Web Page Templates Icons, Clipart, Logos

Blog

Hot Topics

Post Archive

Tags

Aug 04, 2009 01:07 AM EDT

Using GPG to encrypt a file

Here are some instructions on how to encrypt a file using GPG, the open source version of PGP. It’s assumed that somebody needs you to send them an encrypted file, they’ve given you their public key in a trustworthy manner, and they have the private key. It’s also assumed that you have GPG installed, but this shouldn’t be a problem because it’s usually installed by default on Linux.

First, you’ll need to create a default gpg key. To do this, you’ll need to have a directory in your home directory called “.gnupg”. If you don’t have permissions to add directories into your root (common on shared hosting plans), you’ll need an admin to create the folder (mkdir) and set the owner to your user (chown).

Once you have the folder (or if you already have permissions, it’ll create it for you), run this command and follow the instructions. If you’re not sure the answer, accept the defaults or the first option.

gpg –gen-key

They may have armored their public key, which from the help file means to “create ascii armored output”. I’m not really sure what that means, but it seems like it’s in a text friendly format. If armored, you need to dearmor it first:

gpg –dearmor some_public_key.asc

This will create a new file with the gpg extention. Next you’ll need to import the dearmored key.

gpg –import some_public_key.asc.gpg

Once imported, you’ll need to find out it’s name.

gpg –list-keys

If you want the ability to encrypt files in a script, it’s a good idea to sign the key. Otherwise, the encryption process prompts you with a question, and the only way I’ve found to bypass that question is to sign the key.

Assuming that the name of the key is “somepublic”, here is the command:

gpg –sign-key somepublic

Follow the prompts and as long as you trust that the public key is legit, tell it you trust it explicitly. To see that everything was signed correctly, run this command:

gpg –list-sigs

Now try encrypting something using the public key:

gpg -e -r somepublic testfile.txt

If everything worked correctly, you’ll now have a file called testfile.txt.gpg (and the non-encrypted version), and it should not have prompted you for anything during the process. The only way to decrypt this file is to have the private key, which is what the other person would have installed.

Darren gpg keys | encryption
Aug 04, 2009 12:06 AM EDT

Using GPG with RightScale and Amazon EC2

The idea behind using a service like RightScale in a cloud hosting service like Amazon’s EC2 is that you write a small program to install everything needed on your server. Because of this, you can dynamically turn servers on and off depending on your current traffic.

Where it gets difficult is when you need to install something that requires user input such as when signing a GPG key.

To get around this, you’ll need to come up with a solution that will allow you do finish the task without using user input.

In the example of signing GPG keys, instead I use the –always-trust parameter like this:

gpg –always-trust -ear ‘username’ test.txt

This allows me to encrypt a file in a script without having to answer the Yes/No question of whether I really want to encrypt it or not.

Normally, I would sign the key to avoid this question, but signing the key requires several questions to be answered and I’ve yet to find a way to script their answers.

Darren rightscale | amazon hosting | gpg keys
Displaying all 2 posts

Online Information for Geeks

 

 

 

 

Resource Links