Much of today’s communication in the professional world occurs via email. What could be worse than sending an email to the wrong recipient or having an email intercepted by an attacker?
There are many reasons that emails should not contain information, especially confidential or personal identifiable information, in plain text. Doing so could put a full organization at risk. Is there a solution? Yes, encryption.
Asymmetric cryptography, also known as public-key cryptography, is a cryptography process that is done through a public key and a private key. In asymmetric cryptography, the encryption of data is done with the public key. Once a person encrypts the data with the recipient’s public key, and sends the data, it can only be decrypted using the private, or secret, key. No one should have access to your private key, that way even if communication is intercepted or data is sent to an unintended person, they will not be able to decrypt and read the contents of the message.
GPG, or GnuPG, is an implementation of PGP that can be used with different operating systems, including Linux. It is a software that allows for secure communication. GPG is also easily integrated with other applications, making it very simple to encrypt emails and share keys. This article will introduce GPG as a great way to keep private files private on Linux.
How Does GPG Work?
Using GPG on Linux is extremely uncomplicated. All you need to do is install it, generate your keys, share them, and then you can start using it.
To install GPG, you can run sudo apt-get install gnupg in your command line. Once that is complete, run gpg --gen-key to generate a key pair. To allow people to send you encrypted data that you can decrypt using the private key, you need to share the public key. This is done by typing gpg --output ~/mygpg.key --armor --export
If you want to import other user’s keys, you can do gpg --import nameofkey. This way you can encrypt any files or emails you want to send to this user, which only they will be able to decrypt with their private key.
To encrypt messages you can run gpg --encrypt --sign --armor -r
GPG also allows you to add digital signatures to emails, which adds an extra layer of security when it comes to confirming who a message is coming from. To verify that the message is coming from the correct person, we can use gpg --verify email.txt.asc. You can also sign messages using gpg --armor --sign --output email.txt.asc --encrypt --recipient
Below is a table that shows the available commands you can use with GPG, and what they each do.
Option |
Long Flag |
Short Flag |
Definition |
Armor |
--armor |
-a |
Output modifier that changes the output to be an ASCII-armored file |
Encrypt |
--encrypt |
-e |
Encrypts file |
Decrypt |
--decrypt |
-d |
Decrypts file |
Sign |
--sign |
-s |
Used to add a digital signature |
Verify |
--verify |
-v |
Verifies signed file to make sure it is from the correct source |
Conclusion
As I have mentioned, secure communication is very important, yet often overlooked. Emails contain sensitive data such that should only be read by the intended recipients and could otherwise put an organization at risk.GPG is a very easy tool to use with Linux that can make sure all communication is secure by implementing asymmetric cryptography.GPG can do far more than what is mentioned in this article, but for now our focus is on secure and confidential email communication. Stay tuned for future LinuxSecurity articles on GPG!