linux terminal, you can use the <codeclass="language-plaintext highlighter-rouge">curl</code> or <codeclass="language-plaintext highlighter-rouge">wget</code> command to download it.</p><p>wget:</p><preclass="terminal">
</pre><h3id="make-your-own-optional">Make Your Own (optional)</h3><p>The following section is quite long, so if you don’t want to create your own keypair, then feel free to skip to <ahref="#step-2-import-public-key">Step #2</a>.</p><p>If you want to encrypt your own documents, or you want others to be able to send you encrypted messages, then you can create your own public/private key pair. You can use these to encrypt your documents, and you can send our public key to others so that they can securely communicate with yourself.</p><p>Run the following command in your terminal, and follow the steps I outline to get you started.</p><preclass="terminal">
</pre><p>Select the option <codeclass="language-plaintext highlighter-rouge">1</code>. You want two keys, both RSA.</p><p>Next we will select the key size:</p><preclass="terminal">
</pre><p>Type the number 1. This will enable you time to test it, but it will make the key expire within 24 hours so that if you accidentally share your private key, or delete your VM and no longer have access to it, you will be fine.</p><p>It will ask your if you are sure about the expiry date.</p><preclass="terminal">
</pre><p>Type <codeclass="language-plaintext highlighter-rouge">y</code> to confirm your choice.</p><p>Now <codeclass="language-plaintext highlighter-rouge">gpg</code> is going to ask you to create a user id to indetify this key. Use some test data for now. User input is in bold, feel free to follow along or to put your own test data in.</p><p>Once you are more comfortable with the tools, then you can create a public/private keypair that you will keep for some time.</p><preclass="terminal">
</pre><p>It will then ask you for a password. If you are simply using this for test purposes, then you can feel free to set it to something like “test”. When create a long-term use pulbic key make sure to make the password <em>very</em> secure.</p><p>During the process of creating your key, <codeclass="language-plaintext highlighter-rouge">gpg</code> may warn you with this message:</p><preclass="terminal">
</pre><p>If this happens, feel free to smash your keyboard (lightly), watch a YouTube video on the machine, browse the web with <ahref="http://w3m.sourceforge.net/">w3m</a>, etc. until the key is generated.</p><p>You will know it is done when you see this message (or something similar):</p><preclass="terminal">
</pre><p>Tada! You have your own public/private keypair!</p><p>Sharing a keypair that will expire soon is not a good idea, however, if you are ready, then you can use this command to generate a public key file to share with others.</p><p>Feel free to substitute “Mr. Tester” for any other identifying part of your key. Remember that to use the email, you must enclose it in < and >.</p><preclass="terminal">
</pre><h2id="step-2-import-public-key">Step 2: Import Public Key</h2><p>This list of keys that <codeclass="language-plaintext highlighter-rouge">gpg</code> keeps on tap so to speak, is called our “keyring”. Your will need to import a new public key to encrypt files with <codeclass="language-plaintext highlighter-rouge">gpg</code>.</p><p>If you already created your own public key, then this step is not necessary unless you want to also encrypt something for me :)</p><figure><imgsrc="/assets/img/keyring.jpg"alt="A keyring holding eight allen keys."/><figcaption> A keyring holding eight allen keys. </figcaption></figure><p>To import a public key to use for encrypting files, use the <codeclass="language-plaintext highlighter-rouge">--import</code> option of <codeclass="language-plaintext highlighter-rouge">gpg</code>. Like so:</p><preclass="terminal">
</pre><p>Now that we have imported a public key, we can make a message to send!</p><h2id="step-3-have-a-message-to-encrypt">Step 3: Have A Message To Encrypt</h2><p>You can make a new file which holds some important, secret data. Feel free to use a graphical editor if you have one, if not, <codeclass="language-plaintext highlighter-rouge">nano</code> works alright too.</p><preclass="terminal">
</pre><p>Save this file as something like <codeclass="language-plaintext highlighter-rouge">test-pgp.txt</code>, and we’ll use that name later.</p><h2id="step-4-encrypt-a-message">Step 4: Encrypt A Message</h2><p>Now that we have a message to send and person to send to, all we have to do is encrypt this message and it’ll be on its merry way! To do so, we must specify two new options to <codeclass="language-plaintext highlighter-rouge">gpg</code>.</p><p>The first is <codeclass="language-plaintext highlighter-rouge">--recipient</code>. This tells <codeclass="language-plaintext highlighter-rouge">gpg</code> to encrypt using a certin public key that we have in our keyring. You can use the person’s name, email address, or the key’s uid.</p><p>The second is <codeclass="language-plaintext highlighter-rouge">--encrypt</code>.</p><p>You will also specify the <codeclass="language-plaintext highlighter-rouge">--armour</code> option to use ASCII armoured files. Put this option after <codeclass="language-plaintext highlighter-rouge">--encrypt</code>, and put the file name after <codeclass="language-plaintext highlighter-rouge">--armour</code>. See below.</p><p>You can either use your own public key name to encrypt a document (allowng only you to decrypt it), or you can use my public key that we imported earlier (allowing only me to decrypt it). Either way works fine.</p><p>This is the big one!</p><preclass="terminal">
</pre><p>“But there is no output!” you might say! Yes, that is because our new (encrypted) file has already been saved. Let’s look at it with cat.</p><preclass="terminal">
</pre><h2id="step-5-decryption-optional">Step 5: Decryption (optional)</h2><p>If you created your own public/private keypair in step 1, and you encryped using <codeclass="language-plaintext highlighter-rouge">--recipient "Your Test Name"</code>, then you can decrypt your document as well!</p><p>You will need to specify <codeclass="language-plaintext highlighter-rouge">--decrypt</code>, and that’s all folks!</p><preclass="terminal">
</pre><p>A password dialog will then come up asking for your previously created password. As long as you remember your password from before and enter it correctly: voila!</p><preclass="terminal">
</pre><h2id="step-6-finale">Step 6: Finale!</h2><p>Ladies and gentleman, you have done it! You have encrypted our very own document. (And maybe even decrypted it yourself too :)</p><p>If you encrypted using my public key, feel free to send it to <ahref="mailto:tait@tait.tech">my email</a>. I am happy to verify if it worked.</p><p>For more information on this subject, check out <ahref="https://www.gnupg.org/gph/en/manual/c14.html">gnugp.org’s guide</a> on using GPG. They are the ones that make these tools available, and the <ahref="https://www.gnu.org/">GNU Project</a> has been instrumental in creating the open-source world as it exists today. Give ‘em some love, eh!</p><p>Thank you so much for sticking through this whole thing! Let me know if there is anything that doesn’t make sense. I am happy to improve this guide as time goes on if that is necessary.</p><p>Happy hacking :)</p></article></main><hr><footer> This page is mirrored on <ahref="https://beta.tait.tech/2020/04/06/rsa4.html">beta.tait.tech</a>. </footer></div></body></html>