Ramblings of a Tampa engineer

Image by Katy Belcher / Unsplash

There are forms of communication around the world between two people on hundreds of different mediums with the intention of that communication being private between those two people.

There are services that provide encrypted communications, but they are filled with their own challenges. I am a big fan of Keybase, but I understand that nothing is free in this world. Keybase may have unlimited funding with no strings attached, but the bills for those servers will need to be continued to be paid. If one day those servers turn off, then we take a few steps back.

For that reason, we will take a look at GPG (GNU Privacy Guard) and how easy it is to get started. Without getting too deep into the internals of how it works, we can start with the explanation that GPG relies on keys.

These aren't house keys, because what happens if you lose your house key? Whoever has that key can enter your home. In the world of GPG, there is a public and a private key at the most basic of explanations.

Think of the public key like the lock on your door and the private key being the key that opens that lock. You are free to give out as many locks (public keys) as you want. Hence, the name "public" in the name of the key. We can take a look at my public key at a few places, while the private key sits safely on my computer for only me.

➜  ~ gpg --list-keys --fingerprint Connor
pub   4096R/1EC7DA75 2016-05-07
      Key fingerprint = B74F 1749 DC15 C852 BB51  CE64 C3CC 0A20 1EC7 DA75
uid                  Connor Tumbleson <connor.tumbleson@gmail.com>
uid                  Connor Tumbleson <me@connortumbleson.com>
sub   4096R/16154369 2016-05-07

With a tiny of bit of manipulation, prefixing a 0x and removing the spaces we can visit a public key server to obtain my full public key.

Pasting my public key in this blog post would be a waste of space, but you can recover it via the URL linked above or ask GPG itself.

gpg --recv-keys 0xB74F1749DC15C852BB51CE64C3CC0A201EC7DA75

With that complete, you can now send a message to me that only I can decrypt. For a demo purpose, I've created a file called "secret" and embedded a message in it for myself.

➜  GPG gpg --output secret.gpg --encrypt --armor --recipient connor.tumbleson@gmail.com secret

I'm telling GPG to encrypt the file "secret" for me (Connor) and outputting it to secret.gpg. The --armor flag is just to make the output ASCII instead of binary. We now have this message contained in secret.gpg.

Version: GnuPG v1


That blob above is an encrypted version of the secret file I produced. I am free to send this blob through whatever medium required. No matter if it is intercepted or viewed by a 3rd party, only I can decrypt it.

I want to decrypt the message and post it here, but I produced the file so I know what it says. I think the more interesting thing is to leave this in the encrypted form. If someone ever decrypts the above message, we have a greater problem on our hands.

I hope a tiny demo of GPG (minus the actual creation of a key) showed how easy it is to be in control of your own encryption without any service. We arguably used websites for the key-servers, but they aren't needed in this equation.

Featured image by Katy Belcher / Unsplash

You’ve successfully subscribed to Connor Tumbleson
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Success! Your email is updated.
Your link has expired
Success! Check your email for magic link to sign-in.