Looks good Blitzig. Thanks for passing that along.

Thanks sgosnell. I've only used Nano once, so maybe I'll go for Kate. I've just got to try it is all. I'm not on the computer that I was able to get the -e to work, so I'll wait till I can try it there and see how it goes.

And I got gpa Privacy Assistant. (I didn't even know there was such a thing.) Really, this GUI is looking more my speed. (I still get nervous working in the terminal.) Is the level of encryption of the gpa Privacy Assistant as good as the terminal version? And when I open the GUI it asks me if I want to create a key. Just say yes? And can I, via the gpa Privacy Assistant, somehow set things up where I (like your way in the terminal) I can encrypt all the files with my secret key (or vice versa, maybe the public key--that's still a little confusing to me)? (The idea being not to be sending the files but just encrypting them and plopping them in the cloud.) Thanks.

The GUI does exactly what the terminal version does. It's just a GUI (Graphical User Interface) frontend for gpg. If you already have keys, you can use them, or you can create new ones, it's up to you. If you do create new keys, you should revoke your previous public key. That's both polite and practical.

Kate works fine, any text editor will do.

For gpg, you should always encrypt with the public key, thus decrypt with the private key. Always. You can certainly do the opposite, but it's completely unsecure. Gpg/gpa/etc will always automatically use the public key for encryption unless you force the use of the private key, and then decryption becomes more trouble than if you did it correctly the first time. In reality, don't even worry about that, because gpg will do it right on its own if you don't try to get cute with it. With what you're trying to do, it should work fine, without needing any tinkering.

Just make that edit in your config file, and you should be set.

1 members found this post helpful.

Many people follow the basic rules of encryption and use pre-existing tools.

That is well and good but I have always had a beef with the openssl file encryption ("enc"). It is a good system and works very well. BUT....

OpenSSL "enc" uses PBKDF1.5 for the pass-phrase to cryptographic key hashing (pass-phrase expansion). That problem is that is prone to brute force attacks. It should use PBKDF2 which is basically PBKDF1.5 iterated thousands of times, so that typical computers take at least 1/2 second to encode a pass-phrase. Strangely it has the PBKDF2 functionality in its library (I use it) it just does not 1: make it available from command line, and 2: use it for file encryption! Basically the functionality is available but not to command line users, for general file encryption.

Arrgghhhh....

This has made me wary of file encryption tools, until I know exactly how they actually implement the file encryption.

Using GPG to use public keys for file encryption sounds like a good system. You can encrypt files without needing a password (the public key), BUT the private key still needs a symmetric key encryption to protect it. Anyone have pointers to what symmetric encryption it actually uses.

GPG has been around a long time. I do hope it has kept up with encryption standards. Because if the private key is not secure, none of your files are secure.

1 members found this post helpful.

Thanks sgosnell. I got very close. Again this is my goal:

Set the default user to your username on your system, and all you need to do is enter
Code:
gpg -e filename
to get an encrypted file. It automatically uses your public key to encrypt the file, and only you, using the passphrase for you secret key, can decrypt it. There are also GUI frontends for gpg if you prefer that.

In other works, I just want to use to encrypt my files. I'm not ready for encrypting back and forth communications yet.

BTW Is the front end GUI you're referring to for this GNU Privacy Assistant-Key Manager? (Wouldn't using a GUI make this easier for a terminal(terminally?)-challenged person like me?)

So I created a valid key in GNU Privacy Assistant-Key Manager. Then not being able to find the file I needed in Kate, I went the terminal route. I made sure I was in the home directory and entered the command. That file came up in the nano editor. Then I had some questions.

1) In an earlier post you said:

all you need to do is edit ~/.gnupg/gpg.conf. You can do this with any text editor. You need the line
Code:
default-recipient username
replacing username with your actual username on your computer.

So I was doing just that.

But then in a later post you said:

nano .gnupg/gpg.conf
and it will be ready for edit. Just put that line anywhere in the file, and then save it. If you use Kate or another GUI editor, you just have it open that file. You might need to tell the editor to show hidden files so you can select through the .gnupg directory.

You need to choose a recipient so gpg knows what key to use. My underlining.

So I was confused. And if I needed to add a recipient, what would that be? My email address? My public key name? My public key id#?

Then I didn't know how to save in Nano. I Googled and I came across this (from )

Save and Save As
Save and Save As are both accomplished with the Write Out command, Ctrl-O.

When prompted, press enter to accept the existing file name.

but I was even uncertain after that. Do I do the ^O symbol and then Ctrl-O ?

And then I exited with Ctrl-X and even though the screen was blank it asked me:

Do you want to save modified buffer?

I said no.

So anyway. Three questions:

1)Do I need a "recipient"? (And if so exactly what?)
2)How to save in Nano?
3) How to exit Nano?

I LOL think that should put me over the top.

Thanks!

P.S. And in the GNU Privacy Assistant-Key Manager there is my key and then ten or twelve keys with all these words in German. What's up with that stuff?

You need a recipient, and that recipient's name is your username on the machine. I don't know what that is, but it's whatever you use when you log in.

To save in nano, use Ctrl-X, Y to answer yes, save, Enter to accept the filename, and it exits. Ctrl-X is exit. You're prompted to save the edit and accept the current filename before exit. You can change any of that if you wish. Or you can use Ctrl-O to save the file, then Ctrl-X exits immediately.

I have no idea what other keys you might have saved.

A pass-phrase might be used to protect (encrypt ...) a digital key, but it is no substitute for one.

A digital certificate is like a badge: it is a thing, and you must possess it. (If the key is encrypted, you must also know how to decrypt it.) Furthermore, it should be unique. It belongs to you, and you alone. Therefore, if it is lost or stolen, it can be instantly and reliably revoked ... without affecting anyone else's key. Now, security becomes a matter of key management.

Unique keys also provide for digital identity. You have a reason for confidence of who sent the message, and likewise who can decipher it. You have reason for confidence that the message you received is the one that the sender sent you; that it is not a forgery and that it has not been tampered with.

When you're sending thousands of messages across an insecure channel, "prove it: say the magic word" just don't get the job done.

I'm sorry, sgosnell, but I'm still confused. I get it about nano and saving and exiting now. I know how to get into that file. But what I'm putting in there I'm still not sure.

In post #53 you wrote:

So let's say my computer is named . So then I would enter: But then you also say I need to choose a "recipient" (by replacing "recipient" with my computer's name). So then would I be adding:

to the file?

Like I said I'm sure I'm misunderstanding something. Sorry.

P.S. I just made the one key. When I installed GNU Privacy Assistant Key Manager (from Synaptic Package Manager on my Bodhi computer) it had my key but also all these others. (see screenshot) I don't speak or understand German! Should I just delete them all?

Attached Thumbnails

 

Thanks for the explanation, sundial. It certainly makes a lot of sense (and sounds very secure).

0100100001100101011011000110110001101111 Qrs+eO0UljuCBzKKrKE5dGdICbXnlruwoi2wVn7G5MM=


Jefferson Airplane - And I Like It

Okay, a slightly new thing. I've been trying to encrypt a file in the terminal. I have my "public key" in my Downloads folder and it's named "public key" (without the quotes). Then when I try to encrypt something I get this:

I still need answers to my previous post! LOL But in regards to this one, how do I get my public key into my terminal?

Gregg,

I really hope we don't get a post from you in the future saying:

Good luck.

1 members found this post helpful.

Add the line anywhere in the file.

The username you use is the user you log in with. Not the computer name, your personal username. It may be greg, it may be sunshine, I have no idea. Run the command "users" in a terminal, and it will tell you. Assuming your username is greg, use the following line:Your public key should not be named "public key". Use gpa key manager to export it to a file. You'll be prompted for a filename.

BTW, those German references are certificates that have been installed. Ignore them for now.

ROFL Am I turning into LQ's version of "Annoying Man"?

Attached Thumbnails

 

Ok. Thanks. I'll add the line tonight when I get back to that computer.