As several of us at SIMS I have interview files that need to be handled securely. In order to have a secure backup I decided to put all the files on a remote computer. Despite the fact that I trust the people who manage it, however, I thought it would be good practice to encrypt the files. I looked for a number of simple cross-platform solutions and ended up settling on GPG (a GNU version of PGP). It wasn’t exactly what I wanted, since I was just looking for a simple symmetric cypher (i.e. a program that requires the same password for encrypting and decrypting), but everything I found seemed either not cross-platform enough or too much of a hassle. So, I settled on GPG, which is public-key / private-key system, which means you use one key to encrypt and another key (+ a password) to decrypt. It’s more of a hassle than a simple symmetric cypher but it’s more secure (since I don’t need to keep my password in my head) and it allows anyone to encrypt files that only I can decrypt. Remembering the strange things that Joe and I had to do to share interview files during our last project, I figured maybe this feature is actually worthwhile.
Here is what it takes to use GPG for basic file encryption. First install GPG or use a computer that has it installed (at SIMS “irony” has GPG on it). Then generate a key pair:
gpg --gen-key
After you are done, export the secret and public keys:
gpg --export-secret-key -a my@email.edu > private-gpg-key.asc
gpg --export -a my@email.edu > yuri-public-gpg.asc
Keep it the secret key somewhere safe, and give the public key to anyone who needs to send you encrypted stuff. In my case, I put the public key on my website. I then went to the other computer (where I copied my interview files) and imported the key there:
wget http://www.freewisdom.org/gpg/yuri-public-gpg-key.asc
gpg --import yuri-public-gpg-key.asc
(You can use scp or other things instead of wget.) Note that with this setup I can now encrypt any files on the remote computer, but they can’t be decrypted there.
Then I encrypt the files. Note that when you encrypt them you need to specify a recipient, who is the only person who can decrypt them:
gpg -e --recipient my@email.edu filename.mp3
Or, I can encrypt all the files at once:
gpg --recipient my@email.edu --encrypt-files *.mp3
Finally, I move one of the encrypted files back to my home computer and try decrypting it there and checking that I get the same file that I stated with.
gpg --decrypt --output filename.mp3 filename.mp3.gpg
diff filename.mp3 originalfile.mp3
Now I just need to figure out where to keep a copy of my private key… Otherwise, I am no better now in case of a hard drive crash than I would have been without a copy: if my harddrive dies I won’t be able to use the remote files either!