2 years ago
In this guide, I volition explicate the options astatine your disposal for encrypting files utilizing open-source bundle connected a Linux, Mac, oregon Windows computer. You tin past transport this integer accusation crossed region and time, to yourself oregon others.
The programme “GNU Privacy Guard” (GPG) an open-source mentation of PGP (Pretty Good Privacy), allows:
- Encryption utilizing a password.
- Secret messaging utilizing public/private cardinal cryptography
- Message/Data authentication (using integer signatures and verification)
- Private cardinal authentication (used successful Bitcoin)
Option One
Option 1 is what I’ll beryllium demonstrating below. You tin encrypt a record utilizing immoderate password you like. Any idiosyncratic with the password tin past unlock (decrypt) the record to presumption it. The occupation is, however bash you nonstop the password to idiosyncratic successful a unafraid way? We’re backmost to the archetypal problem.
Option Two
Option 2 solves this dilemma (how-to here). Instead of locking the record with a password, we tin fastener it with someone’s nationalist cardinal — that “someone” is the intended recipient of the message. The nationalist cardinal comes from a corresponding backstage key, and the backstage cardinal (which lone the “someone” has) is utilized to unlock (decrypt) the message. With this method, nary delicate (unencrypted) accusation is ever sent. Very nice!
The nationalist cardinal is thing that tin beryllium distributed implicit the net safely. Mine is here, for example. They are usually sent to keyservers. Keyservers are similar nodes that store nationalist keys. They support and synchronize copies of peoples’ nationalist keys. Here’s one:
You tin participate my email and find my nationalist cardinal successful the result. I’ve besides stored it here and you tin comparison what you recovered connected the server.
Option Three
Option 3 is not astir concealed messages. It is astir checking that a connection has not been altered during its delivery. It works by having idiosyncratic with a backstage cardinal sign immoderate integer data. The information tin beryllium a missive oregon adjacent software. The process of signing creates a integer signature (a ample fig derived from the backstage cardinal and the information that’s getting signed). Here’s what a integer signature looks like:
It’s a substance record that begins with a “begin” signal, and ends with an “end” signal. In betwixt is simply a clump of substance that really encodes an tremendous number. This fig is derived from the backstage cardinal (a elephantine number) and the information (which is really ever a fig also; each information is zeros and ones to a computer).
Anyone tin verify that the information has not been changed since the archetypal writer signed it by taking the:
- Public key
- Data
- Signature
The output to the query volition beryllium TRUE oregon FALSE. TRUE means that the record you downloaded (or message) has not been modified since the developer signed it. Very cool! FALSE means that the information has changed oregon the incorrect signature is being applied.
Option Four
Option 4 is similar enactment three, but that alternatively of checking if the information has not been modified, past TRUE volition mean that the signature was produced by the backstage cardinal associated with the nationalist cardinal offered. In different words, the idiosyncratic who signed has the backstage cardinal to the nationalist cardinal that we have.
Interestingly, this is each that Craig Wright would person to bash to beryllium helium is Satoshi Nakamoto. He doesn’t person to really walk immoderate coins.
We already person the addresses (similar to nationalist keys) that are owned by Satoshi. Craig tin past nutrient a signature with his backstage cardinal to those addresses, combined with immoderate connection specified arsenic “I truly americium Satoshi, haha!” and we tin past harvester the message, the signature, and the address, and get a TRUE effect if helium is Satoshi, and a CRAIG_WRIGHT_IS_A_LIAR_AND_A_FRAUD effect if helium isn’t.
Option Three And Four — The Difference.
It’s really a substance of what you trust. If you spot that the sender owns the backstage cardinal to the nationalist cardinal you have, past verification checks that the connection has not changed.
If you don’t spot the backstage cardinal / nationalist cardinal relationship, past verification is not astir the connection changing, but the cardinal relationship.
It’s 1 oregon the different for a FALSE result.
If you get a TRUE result, past you cognize that BOTH the cardinal narration is valid, AND the connection is unaltered since the signature was produced.
Get GPG For Your Computer
GPG already comes with Linux operating systems. If you are unfortunate capable to beryllium utilizing a Mac, oregon God forbid a Windows computer, past you’ll request to download bundle with GPG. Instructions to download and however to usage it connected those operating systems tin beryllium recovered here.
You don’t request to usage immoderate of the graphical components of the software, everything tin beryllium done from the bid line.
Encrypting Files With A Password
Create the concealed file. This tin beryllium a elemental substance file, oregon a zip record containing galore files, oregon an archive record (tar). Depending connected however delicate the information is, you mightiness see creating the record connected an air-gapped computer. Either a desktop machine built with nary WiFi components, and ne'er to beryllium connected to the net by cable, oregon you tin physique a Raspberry Pi Zero v1.3 precise cheaply, with instructions here.
Using a terminal (Linux/Mac) oregon CMD.exe (Windows), alteration your moving directory to wherever you enactment the file. If that makes nary sense, hunt the net and successful 5 minutes you tin larn however to navigate the record strategy circumstantial to your operating strategy (search: “YouTube navigating record strategy bid prompt” and see your operating system’s name).
From the close directory, you tin encrypt the record (“file.txt” for example) similar this:
gpg -c file.txt
That’s “gpg”, a space, “-c”, a space, and past the sanction of the file.
You’ll past beryllium prompted for a password. This volition encrypt the caller file. If you’re utilizing GPG Suite connected the Mac, announcement the “Save successful Keychain” is checked by default (see below). You mightiness privation to not prevention this password if it’s peculiarly sensitive.
Whichever OS you use, the password volition beryllium saved for 10 minutes to the memory. You tin wide it similar this:
gpg-connect-agent reloadagent /bye
Once your record is encrypted, the archetypal record volition stay (unencrypted), and a caller record volition beryllium created. You indispensable determine if you volition delete the archetypal oregon not. The caller file’s sanction volition beryllium the aforesaid arsenic the archetypal but there’ll beryllium a “.gpg” astatine the end. For example, “file.txt” volition make a caller record called “file.txt.gpg”. You tin past rename the record if you wish, oregon you could person named the record by adding other options successful the bid above, similar this:
gpg -c –output MySecretFile.txt file.txt
Here, we person “gpg”, a space, “-c”, a space, “–output”, a space, the filename you want, a space, the sanction of the record you are encrypting.
It’s a bully thought to signifier decrypting the file. This is 1 way:
gpg file.txt.gpg
This is conscionable “gpg”, a space, and the sanction of the encrypted file. You don’t request to enactment immoderate options.
The GPG programme volition conjecture what you mean and volition effort to decrypt the file. If you bash this instantly aft encrypting the file, you whitethorn not beryllium prompted for a password due to the fact that the password is inactive successful the computer’s representation (for 10 minutes). Otherwise, you’ll request to participate the password (GPG calls it a passphrase).
You volition announcement with the “ls” bid (Mac/Linux) oregon “dir” bid (Windows), that a caller record has been created successful your moving directory, without the “.gpg” extension. You tin work it from the bid punctual with (Mac/Linux):
cat file.txt
Another mode to decrypt the record is with this command:
gpg -d file.txt.gpg
This is the aforesaid arsenic earlier but with a “-d” enactment arsenic well. In this case, a caller record is not created, but the contents of the record are printed to the screen.
You tin besides decrypt the record and specify the output file’s sanction similar this:
gpg -d –output file.txt file.txt.gpg
Here we person “gpg”, a space, “-d” which is not strictly required, a space, “–output”, a space, the sanction of the caller record we want, a space, and yet the sanction of the record we are decrypting.
Sending The Encrypted File
You tin present transcript this record to a USB drive, oregon email it. It is encrypted. Nobody tin work it arsenic agelong arsenic the password is bully (long and analyzable enough) and can’t beryllium cracked.
You could nonstop this connection to yourself successful different state by storing it successful email oregon the cloud.
Some silly radical person stored their Bitcoin backstage keys to the unreality successful an unencrypted state, which is ridiculously risky. But if the record containing Bitcoin backstage keys is encrypted with a beardown password, it’s safer. This is particularly existent if it’s not called “Bitcoin_Private_Keys.txt.gpg” – Don’t bash that!
WARNING: It’s important to recognize that successful nary mode americium I encouraging you to enactment your Bitcoin backstage cardinal accusation connected a machine (hardware wallets were created to let you to ne'er request to bash this). What I americium explaining present is for peculiar cases, nether my guidance. My students successful the mentorship program volition cognize what they are doing and volition lone usage an air-gapped computer, and cognize each the imaginable risks and problems, and ways to debar them. Please don’t benignant effect phrases into a machine unless you are a information adept and cognize precisely what you are doing, and don’t blasted maine if your bitcoin is stolen!
The encrypted record tin besides beryllium sent to different person, and the password tin beryllium sent separately, possibly with a antithetic connection device. This is the simpler, and little unafraid way, compared to enactment 2 explained astatine the opening of this guide.
There are really each sorts of ways you tin conception the transportation of a concealed connection crossed region and time. If you cognize these tools, deliberation hard and cautiously astir each the risks and scenarios, a bully program tin beryllium made. Or, I americium disposable to assist.
Good luck, and blessed Bitcoining!
This is simply a impermanent station by Arman The Parman. Opinions expressed are wholly their ain and bash not needfully bespeak those of BTC Inc oregon Bitcoin Magazine.
English (US) 