What’s great about Linux is that there are around a dozen ways to do every task. For example, did you know that by using GPG you can encrypt files with a passphrase or key on the Linux command line?
Example Data
First, we need to a create a file with some data to encrypt. In this example we’ll use the rpm command to get a list of all installed packages on your machine:
[joe@fedora28 ~]$ rpm -qa > secretFile.txt [joe@fedora28 ~]$ head secretFile.txt elfutils-default-yama-scope-0.170-11.fc28.noarch cpp-8.1.1-1.fc28.x86_64 perl-Encode-2.97-3.fc28.x86_64 rp-pppoe-3.12-11.fc28.x86_64 webrtc-audio-processing-0.3-7.fc28.x86_64 abrt-2.10.8-2.fc28.x86_64 mariadb-10.2.14-1.fc28.x86_64 langtable-data-0.0.38-5.fc28.noarch mesa-filesystem-18.0.2-1.fc28.x86_64 perl-Try-Tiny-0.30-2.fc28.noarch
|
To verify that our encryption process is giving us back exactly what we give it, we will generate a hash of the file. Use md5sum to create the hash. Note: This isn’t needed each time you encrypt a file, but we’ll use it for today’s example:
[joe@fedora28 ~]$ md5sum secretFile.txt ec414472b108a98f12ee36b78ce50d18 secretFile.txt
|
Encryption
Next, we will encrypt it with a passphrase. To do so, use the command gpg with the option -c for symmetric encryption:
[joe@fedora28 ~]$ gpg -c secretFile.txt Enter passphrase:
|
An import note - doing this does not delete the original file, so you will need to delete it to remove the clear text file:
[joe@fedora28 ~]$ ls secretFile.* secretFile.txt secretFile.txt.gpg
|
Let’s check the hash again using md5sum. This time it is different as the file has been changed. If you head the file, you’ll see that it is clearly different. Also, take a look at the content:
[joe@fedora28 ~]$ md5sum secretFile.txt.gpg c6e6afb9257da7ec61ce2658c22f0b4a secretFile.txt.gpg [joe@fedora28 ~]$ head secretFile.txt.gpg ���@�`��ޅ7��kLd�$��%��qa�LM�3<Tր8+ ��6
|
Decryption
Now we will decrypt using gpg -d. You’ll provide the same password you used above:
[joe@fedora28 ~]$ gpg -d secretFile.txt.gpg > secretFile.txt gpg: AES encrypted data gpg: encrypted with 1 passphrase
|
Verify that it is your original file and take a look at the content:
[joe@fedora28 ~]$ md5sum secretFile.txt ec414472b108a98f12ee36b78ce50d18 secretFile.txt [joe@fedora28 ~]$ head secretFile.txt elfutils-default-yama-scope-0.170-11.fc28.noarch cpp-8.1.1-1.fc28.x86_64 perl-Encode-2.97-3.fc28.x86_64 rp-pppoe-3.12-11.fc28.x86_64 webrtc-audio-processing-0.3-7.fc28.x86_64 abrt-2.10.8-2.fc28.x86_64 mariadb-10.2.14-1.fc28.x86_64 langtable-data-0.0.38-5.fc28.noarch mesa-filesystem-18.0.2-1.fc28.x86_64 perl-Try-Tiny-0.30-2.fc28.noarch
|
Woo hoo! You have now encrypted and decrypted data with a passphrase. As always, if you have any questions feel free to reach out at support@automox.com.
Automox for Easy IT Operations
Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.
Grab your free trial of Automox and join thousands of companies transforming IT operations into a strategic business driver.