Thursday, 30 April 2015

File Encryption using OpenPGP (gpg2) in RHEL7

In this tutorial, Batul will create a public-private key pair. And give her public key to her friend Shabbir so that he can send encrypted files to her.

Shabbir will encrypt a file using Batul's public key and send the encrypted file to her. Batul will decrypt the encrypted file using her private key.

Since nobody else knows Batul's private key, only Batul can decrypt the encrypted file. 

Batul's Machine:

1) Install package
[batul@server3 ~]$ sudo yum -y install gnupg2

2) Generate public-private key pair. Enter passphrase to protect the private key. 
[batul@server3 ~]$ gpg2 --gen-key

3) List the key.
[batul@server3 ~]$ gpg2 --list-key
pub   2048R/13A3D971 2015-04-30
uid                  batul dahod (batul's encrpt key) <>
sub   2048R/8AE3A0FA 2015-04-30

4) Save the public key in a file.
[batul@server3 ~]$ gpg2 --export "batul dahod" >

5) The public key file '' is given to Batul's friend Shabbir , so that he can send encrypted files to her.

Shabbir's Machine:
1) Install Batul's public key
[shabbir@meru ~]$ gpg2 --import
gpg: key 13A3D971: public key "batul dahod (batul's encrpt key) <>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

2) Encrypt a file 'hello.txt' using Batul's public key.
[shabbir@meru ~]$ gpg2 --armor -r "batul dahod" --encrypt hello.txt
gpg: 8AE3A0FA: There is no assurance this key belongs to the named user

pub  2048R/8AE3A0FA 2015-04-30 batul dahod (batul's encrpt key) <>
 Primary key fingerprint: 71D0 897E 301A F5E7 17F8  BE8B BBA6 CC6A 13A3 D971
      Subkey fingerprint: 545F FBB1 A579 6AE0 F7B6  CEFD 9E6A AFAB 8AE3 A0FA

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y

3) Send the encrypted file 'hello.txt.asc' to Batul.

Batul's Machine:
1) Decrypt the file 'hello.txt.asc' using the private key
[batul@server3 ~]$ gpg2 --output hello.txt --decrypt hello.txt.asc

You need a passphrase to unlock the secret key for
user: "batul dahod (batul's encrpt key) <>"
2048-bit RSA key, ID 8AE3A0FA, created 2015-04-30 (main key ID 13A3D971)

gpg: encrypted with 2048-bit RSA key, ID 8AE3A0FA, created 2015-04-30
      "batul dahod (batul's encrpt key) <>"

2) View the unencrypted file 'hello.txt'.
[batul@server3 ~]$ cat hello.txt
my name is shabbir rangwala

No comments:

Post a Comment