How to encrypt/decrypt/sign/verify files in Linux (using GnuPG, PKZIP and 7z)

  • gnupg/gnupg@man GPL-licensed alternative to PGP, an encryption/decryption program that provides cryptographic privacy and authentication for data communication.

Using symmetric-key algorithms – use same key for encryption and decryption

# install
$ sudo apt-get install gnupg2 | sudo yum install gnupg2

'-c/--symmetric' encrypt with a symmetric cipher using a passphrase using '-cipher-algo' (default is CAST5)

# encrypting a file, asks for passphrase; generates encrypted 'filename.gpg'
$ gpg -c filename

'-d' decrypt to stdout, use '-o/--output'; if the decrypted file is signed, the signature is also verified

# decrypt file, asks for passphrase
$ gpg filename.gpg or  gpg -o filename -d filename.gpg

from Linux: HowTo Encrypt And Decrypt Files With A Password and How to create an encrypted zip file on Linux

Using public-key algorithms – use public key to encrypt or verify digital signature; and private/secret key to decrypt or sign with digital signature

# random number generator for entropy see
$ sudo apt-get install rng-tools | sudo yum install rng-tools
$ cat /etc/default/rng-tools
$ service rng-tools start

'-s/--sign' make a signature (to .sig)
'-e/--encrypt' encrypt data (to .asc or .gpg, see '-a')
'-s -e' signed and encrypted message
'-c -s' signed and symmetrically encrypted message
'-c -e' message that may be decrypted via a secret key or a passphrase
'-c -s -e' signed message that may be decrypted via a secret key or a passphrase

'-a/--armor' create ASCII armored output, .asc is generated instead of .gpg
'-u/--local-user name' secret key to use, defaults to first; usefull if you have more then one secret key
'-r/--recipient name' public key of recipient; if this option or --hidden-recipient is not specified, GnuPG asks for the user-id unless --default-recipient is given

# create key pair, asks for
$ gpg --gen-key
# optionally, create revocation certificate; used to invalidate key pair
$ gpg --gen-revoke

# lists public/private keys
$ gpg --list-keys ; gpg --list-secret-keys
# export public keys to share with everyone
$ gpg -a --export > public.key
# import others public keys
$ gpg --import public.key
# search for public keys in a keyserver; default keyserver is 'hkp://'
$ gpg --keyserver --search-keys search_parameters
# send public key 'KEYID' to keyserver
$ gpg --keyserver --send-keys KEYID
# get public key from keyserver
$ gpg --keyserver --recv-key KEYID
# delete public/private keys
$ gpg --delete-key ; gpg --delete-secret-key

# encrypt with your public key and signs with your private key; use '-u' if you have more then one private key
$ gpg --encrypt --sign -a -r -o filename.asc filename
# decrypt and verify signature using private key, asks for passpharse
$ gpg --decrypt filename.asc -o filename

# sign with your private key; generates 'filename.sig'
$ gpg --sign -a -o filename.sig filename
# verify signature and recover original file
$ gpg --decrypt -o filename filename.sig
# generate a detached signature and verify signature
$ gpg --detach-sig filename.sig ; gpg --verify filename.sig filename

from The GNU Privacy Handbook
front-ends for GnuPG: KGPG@wiki and Seahorse@wiki/How to PGP encrypt, decrypt or digitally sign files via GnuPG GUI

# encrypt using zip; it supports
$ zip --password MY_SECRET files
# decrypt
$ unzip

# encrypt using 7zip; 7z archiver supports AES-256 encryption algorithm with SHA-256 hash algorithm based key generation
$ 7za a -tzip -pMY_SECRET -mem=AES256 files
# decrypt
$ 7za e

# encrypt using tar + gnugp symmetric key
$ tar czvpf - files | gpg --symmetric --cipher-algo aes256 -o secure.tar.gz.gpg
# decrypt
$ gpg -d secure.tar.gz.gpg | tar xzvf - 

from How to create an encrypted zip file on Linux


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s