How To: Encrypting Files With Seahorse (GnuPG)
Part of the Series:”Encrypting Files With GnuPG”
Hooray! an EASY way to use GPG! Well..sort of. You still should read up on gpg by reading the man page here before continuing. In short, GPG stands for “Gnu Privacy Guard” and it is a tool that you can use to encrypt information. GPG implements the OpenPGP, which sets the norms and rules as to how data should be encrypted so that it can be passed along safely. That said, I rather like Seahorse as a front-end GUI implementation of GnuPG.
Seahorse will allow you to:
- Create and manage PGP keys
- Create and manage SSH keys
- Publish and retrieve keys from key servers
- Cache your passphrase so you don’t have to keep typing it
- Backup your keys and keyring
- Photo ID support
How to use Seahorse:
First you want to create your key. Open up seahorse and choose File > New and choose PGP key. Enter all the required info that is presented to you. You will see advanced options beneath the main 3 required fields, and do suggest reviewing them:
- Encryption Type: This can be a few options, 2 common choices are DSA or RSA, the choice is up to you
- Key Strength: You should be using at least 2048 bit encryption at this point, as 1024 bit is a really shaky affair with security anymore
- Expiration: if you wish your key to expire at some point, you can specify it here.
Next you will need to Publish the Primary Key:
On the main menu, choose Remote > Sync and Publish keys. Choose your desired server, click close, and then Sync. Don’t worry, you aren’t sharing something that will put you in danger, that is what the public key is designed for, public use.
Hard work out of the way, let’s get down to brass tax, encrypting files. Right click on the file of choice and choose Encrypt. A new window will pop up and you will then fill in who you want to send the file to (this will use their public key), as well as specify which account to send from (when you first setup your key above). The intended recipients will be able to view the file after entering their own passphrase.
Special Note: there are plugins most likely available for your distro of choice for your graphical file browser. For example this command will install the right click menu addition for Linux Mint’s Nemo File Browser:
sudo apt-get install nemo-seahorse
Or if you are on Ubuntu:
sudo apt-get install seahorse-nautilus
You can decrypt any file meant to be sent to you by using your paraphrase you set in the initial setup phase. You will have to have the sender’s public key to do this. The combination of the fact the message was for* you, using your public key, plus having that link to your private key via the paraphrase is what gets you to the touchdown zone.
Note: see The GNU Priacy Handbook for More.
Any questions leave them below,