Encrypt files so that only the recipient can open them

Passing a confidential file (or files) to others is fraught with dangers. You can email it to them, but what if the email is intercepted in transit? You can pass them it to them on a USB key stick, floppy disk, or CD-R disc, but what happens if you lose the disk or stick, or it gets stolen?

The solution is to encrypt the files using the key pair system. Once this is done, only the recipient will be able to decrypt the file. Nobody else will, even the person who originally encrypted it, or anybody who intercepts the file.

For it to work the recipient will have to have their own key pair, and have shared the public key with you. They will also need to be running Ubuntu, or have GPG installed (most versions of Linux come with GPG installed nowadays).

For more details on key pairs and importing the public key of another person, see Tip 172, on page 209. You should also take a look at Tip 250, on page 289, because that tip describes almost exactly the same thing as described here—the only difference is that you're encrypting a file/folder for another person to decrypt, rather than yourself. To perhaps state the obvious, this tip differs in that you shouldn't delete the original file after encryption is complete—only the recipient will be able to decrypt the file. You won't be able to, even though you encrypted it.

Assuming that you've imported the recipient's key (click Key ^ Import in Seahorse if it's provided as a file), simply right-click the file in question and select Encrypt. Then, in the dialog box that appears, put a check alongside their details, and click the OK button. You will then create a new file with a .pgp extension, which is the encrypted version of the file, and which you can then pass to the other person. Any existing file extension will remain in place, and the new .pgp extension will be added to the end.

Some email server scanners automatically remove files with two file extensions; to get around this, place the new .pgp into a zip file (even if it was a zip file prior to encryption!). You can do this by right-clicking it and selecting Create Archive. Then remove the .pgp component of the new zip's filename (for example, file.pgp.zip would become file.zip). Following this, the recipient will have to unzip and then decrypt the file; this shouldn't pose any problems for them and it should be obvious to them what to do.

Was this article helpful?

0 0

Post a comment