Breadcrumbs:

Abstract:

GnuPG is a cryptography tool that helps you manage public and private keys as well as perform encrypt, decrypt, sign, and verify operations. It is an open-source version of PGP. This tutorial will go over basic key management, encrypting (symmetrically and asymmetrically), decrypting, signing messages, and verifying signatures with GPG.

Terminology

  • cryptography: The process to secure information and make it unreadable without special knowledge or a key. E.g. ATBAH cipher, Caesar Cipher, Cardan grille,
  • Encrytion: aka Cipher, a way/method to hide the information, such that only the one with secrete method(key) can read.
  • Cipher or cryptosystem: An encryption method/algorithm/keys/procedures used to perform encryption and decryption.
  • Plaintext(or cleartext): The original unencrypted message that you want to send
  • Ciphertext: The encoded message resulting from an encryption operation
  • Encipher: To encrypt, encode, or eoncert plaintext into ciphertext.
  • Decipher: To decrypt, decode, or conver ciphertext into plaintext.
  • Symmetrix encryption: use same key for encryption and decryption, aka private-key encryption. The key that generated by symmetrix encryption called secret
  • Asymmetric encryption: Use one key for encryption and one for decryption, aka publick-key encryption.
  • Hash algorithms: a public function that create a hash value, or message digest, or fingerprint to confirm the integrity and identity of message.
  • steganography: a data hiding method that involves hiding information embedded within other files, such as ppt, pictures.
  • Bit stream method: each bit in the plaintext is transformed into a cipher, one bit at a time, commonly use for XOR operation.
  • Block cipher method: the message is divided into blocks(e.g. 8, 16, 32, 64), and then each block of plaintext bits is transformed into an encrypted block of cipher bit, commonly used for substitution, transposition, XOR operation.
  • SSL(Secure Sockets Layer): A security protocol developed by Netscape to use public-key encrytption to secure a channel over the internet.

Encryption algorithm:

  • Symmmetric encryption:
    • Definition: Definition: This is the simplest kind of encryption that involves using same keys for both encryption and decryption. That is both sender and recipient should use same secret key to encrypt and decrypt the message. The most common symmetric algorithm includes Blowfish, AES, RC4, DES, RC5, and RC6, and the most widely used includes AES-128, AES-192, and AES-256.
    • Advantage: It’s relative simple and has a quick encryption procedure.
    • Disadvantage:
      • You passphrase can still be hacked/intercepted
      • Not as secure as asymmetric symmetric_encryption
  • Asymmetric encryption:
    • Definition: Definition: Asymmetrical algorithm is relative new method, which involve using different key for encryption and decryption, and the one key cannot be deduced from the other. The one used for encryption is called public key, which can be openly distributed and everyone can use to encry the message. The another one used for decryption is called private key, as its name suggest, only the recipient can have it. Asymmetric algorithm are one-way function, meaning they are simple to compute in one direction, but complex in the opposite direction. The popular asymmetric algorithm includes EIGamal, RSA, DSA, Elliptic curve techniques, PKCS
    • Advantage:
      • Relatively more secure than symmetric encryption as it uses two key for the process
    • Disadvantage:
      • You Digitcal certificate can still be hacked
      • It requires four keys to hold a single conversation between two parties
      • Not efficient, It take smore CPU computation and relatively more time to implement the process. asymmetric_encryption
  • Advanced Encryption Standard (AES): a cipher, a symmetric encryption algorithm, won’t succumb to a brute force attack and considered as unbreakeable modern technology, adopted for “Top Secrete” U.S. Gov files, released in 2001 by the National Institute of Standards and Technology (NIST).
  • Data Encryption Standard (DES) is a symmetric encryption method, adopted by NIST in 1976 as federal standard for encrypting non-classified information, but was cracked in 1997 when Rivest-Shamir-Aldeman(RSA) put a bounty on the algorithm(RSA offered a $10,000 reward for the first person or team to crack the algorithm. Fourteen thousand users collaborated over the Internet to finally break the encryption). Now, it’s a obsolete method but has a stronger variance which known as 3DES, 3DES and AES both considered as unbreakable modern technology but 3DES is not good as AES, and was developed by IBM in the 1970s.
  • Triple DES (3DES): 3DES uses three 64-bit keys for an overall key length of 192 bits. 3DES encryption is the same as that of standard DES, repeated three times

Introduction

GnuPG is also known as GPG. It’s a command line too with features for easy integration with other application.It’s similar free tool running on *nix-like system. GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. Here is the brief procedure to use gpg utility: pgp_procedure

Implmentation Steps

  1. Gnerate a key on your source system with the following commands:
  2. After the key is generated, list the key details with the following command:
  3. Export the public key, so that it can be shared with the target instance, by using the following command on the source server:
  4. Validate the generated key with the following command:
  5. To transfer the generated key to the target system, retrieve the key -pub-sub.asc from the server and send the file to the contact person of the target system by using email.
  6. Install the key on the target system with the following command:
  7. After the key is imported, list it with the following command:

Code:

  • Sender:
    • generate a private key
      $ gpg --gen-key
      $ gpg --list-keys
      (Note: Remember your key_name(e.g. 9B43A770) andyour passphrase.)
      
    • Export the public key
        $ gpg --armor --output 9B43A770-pub-sub.asc--export
        '9B43A770'
        (Note: --armor means the code is readable in hex format)
      
    • Decrypt files:
        $ echo hello_world | gpg --batch --yes--passphrase-fd 0 data_file.txt.gpg
      
    • hello_world: the passphrase
    • data_file_gpg: the encrypted that people send to you
  • Receiver:
    • Import the public key
      $ gpg --import 9B43A770-pub-sub.asc
        $ gpg --edit-key 9B43A770
        $ gpg> trust
      
    • Encrypt file:
      • Without a passphrase:
        $ gpg --encrypt --recipient 9B43A770 data_file.txt
        

Reference:

Q&A

  • What tools ar available for File Encryption? –> VeraCrypt (OS X, Linux, and Windows), AxCrypt (Windows), BitLocker (Windows), GNU Privacy Guard (OS X, Linux, and Windows)–aka GPG, and 7-Zip (OS X, Linux, and Windows).

  • What is difference between Full disk encryption andFull Disk Encryption vs. File-Level Encryption?