how to encrypt a file using private key in gpg

linux encryption public-key-encryption private-key gnupg
Hamid Reza Moradi picture Hamid Reza Moradi · Jan 21, 2013 · Viewed 16.4k times · Source

I'm producing an update for some systems and I want to encrypt the updates for keeping confidentiality, integrity and validity of my signature. I want to encrypt the file with my private key and send them to my client so that they can decrypt it with my public key. But the way GPG works is encryption with public and decrypt with private. I don't want to send my private key so that I can change it and send public key to anyone else . Any idea how to do that???

Answer

umläute picture umläute · Jan 21, 2013

What you mean is not called "encryption" but "signing" in gpg lingo.

Signing is basically encrypting with your private key and decrypting with the public key.

Use

 gpg --sign myfile.ext

Or use your email-client's signing capabilities.

Signing will obviously allow anybody who has access to your "public" key to read the contents of your file (and since a "public" key is usually, well..., public, this will allow everybody to decypher the content).

If you are looking for a method, where only the recipient can decode the content, then you need to encrypt the data in a way where only the recipient has access to the decrypting token. obviously the recipient need to have such a token (that is: you encode with their public key, so they can decode with their private key)

UPDATE

To make it simple: if you want to guarantee integrity (that is: the recipient knows for sure, that the data comes from you and nobody else), you need to sign the data. If you want to guarantee confidentiality (that is: only your recipient can read the data), you need to encrypt the data.

Both signing and encryption are really the same thing. The only difference is, who has access to the keys.

With signing, you use your private key to encrypt the data, and it can be decrypted with your public key (and since everybody has access to the public key, everybody can decrypt it, and thus everybody can validate that the data has been signed by you)

With encrypting, you use your recipients public key to encrypt the data, and they use their private key to decrypt it (so only they can read it; but everybody can send them an encrypted datum, they have no guarantee that it really comes from the sender, but it is guaranteed that only they can read it).

If you need both confidentiality and integrity, you need to do both signing and encryption, and for this to work, both you and your recipients need to have a (different) public/private key pair.

CONCLUSION

Since both signing and encrypting are the same thing, you can use both to guarantee validity and integrity of your data, as long as you have full control over the availability of the keys involved.

Related questions

File Encryption/Decryption with AES using linux

I'm using openwrt linux distribution and I want to encrypt a file using AES. How can I do that quickly and easily, and how can I - or someone else -decrypt it again?

Read More
Encryption/decryption doesn't work well between two different openssl versions

I've downloaded and compiled openssl-1.1.0. I can encrypt and decrypt using the same exe of openssl (as is here) me@ubuntu:~/openssl-1.1.0$ LD_LIBRARY_PATH=. ./apps/openssl aes-256-cbc -a -salt -in file.txt -out file.txt.enc enter aes-256…

Read More
How to load LUKS passphrase from USB, falling back to keyboard?

I want to set up a headless Linux (Debian Wheezy) PC with whole disk encryption, with the ability to unlock the disk either with a USB drive, or by entering a passphrase by keyboard. My starting point is a fresh …

Read More