Tibor's Musings

Sending Encrypted Messages with GnuPG

GnuPG is useful to encrypt sensitive information. It can be used in many diverse scenarios, including (1) encrypting sensitive files located on your computer, to be consumed by yourself; (2) encrypting sensitive information to send to your friends via email, to be consumed by others. Here is a detailed recipe for the second use case.

Consider you have some sensitive information that you would like to send me and that you would like to encrypt in a way that nobody else can read.

Firstly, check whether you have GnuPG installed, and eventually install it:

$ which gpg
$ sudo apt-get install gnupg

Secondly, you should look up and import my GnuPG public key:

$ gpg --keyserver pool.sks-keyservers.net --search tibor@simko.info

When my key is found, you will be offered an option to import it to your keyring.

Alternatively, on the about page of my blog, you'll see that my GnuPG key is 0xBA5A2B67, so that you can import it directly via the following one-liner:

$ gpg --keyserver pool.sks-keyservers.net --recv-key 0xBA5A2B67

Thirdly, if your favourite Mail User Agent supports PGP/GPG natively, then you can follow your MUA's instructions on how to encrypt messages for given recipients, and you are done.

Alternatively, you can also simply create a file containing given sensitive information and encrypt it locally and then send it to me as a regular email attachment. Just use your favourite editor to create the file containing sensitive information:

$ vim secrets.txt

Now encrypt this file with me as the recipient:

$ gpg -a -r tibor@simko.info -e secrets.txt

This will create an encrypted file secrets.txt.asc that will look like this:

$ head -10 secrets.txt.asc
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1

hQIOA7kDrqeaBLJPEAf+N0brfbNomGt/53F+NpilHxE7be1kXUWSgau3QK4ME8ZN
2/eDheBy4iyVvTkBUHfjAdHtItROQU5/YdSZ/z8CAHOvShfqSJZB0J4cGCt+BmWw
TnYcmuWTphDgLqHLjzmmILRPfBOKffAx9hTFuVo5FgLyuYBwgJQ0QAVpkteJYbtA
kEsOy9H8FXlM+C7OuNGUwfyxsIWOXVxOkue1/Btu9s2Xi5s2qoBl1SbdF9aV603X
/XRhvYdkwQuGqGS2bl6QACSr/POM0gjL4Q5A6tZUCviG1jUqgGenel55flCIovwk
jYhEGaOkAyGYqsn9lZbBI92UwLnCZ75vAcwC4Q7wWgf6AxC8EqMS+wMXSbSM6YvZ
NYW+9sDb5TnrM7JOVvHkJfM/CbbdKxYPjBq7wf7skLATxLVxlWEf2hg7HP9y1ugO

You can send this file to me in an otherwise plain text email; even from command-line, if you want:

$ echo "hi, here is that information you wanted" | \
  mutt -a secrets.txt.asc -s greetings -- tibor@simko.info

Done. Only I shall be able to decode the sensitive part of the message, even if others would get to see it.

Posted by Tibor Šimko unix