Secure File Container with GPG

TL;DR

This guide shows you how to create a secure container for your files using GPG (GNU Privacy Guard). It uses asymmetric encryption – meaning separate keys for encrypting and decrypting. This is much safer than simple password protection.

Creating Your Secure Container

1. Install GPG: If you don’t have it already, install GPG.
   • Linux (Debian/Ubuntu):

     sudo apt update && sudo apt install gnupg

   • macOS (using Homebrew):

     brew install gpg

   • Windows: Download and install from Gpg4win.
2. Generate a Key Pair: You need a public key (for others to encrypt files *to* you) and a private key (for *you* to decrypt them). This is the core of asymmetric encryption.

   gpg --full-generate-key

   Follow the prompts. Choose RSA and RSA, a strong key size (4096 bits is recommended), and set an expiry date if you wish. You’ll be asked for your name, email address, and a passphrase – remember this passphrase! It protects your private key.

3. List Your Keys: Find the ID of your public key.

   gpg --list-keys

   The output will show your keys. Look for a line starting with ‘pub’ and note the long hexadecimal string (e.g., AAAABBBCCCDD...). This is your key ID.

4. Export Your Public Key: Share this key with anyone who needs to send you encrypted files.

   gpg --armor --export YOUR_KEY_ID > public.key

   Replace YOUR_KEY_ID with the ID you found in step 3. This creates a file named public.key containing your public key.

Encrypting Files

1. Encrypt a Single File:

   gpg --encrypt --recipient YOUR_KEY_ID filename.txt

   Replace YOUR_KEY_ID with your key ID and filename.txt with the file you want to encrypt. This creates an encrypted file named filename.txt.gpg.

2. Encrypt Multiple Files into a Tarball: It’s often easier to encrypt a whole directory as a single archive.

   tar -czvf files.tar.gz /path/to/your/files && gpg --encrypt --recipient YOUR_KEY_ID files.tar.gz

   This first creates a compressed tar archive (files.tar.gz) and then encrypts it.

Decrypting Files

1. Decrypt an Encrypted File:

   gpg --decrypt filename.txt.gpg > filename.txt

   Replace filename.txt.gpg with the encrypted file name. You’ll be prompted for your passphrase to unlock your private key.

2. Decrypt a Tarball:

   gpg --decrypt files.tar.gz > files.tar.gz && tar -xzvf files.tar.gz

   This decrypts the archive and then extracts its contents.

Important Security Notes

• Passphrase Strength: Use a strong, unique passphrase for your private key. A long, random phrase is best.
• Private Key Protection: Keep your private key safe! Do not share it with anyone. Consider storing it on an encrypted USB drive or using a cyber security key manager.
• Key Revocation: Learn how to revoke your key if it’s compromised (search for ‘gpg key revocation’).
• Regular Backups: Backup both your public and private keys regularly.