Encrypting Files with GPG Don't put anything here Don't put anything here Page Content Page Name (for URL) Page Title Breadcrumb Text As several of us at SIMS I have interview files that need to be handled securely. In order to have a secure backup I decided to put all the files on a remote computer. Despite the fact that I trust the people who manage it, however, I thought it would be good practice to encrypt the files. I looked for a number of simple cross-platform solutions and ended up settling on [GPG](http://www.gnupg.org/) (a GNU version of PGP). It wasn't exactly what I wanted, since I was just looking for a simple symmetric cypher (i.e. a program that requires the same password for encrypting and decrypting), but everything I found seemed either not cross-platform enough or too much of a hassle. So, I settled on GPG, which is public-key / private-key system, which means you use one key to encrypt and another key (+ a password) to decrypt. It's more of a hassle than a simple symmetric cypher but it's more secure (since I don't need to keep my password in my head) and it allows anyone to encrypt files that only I can decrypt. Remembering the strange things that Joe and I had to do to share interview files during our last project, I figured maybe this feature is actually worthwhile. Here is what it takes to use GPG for basic file encryption. First install GPG or use a computer that has it installed (at SIMS "irony" has GPG on it). Then generate a key pair: gpg --gen-key After you are done, export the secret and public keys: gpg --export-secret-key -a my@email.edu > private-gpg-key.asc gpg --export -a my@email.edu > yuri-public-gpg.asc Keep it the secret key somewhere safe, and give the public key to anyone who needs to send you encrypted stuff. In my case, I put the public key on my website. I then went to the other computer (where I copied my interview files) and imported the key there: wget http://www.freewisdom.org/gpg/yuri-public-gpg-key.asc gpg --import yuri-public-gpg-key.asc (You can use scp or other things instead of wget.) Note that with this setup I can now encrypt any files on the remote computer, but they can't be _decrypted_ there. Then I encrypt the files. Note that when you encrypt them you need to specify a recipient, who is the only person who can decrypt them: gpg -e --recipient my@email.edu filename.mp3 Or, I can encrypt all the files at once: gpg --recipient my@email.edu --encrypt-files *.mp3 Finally, I move one of the encrypted files back to my home computer and try decrypting it there and checking that I get the same file that I stated with. gpg --decrypt --output filename.mp3 filename.mp3.gpg diff filename.mp3 originalfile.mp3 Now I just need to figure out where to keep a copy of my private key... Otherwise, I am no better now in case of a hard drive crash than I would have been without a copy: if my harddrive dies I won't be able to use the remote files either! Don't put anything here Advanced Fields Category 2002200320042005200620072008200920102011201220132014E. AsiaE. EuropeL's FamilyL's FriendsN. AmericaN. EuropeS. AmericaS. AsiaW. EuropeY & LY's FamilyY's Friends Prototype Redirect Permissions0 Actions Config Markup Module HTML/Meta/Keywords HTML/Meta/Description Save Hook HTML Fields Main Head Body Header Menu Logo Content Template Page Sidebar Footer Tags Allowed for XSSFilter Don't put anything here HTTP Fields Cache-Control Expires Guru Fields Templates Translations Fields Edit UI Admin Edit UI Don't put anything here A summary of your changes Edit Summary Don't put anything here save preview cancel
