Using GnuPG encryption

If you use cygwin like I do you can optionally install GnuPG (Gnu Privacy Guard). GPG is actually a play on the letters PGP (or Pretty Good Privacy) which is now a privately owned company. GPG is however free and relatively easy to use to encrypt messages or files. I use it to encrypt sensitive files on my USB memory fob.
When you read the extensive manual on GPG you'd think the best way to encrypt your files is with a symmetric cypher. I see some problems with the symmetric cypher approach:
  • you need to give the password both when you encrypt and decrypt the file,
  • different files could potentially have a different passwords increasing the chance of forgetting what the password is,
  • someone who gets my file could try and guess the password,
  • if I suspect that someone has learned my password, I need to go an re-crypt all my files with that password.
What I discovered is that I can use a public-key cypher to encrypt my files. Normally, you use public-key system to send a file to a friend so only they can read it. The way it goes is that your friend sends you his public key and you encrypt your message with it and send him the encrypted file. Now only your friend can read it by decrypting it with his private key. But the Aha! I got was that I can 'send' the file to myself. I encrypt the file with my public key and decrypt it with my private key. The advantages are:
  • I don't need a password to encrypt the file with my public key,
  • in fact, I don't even need a password to decrypt it, I just need my private key, but in my case I have my private key password protected so I need to give a password each time,
  • if someone gets the file and hasn't stolen my private key too, he's SOL, since that file is encrypted with my public key which is nearly equivalent to encrypting with a large random password. There's no way he can guess the 'password',
  • if I suspect that someone has guessed the password to my private key, I just change it, I don't need to re-crypt the files.
  • If someone steals my USB fob he's still out of luch because he needs to guess the password I use to protect my private key.
I use this setup with the SciTE editor and a lua a script that I wrote.
But that's another post.


Popular posts from this blog

Shortest Sudoku solver in Python

Seven Segment Display in Inkscape