19.4. Encrypt and decrypt

After installing, importing, signing and configuring everything in the way that we want, we can start on encrypting and decrypting our work. To encrypt and sign data for the user RedHat that we have added on our keyring above, use the following command:

          [root@deep] /# gpg -sear RedHat <file>
          

Example 19-3. Encrypting


          [root@deep] /# gpg -sear RedHat message-to-RedHat.txt
          

          You need a passphrase to unlock the secret key for
          user: "Gerhard Mourani (Open Network Architecture) <[email protected]>"
          1024-bit DSA key, ID BBB4BA9B, created 1999-10-26
          Enter passphrase:
          
Of the arguments passed,

The s is for signing

To avoid the risk that somebody else claims to be you, it is very useful to sign everything you encrypt,

To decrypt data, use the following command:

          [root@deep] /# gpg -d <file>
          

Example 19-4. Decrypting


          [root@deep] /# gpg -d message-to-Gerhard.asc
          

          You need a passphrase to unlock the secret key for
          user: "Gerhard Mourani (Open Network Architecture) <[email protected]>"
          2048-bit ELG-E key, ID 71D4CC44, created 1999-10-26 (main key ID BBB4BA9B)
          Enter passphrase:
          
Where

It is important that the public key of the sender of the message we want to decrypt be in our public keyring database. or of course nothing will work.

19.4.1. Exporting your public key

You can spread your wings by exporting and distributing your public key to the world. This can be done by publishing it on your homepage, through an available key server on the Internet, or any other available method. GnuPG has some useful options to help you publish your public keys. To extract your public key in ASCII armored output, use the following command:

          [root@deep] /# gpg --export --armor > Public-key.asc
          
where

You need to Check the signature, once you have extracted your public key and exported it, everyone who knows or gets your public key should be able to check whether encrypted data from you is also really signed by you. To check the signature of encrypted data, use the following command:

          [root@deep] /# gpg --verify <Data>
          
The --verify option will check the signature where <Data> is the encrypted data/file you want to verify.

Some possible uses of GnuPG software

  1. Send encrypted mail massage.

  2. Encrypt backup files before transmission over the network.

  3. Encrypt individual sensitive files i.e. a file that handle all your passwords.