Better living through GPG
On Linux the Swiss Army knife of encryption is Werner Koch’s Gnu Privacy Guard (GnuPG) suite. Its core application’s command ( gpg ) conjures memories of Pretty Good Privacy (PGP), a crypto tool originally released in 1991 by Phil Zimmermann. Nowadays OpenPGP is a standard specifying how encrypted messages and the bits associated with them should be stored and GnuPG fully implements this standard. GnuPG works from the command line and has a reputation of being complicated and unfriendly (see https://moxie.org/blog/gpg-and-me). It avails the user of all the modern private and public key algorithms, as well as all manner of other knobs to twiddle. As a result, there are a huge number of command-line options and the man pages make for some lengthy reading. Most distros will install GnuPG as standard, so we shouldn’t need to install anything for this tutorial.
Traditional, symmetric encryption (where two parties share a secret key or password) is all very well, but it relies on the communicating parties having a secure channel to share the key in the first place. Typically, this would involve a dodgy meeting in a shady carpark, possibly an exchange of briefcases and ideally destroying any written record of the key or passphrase. One never knows who’s lurking in the shadows in such locales, and ideally one would rather avoid such situations. So let’s generate a keypair and see how public key encryption works. Enter $ gpg –fullgen-key .
Accept the defaults for the first three questions. We’ll generate an 2048-bit RSA key with an RSA subkey and that key will never expire. Then answer yes to ‘Is this correct?’. You are asked for a name and email address. This information will be stored with the public key, which it is good practice to make as public as possible, so don’t use your real name or primary email address if you don’t want those things being public. The email address you use here doesn’t have to agree with the one from which you’ll actually send your encrypted mail. You’ll then be asked for a passphrase to protect the key. Key generation requires entropy (random data) so you’ll then be asked to mash your keyboard and move the mouse while the key is generated.
Once that happens you can check that everything worked with gpg --list-keys . GnuPG keeps all keys it generates safely in a keyring. They can be imported and exported as required, but the utmost caution should be exercised when moving private keys around. Since you’ll want to share your public key, export the key with $ gpg --output lxfpublic.key --armor –export
$ gpg --import lxfpublic.key
Alternatively it can be uploaded to a key server so that anyone can find you. To send you an encrypted message, say instructions.txt, your colleague would do
$ gpg --recipient