Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon
Labs

Encrypt a File Using GPG

With the prevalence of cloud servers in use today, security should be at the forefront of their deployments. Just as important is the security of important local files and documents. We can employ the GNU Privacy Guard, or GPG, toolset to encrypt files; and through the use of sharing public keys with other users, we can decrypt files from other people. In this hands-on lab, we will walk through creating a new public GPG key, encrypt a file and sign it, and send that file to another user to decrypt with our public key.

Try for free Contact sales
Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Beginner
Duration
Clock icon 1h 0m
Published
Clock icon Nov 12, 2018

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Create a GPG Key for `cloud_user`

    1. After you log in to the server as the cloud_user account, generate a new GPG key, accepting the defaults for each prompt. For the Real name, enter cloud_user, and for the Email address, use cloud_user@localhost. You can leave the comment field blank by just pressing Enter.
        gpg --gen-key

    1. Use the following for the key's passphrase: password321 (In the real world, you would want to use a more secure passphrase!).

    2. After the key has been created, we will need to export it so that Gordon Freeman can decrypt files from us. Export the cloud_user public key for gfreeman to use.

        gpg -a -o gfreeman.key --export [key ID]

    Use the public key reference ID from the output of the key generation.
    1. Using the mail command, send an email to Gordon Freeman containing the cloud_user public key as an attachment.
        mail -s "here is your key" -a gfreeman.key gfreeman@localhost
    Don't lose this!  I'll call you with the passphrase.
    .
    1. Press Enter after the final dot to send the message.

  2. Challenge

    Configure GPG for Gordon

    1. Now you will need to set up the GPG environment for Gordon Freeman. Use a secure shell session to log into the gfreeman account (the password for this user is the same as the cloud_user account).
        ssh gfreeman@localhost
    1. Just as you did with the cloud_user account, generate a GPG key for Mr. Freeman, accepting the defaults for each prompt. For the Real name, enter gfreeman, and for the Email address, use gfreeman@localhost. You can leave the comment field blank (just press Enter).
        gpg --gen-key

    1. Use the following for the key's passphrase: password321 (In the real world, you would want to use a more secure passphrase!).

    2. After creating the key for Mr. Freeman, open up the mutt email client, and save the public key sent over by the cloud_user account. Press Enter on the email message, then the [v] key to view the attachment, and press the [s] key to save it to Mr. Freeman's home directory. Press the [q] key to exit mutt.

    3. Now we need to import the public key from cloud_user into Mr. Freeman's keyring. Run the following command to do so:

        gpg --import gfreeman.key
    1. Run the following command to view the contents of Mr. Freeman's keyring:
        gpg --list-keys
    1. Log out of gfreeman's account:
        exit

  3. Challenge

    Generate a Signed Document and Send It to Gordon

    When we digitally sign a file, we are using our private GPG key to guarantee that this file came from us. The user that receives the file will use their copy of the public key from you to verify that the file was signed by you.

    1. Run the following command to generate a test document:
        echo "Just need you to verify this file." > note.txt
    1. Now we are going to use cloud_user's private key to sign the file. Run the following command to do so, and use the passphrase that was set for the key:
        gpg --clearsign note.txt

    There should now be a note.txt.asc file in cloud_user's home directory.

    1. Create an email, attach the note.txt.asc file to the message, and send it to gfreeman@localhost.
        mail -s "check this out" -a note.txt.asc gfreeman@localhost
    Could you verify this file for me?
    .

  4. Challenge

    Verify the Signature of the Emailed Document

    1. Use a secure shell session to log in to the gfreeman account (the password for this user is the same as the one for the cloud_user account).
    ssh gfreeman@localhost

    1. Use the mutt email client to view and save the new email message's attachment.

    2. Next, verify the note.txt.asc file that was emailed using the following:

    gpg --verify note.txt.asc
    1. You will receive a warning about the signature not being verified by a third party, and that's ok. What is important is the following line from the output:
    gpg: Good signature from "cloud_user <cloud_user@localhost>"

    This is what a verfied file displays.

    1. Next, encrypt a copy of the /etc/fstab file with the following:
    cp /etc/fstab ~
gpg -a -r cloud_user -e ~/fstab

    You will see a general warning displayed about the key possibly not belonging to the named person. We know that this key is from cloud_user, as we have verified this. Type y at the prompt.

    1. Verify that there is a file called fstab.asc in gfreeman's home directory. Create a new email to cloud_user, and attach this file:
    mail -s "looks good" -a fstab.asc cloud_user@localhost
Can you decrypt this?
.
    1. Log out of Mr. Freeman's account:
    exit

  5. Challenge

    Decrypt the Attached File

    1. As the cloud_user, open up the mutt email client and save the fstab.asc attachment from the new email.

    2. Decrypt the saved fstab.asc file with the gpg command. Enter the passphrase for cloud_user's key when prompted.

        gpg fstab.asc
    1. Verify that you can read the contents of the decrypted file.
        cat fstab
A Cloud Guru - Labs - Encrypt a File Using GPG
Author
A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans