In this information, I’ll clarify the choices at your disposal for encrypting information utilizing open-source software program on a Linux, Mac, or Windows pc. You can then transport this digital data throughout distance and time, to your self or others.
The program “GNU Privacy Guard” (GPG) an open-source model of PGP (Pretty Good Privacy), permits:
- Encryption utilizing a password.
- Secret messaging utilizing public/non-public key cryptography
- Message/Data authentication (utilizing digital signatures and verification)
- Private key authentication (utilized in Bitcoin)
Option One
Option one is what I’ll be demonstrating beneath. You can encrypt a file utilizing any password you want. Any individual with the password can then unlock (decrypt) the file to view it. The downside is, how do you ship the password to somebody in a safe approach? We’re again to the unique downside.
Option Two
Option two solves this dilemma (how-to right here). Instead of locking the file with a password, we will lock it with somebody’s public key — that “someone” is the meant recipient of the message. The public key comes from a corresponding non-public key, and the non-public key (which solely the “someone” has) is used to unlock (decrypt) the message. With this methodology, no delicate (unencrypted) data is ever despatched. Very good!
The public key is one thing that may be distributed over the web safely. Mine is here, for instance. They are often despatched to keyservers. Keyservers are like nodes that retailer public keys. They maintain and synchronize copies of peoples’ public keys. Here’s one:
You can enter my email and discover my public key within the outcome. I’ve additionally saved it here and you may evaluate what you discovered on the server.
Option Three
Option three is not about secret messages. It is about checking {that a} message has not been altered throughout its supply. It works by having somebody with a personal key signal some digital knowledge. The knowledge generally is a letter and even software program. The strategy of signing creates a digital signature (a big quantity derived from the non-public key and the info that’s getting signed). Here’s what a digital signature seems to be like:
It’s a textual content file that begins with a “begin” sign, and ends with an “end” sign. In between is a bunch of textual content that really encodes an unlimited quantity. This quantity is derived from the non-public key (an enormous quantity) and the info (which is really at all times a quantity additionally; all knowledge is zeros and ones to a pc).
Anyone can confirm that the info has not been modified for the reason that unique creator signed it by taking the:
- Public key
- Data
- Signature
The output to the question might be TRUE or FALSE. TRUE signifies that the file you downloaded (or message) has not been modified for the reason that developer signed it. Very cool! FALSE signifies that the info has modified or the incorrect signature is being utilized.
Option Four
Option 4 is like possibility three, besides that as an alternative of checking if the info has not been modified, then TRUE will imply that the signature was produced by the non-public key related to the general public key supplied. In different phrases, the one who signed has the non-public key to the general public key that we have now.
Interestingly, this is all that Craig Wright would have to do to show he is Satoshi Nakamoto. He doesn’t have to really spend any cash.
We have already got the addresses (comparable to public keys) that are owned by Satoshi. Craig can then produce a signature together with his non-public key to these addresses, mixed with any message reminiscent of “I really am Satoshi, haha!” and we will then mix the message, the signature, and the handle, and get a TRUE outcome if he is Satoshi, and a CRAIG_WRIGHT_IS_A_LIAR_AND_A_FRAUD outcome if he isn’t.
Option Three And Four — The Difference.
It’s really a matter of what you belief. If you belief that the sender owns the non-public key to the general public key you might have, then verification checks that the message has not modified.
If you don’t belief the non-public key / public key relationship, then verification is not concerning the message altering, however the important thing relationship.
It’s one or the opposite for a FALSE outcome.
If you get a TRUE outcome, then you realize that BOTH the important thing relationship is legitimate, AND the message is unaltered for the reason that signature was produced.
Get GPG For Your Computer
GPG already comes with Linux working methods. If you are unlucky sufficient to be utilizing a Mac, or God forbid a Windows pc, then you definitely’ll want to obtain software program with GPG. Instructions to download and how to use it on those operating systems can be found here.
You don’t want to use any of the graphical elements of the software program, the whole lot could be carried out from the command line.
Encrypting Files With A Password
Create the key file. This generally is a easy textual content file, or a zipper file containing many information, or an archive file (tar). Depending on how delicate the info is, you would possibly contemplate creating the file on an air-gapped pc. Either a desktop pc constructed with no WiFi elements, and by no means to be linked to the web by cable, or you may construct a Raspberry Pi Zero v1.3 very cheaply, with instructions here.
Using a terminal (Linux/Mac) or CMD.exe (Windows), change your working listing to wherever you set the file. If that is not sensible, search the web and in 5 minutes you may learn the way to navigate the file system particular to your working system (search: “YouTube navigating file system command prompt” and embody your working system’s title).
From the right listing, you may encrypt the file (“file.txt” for instance) like this:
gpg -c file.txt
That’s “gpg”, an area, “-c”, an area, after which the title of the file.
You’ll then be prompted for a password. This will encrypt the brand new file. If you’re utilizing GPG Suite on the Mac, discover the “Save in Keychain” is checked by default (see beneath). You would possibly need to not save this password if it’s notably delicate.
Whichever OS you employ, the password might be saved for 10 minutes to the reminiscence. You can clear it like this:
gpg-connect-agent reloadagent /bye
Once your file is encrypted, the unique file will stay (unencrypted), and a brand new file might be created. You should resolve if you’ll delete the unique or not. The new file’s title would be the similar as the unique however there’ll be a “.gpg” on the finish. For instance, “file.txt” will create a brand new file referred to as “file.txt.gpg”. You can then rename the file if you want, or you might have named the file by including further choices within the command above, like this:
gpg -c –output MySecretFile.txt file.txt
Here, we have now “gpg”, an area, “-c”, an area, “–output”, an area, the filename you need, an area, the title of the file you are encrypting.
It’s a good suggestion to apply decrypting the file. This is a technique:
gpg file.txt.gpg
This is simply “gpg”, an area, and the title of the encrypted file. You don’t want to put any choices.
The GPG program will guess what you imply and can try to decrypt the file. If you do that instantly after encrypting the file, you might not be prompted for a password as a result of the password is nonetheless within the pc’s reminiscence (for 10 minutes). Otherwise, you’ll want to enter the password (GPG calls it a passphrase).
You will discover with the “ls” command (Mac/Linux) or “dir” command (Windows), {that a} new file has been created in your working listing, with out the “.gpg” extension. You can learn it from the command immediate with (Mac/Linux):
cat file.txt
Another approach to decrypt the file is with this command:
gpg -d file.txt.gpg
This is the identical as earlier than however with a “-d” possibility as properly. In this case, a brand new file is not created, however the contents of the file are printed to the display.
You may also decrypt the file and specify the output file’s title like this:
gpg -d –output file.txt file.txt.gpg
Here we have now “gpg”, an area, “-d” which is not strictly required, an area, “–output”, an area, the title of the brand new file we wish, an area, and eventually the title of the file we are decrypting.
Sending The Encrypted File
You can now copy this file to a USB drive, or electronic mail it. It is encrypted. Nobody can learn it so long as the password is good (lengthy and sophisticated sufficient) and may’t be cracked.
You might ship this message to your self overseas by storing it in electronic mail or the cloud.
Some foolish individuals have saved their Bitcoin non-public keys to the cloud in an unencrypted state, which is ridiculously dangerous. But if the file containing Bitcoin non-public keys is encrypted with a powerful password, it’s safer. This is very true if it’s not referred to as “Bitcoin_Private_Keys.txt.gpg” – Don’t do this!
WARNING: It’s essential to perceive that under no circumstances am I encouraging you to put your Bitcoin non-public key data on a pc ({hardware} wallets have been created to enable you to by no means want to do that). What I’m explaining right here is for particular circumstances, underneath my steerage. My college students within the mentorship program will know what they are doing and can solely use an air-gapped pc, and know all of the potential dangers and issues, and methods to keep away from them. Please don’t sort seed phrases into a pc except you are a safety skilled and know precisely what you are doing, and don’t blame me in case your bitcoin is stolen!
The encrypted file may also be despatched to one other individual, and the password could be despatched individually, maybe with a special communication system. This is the less complicated, and fewer safe approach, in contrast to possibility two defined originally of this information.
There are really all types of how you may assemble the supply of a secret message throughout distance and time. If you realize these instruments, suppose arduous and punctiliously about all of the dangers and situations, a very good plan could be made. Or, I’m out there to help.
Good luck, and completely satisfied Bitcoining!
This is a visitor put up by Arman The Parman. Opinions expressed are totally their personal and don’t essentially mirror these of BTC Inc or Bitcoin Magazine.
