The Key to Basic Encryption
There are forms of communication around the world between two people on hundreds of different mediums with the intention of that communication being private between those two people.
There are services that provide encrypted communications, but they are filled with their own challenges. I am a big fan of Keybase, but I understand that nothing is free in this world. Keybase may have unlimited funding with no strings attached, but the bills for those servers will need to be continued to be paid. If one day those servers turn off, then we take a few steps back.
For that reason, we will take a look at GPG (GNU Privacy Guard) and how easy it is to get started. Without getting too deep into the internals of how it works, we can start with the explanation that GPG relies on keys.
These aren't house keys, because what happens if you lose your house key? Whoever has that key can enter your home. In the world of GPG, there is a public and a private key at the most basic of explanations.
Think of the public key like the lock on your door and the private key being the key that opens that lock. You are free to give out as many locks (public keys) as you want. Hence, the name "public" in the name of the key. We can take a look at my public key at a few places, while the private key sits safely on my computer for only me.
➜ ~ gpg --list-keys --fingerprint Connor pub 4096R/1EC7DA75 2016-05-07 Key fingerprint = B74F 1749 DC15 C852 BB51 CE64 C3CC 0A20 1EC7 DA75 uid Connor Tumbleson <email@example.com> uid Connor Tumbleson <firstname.lastname@example.org> sub 4096R/16154369 2016-05-07
With a tiny of bit of manipulation, prefixing a
0x and removing the spaces we can visit a public key server to obtain my full public key.
Pasting my public key in this blog post would be a waste of space, but you can recover it via the URL linked above or ask GPG itself.
gpg --recv-keys 0xB74F1749DC15C852BB51CE64C3CC0A201EC7DA75
With that complete, you can now send a message to me that only I can decrypt. For a demo purpose, I've created a file called "secret" and embedded a message in it for myself.
➜ GPG gpg --output secret.gpg --encrypt --armor --recipient email@example.com secret
I'm telling GPG to encrypt the file "secret" for me (Connor) and outputting it to
--armor flag is just to make the output ASCII instead of binary. We now have this message contained in
-----BEGIN PGP MESSAGE----- Version: GnuPG v1 hQIMA+w2N/8WFUNpAQ/9GP8olDYUcZkE1cJ580OK3zPG7rJzO+fD6i13TQtZoChj nHWlwyyMzFnyzaVS6VOENIU8ZQ4NA4TvMfCDUMBdKspojSIbscOkXEVS+D+Svb/D Ul6zxMpzSuTTuKHuAnTPnYruwapUQOcjNqDOdZsbiygH/Dqsn8RSghvmb0e5MZi1 kB5RrZKEBfLY9tDC8E2jQe61hq8ztwDDWPmDa04t9EIeKOPWPb/o1+JwnzpbZmof EKsbwbvFPzjNQvjGjZMsq8PMEo2+/r6q9AGG59rYkx4hpWoohW08F7nRm4rrX4Y3 8tkVFlW7PZUgm0kYVrmGIG6MHFaCiGP0dJ9ZPsRoKfojo4eC9xZ8deQ12mjvoTyr 3EChGWeHsDFPmrUPg5M0z0GyvWPiP7N8JuE+azUxK5lkr8mkuomurnVZhU2ja390 GKods/9bTkN4oJHAmtkAPIA1f/bxlw/HQif0x3ZIoduRTPL1TphRdjWBgYsfOpmu IFS1Pef4IcTX1RItrghwIeo9Z+79q2pNF3lIlSFMSEvQJSAPKyXLeqWaVlA1JLuC sjYmSag7zELW8lEvgrCdNIT1dbzhKcaC4kEFMI1pH3R/D0lA4HU6kCqXc31tO7Hl 6c8XqlqWzh35BqKq3n125k4qzqYM2iuO7V8EGPUrAqyT+h4Y5LmaJTBywg1JT9/S UgH26o5WCMMIfA4eQyMkrGBfRSNKF/48rJbGBh7dSaluBTMjE4nBTI0DDACVYTxa 47UNIDiw1VwfI3pqCd8GW+RknxDPTTaI12/XfMxtZxINBSo= =8V3V -----END PGP MESSAGE-----
That blob above is an encrypted version of the secret file I produced. I am free to send this blob through whatever medium required. No matter if it is intercepted or viewed by a 3rd party, only I can decrypt it.
I want to decrypt the message and post it here, but I produced the file so I know what it says. I think the more interesting thing is to leave this in the encrypted form. If someone ever decrypts the above message, we have a greater problem on our hands.
I hope a tiny demo of GPG (minus the actual creation of a key) showed how easy it is to be in control of your own encryption without any service. We arguably used websites for the key-servers, but they aren't needed in this equation.