|
|
 
Conventional encryption is where there are no keys involved. This can be done with the -c option on GnuPG. When you use this option you will be asked for a passphrase. To decrypt the file the same passphrase is needed. This is ideal for password lists, where you have the ability to share the passphrase with those who need it. Another application is to encrypt filesystem backups. One caution, though. Be careful about the unencrypted file. If it lived on the filesystem, it often can be recovered. As for memory, GnuPG uses secure memory, and will warn you if it can't, so at least unencrypted files won't lay around in memory. Let's do some encrypting. We are going to use a big 529 meg file as a test, which GnuPG handled quite quickly. Let's encrypt the file:
u-1@srv-1 gpgt $ ls
s.rr
u-1@srv-1 gpgt $ gpg -c s.rr
u-1@srv-1 gpgt $ ls -l
... 529530880 Mar 11 09:29 s.rr
... 467898628 Mar 11 09:32 s.rr.gpg
|
You will be asked for your passphrase. Make sure you are doing this at the console or over a secure connection if this is a remote system. Notice that the gpg file is smaller. It is compressed by default. Now, we will move the gpg file to another directory, decrypt it, and make sure it is identical:
u-1@srv-1 gpgt $ mkdir ruk
u-1@srv-1 gpgt $ mv s.rr.gpg ruk
u-1@srv-1 gpgt $ cd ruk
u-1@srv-1 ruk $ ls
s.rr.gpg
u-1@srv-1 ruk $ gpg s.rr.gpg
gpg: CAST5 encrypted data
gpg: WARNING: message was not integrity protected
u-1@srv-1 ruk $ diff s.rr ../s.rr
u-1@srv-1 ruk $
|
Files are the same. All is good.
|
|
