Privacy and security is an increasingly important topic in conversations about digital communications. We often hear about the importance of digital security and being aware of threats that both "hackers" and law enforcement organizations pose. With a majority of communications taking place digitally, it creates a wider attack surface for malicious actors to intercept our communications, so encrypting our communications because more and more important.
Encryption is is the process of encoding a message so that it can only be read by certain people. It uses an algorithm to scramble information and requires a key to decrypt, or unscramble, the data. Encryption comes in two forms, symmetric and asymmetric encryption. Symmetric encryption allows for only one key to be used for encrypting and decrypting a message, while asymmetric encryption the keys come in pairs. One key is used for encryption and the other is used for decryption.
This post introduces PGP, a program that allows for both symmetric and asymmetric encryption. PGP, or Pretty Good Privacy, was introduced by Phil Zimmerman and released by Symantec in 1991. It is a tried and true encryption program that is widely used nearly 30 years after release. Gnu Privacy Guard, or GPG, is an open source implementation of PGP, developed by the Gnu Project. It is widely distributed in Linux distributions and available for free for MacOS and Windows.
Symmetric allows for the encryption of a file allowing anyone with the password to decrypt the data. We can try it out here using GPG's command line interface.
First make a text file called
secret.txt and write a message in it.
secret.txt This is a secret message.
In a terminal, use
gpg with a
symmetric flag in order to generate an encrypted file. Use the
armor flag to produce an ascii file for easy sharing. Finally, supply the document name as an argument. The full symmetric command will look like:
gpg --armor --symmetric document_name
To encrypt our secret.txt run:
gpg --armor --symmetric secret.txt
This will generate a text file called
secret.txt.asc that looks like:
secret.txt.asc -----BEGIN PGP MESSAGE----- jA0EBwMC1FF+Rz5S6zru0lQB4aqIY19MxPM7Xt+paUaFAws54aSOEJe5ydRd5dbE luOjyocU945SBQOwvIn3PL3s+4eoEDC+rkbFjd2n7siKyWIPBNB3+QKkcdau9WHr I8E9olk= =s6Lk -----END PGP MESSAGE-----
To decrypt the message you run
gpg -d secret.txt.asc
Try copying the message over into your machine and decrypting it yourself! The password is:
gpg --armor --symmetric document_name to encrypt a file.
gpg -d encrypted_document_name to decrypt a file