Table of Contents

Symmetric encryption

This is basically the most simple type of encryption we can perform with GnuPG. No private or public keys are involved in the process. Instead of the keys we just use a passphrase (password). So it's important to use a long and complex enough passphrase.

Creating the passphrase

A good practice would be using 12 - 45 randomly chosen characters combining alphanumeric characters ([0-9],[a-z],[A-Z]) and some special characters like !,@,# or $.

In Linux we have a utility program, pwgen, which will create random strings for passphrase purpose.

Example using pwgen: (create single 20 character long passphrase, no special characters)

$ pwgen -s 20 1
EiLdHF7meFXsbN8PTUWz

And one more example with special characters:

$ pwgen -sy 20 1
!xZF3GLv$-,Qf1O9B+i~

Note: Sometimes it's more convenient to use slightly longer passphrase without special characters.

Encryption

So we have my_text.txt file which we want to encrypt by using symmetric encryption:

$ gpg --symmetric my_text.txt

After hitting [ENTER], gpg will ask you to input the passphrase (twice).

If everything went well (no mistakes while entering the password), a new file with name my_text.txt.gpg will be created.

my_text.txt.gpg contains the encrypted version of the file. This file can now be transmitted via email or simply just held for later purpose on the filesystem. In the later case it's of course important to remove the original file from the filesystem.

Example of removing the original (plaintext) file:

$ shred my_text.txt; rm my_text.txt

Warning: shred is NOT an effective way of writing over files in modern journaling filesystems!

Decryption

Decrypting my_text.txt.gpg back to readable (plaintext) format:

$ gpg -d my_text.txt.gpg > my_plain_text.txt

After hitting [ENTER] gpg will prompt for the password (unless you do this operation on the same computer directly after creating the encrypted version in which case the password is still in gpg's cache so enquiry will be omitted).

If the operation was successful we now have my_plain_text.txt file which can be opened normally with associated application.