On this information, I’ll clarify the choices at your disposal for encrypting recordsdata utilizing open-source software program on a Linux, Mac, or Home windows pc. You possibly can then transport this digital info throughout distance and time, to your self or others.
This system “GNU Privateness Guard” (GPG) an open-source model of PGP (Fairly Good Privateness), permits:
- Encryption utilizing a password.
- Secret messaging utilizing public/non-public key cryptography
- Message/Knowledge authentication (utilizing digital signatures and verification)
- Non-public key authentication (utilized in Bitcoin)
Choice One
Choice one is what I’ll be demonstrating under. You possibly can encrypt a file utilizing any password you want. Any individual with the password can then unlock (decrypt) the file to view it. The issue is, how do you ship the password to somebody in a safe method? We’re again to the unique drawback.
Choice Two
Choice two solves this dilemma (how-to right here). As a substitute of locking the file with a password, we are able to lock it with somebody’s public key — that “somebody” is the meant recipient of the message. The general public key comes from a corresponding non-public key, and the non-public key (which solely the “somebody” has) is used to unlock (decrypt) the message. With this methodology, no delicate (unencrypted) info is ever despatched. Very good!
The general public secret is one thing that may be distributed over the web safely. Mine is right here, for instance. They’re often despatched to keyservers. Keyservers are like nodes that retailer public keys. They maintain and synchronize copies of peoples’ public keys. Right here’s one:
You possibly can enter my e mail and discover my public key within the consequence. I’ve additionally saved it right here and you’ll evaluate what you discovered on the server.
Choice Three
Choice three will not be about secret messages. It’s about checking {that a} message has not been altered throughout its supply. It really works by having somebody with a non-public key signal some digital knowledge. The information generally is a letter and even software program. The method of signing creates a digital signature (a big quantity derived from the non-public key and the info that’s getting signed). Right here’s what a digital signature seems to be like:
It’s a textual content file that begins with a “start” sign, and ends with an “finish” sign. In between is a bunch of textual content that truly encodes an infinite quantity. This quantity is derived from the non-public key (an enormous quantity) and the info (which is definitely at all times a quantity additionally; all knowledge is zeros and ones to a pc).
Anybody can confirm that the info has not been modified because the unique writer signed it by taking the:
- Public key
- Knowledge
- Signature
The output to the question will probably be TRUE or FALSE. TRUE signifies that the file you downloaded (or message) has not been modified because the developer signed it. Very cool! FALSE signifies that the info has modified or the incorrect signature is being utilized.
Choice 4
Choice 4 is like choice three, besides that as an alternative of checking if the info has not been modified, then TRUE will imply that the signature was produced by the non-public key related to the general public key provided. In different phrases, the one who signed has the non-public key to the general public key that now we have.
Curiously, that is all that Craig Wright must do to show he’s Satoshi Nakamoto. He doesn’t have to really spend any cash.
We have already got the addresses (just like public keys) which are owned by Satoshi. Craig can then produce a signature along with his non-public key to these addresses, mixed with any message corresponding to “I actually am Satoshi, haha!” and we are able to then mix the message, the signature, and the handle, and get a TRUE consequence if he’s Satoshi, and a CRAIG_WRIGHT_IS_A_LIAR_AND_A_FRAUD consequence if he isn’t.
Choice Three And 4 — The Distinction.
It’s really a matter of what you belief. In case you belief that the sender owns the non-public key to the general public key you’ve gotten, then verification checks that the message has not modified.
In case you don’t belief the non-public key / public key relationship, then verification will not be concerning the message altering, however the important thing relationship.
It’s one or the opposite for a FALSE consequence.
In case you get a TRUE consequence, then that BOTH the important thing relationship is legitimate, AND the message is unaltered because the signature was produced.
Get GPG For Your Pc
GPG already comes with Linux working programs. In case you are unlucky sufficient to be utilizing a Mac, or God forbid a Home windows pc, then you definately’ll have to obtain software program with GPG. Directions to obtain and how one can apply it to these working programs might be discovered right here.
You don’t want to make use of any of the graphical parts of the software program, all the things might be executed from the command line.
Encrypting Information With A Password
Create the key file. This generally is a easy textual content file, or a zipper file containing many recordsdata, or an archive file (tar). Relying on how delicate the info is, you would possibly contemplate creating the file on an air-gapped pc. Both a desktop pc constructed with no WiFi parts, and by no means to be linked to the web by cable, or you’ll be able to construct a Raspberry Pi Zero v1.3 very cheaply, with directions right here.
Utilizing a terminal (Linux/Mac) or CMD.exe (Home windows), change your working listing to wherever you place the file. If that is mindless, search the web and in 5 minutes you’ll be able to learn to navigate the file system particular to your working system (search: “YouTube navigating file system command immediate” and embrace your working system’s identify).
From the proper listing, you’ll be able to encrypt the file (“file.txt” for instance) like this:
gpg -c file.txt
That’s “gpg”, an area, “-c”, an area, after which the identify of the file.
You’ll then be prompted for a password. It will encrypt the brand new file. In case you’re utilizing GPG Suite on the Mac, discover the “Save in Keychain” is checked by default (see under). You would possibly need to not save this password if it’s significantly delicate.
Whichever OS you employ, the password will probably be saved for 10 minutes to the reminiscence. You possibly can clear it like this:
gpg-connect-agent reloadagent /bye
As soon as your file is encrypted, the unique file will stay (unencrypted), and a brand new file will probably be created. You could resolve if you’ll delete the unique or not. The brand new file’s identify would be the similar as the unique however there’ll be a “.gpg” on the finish. For instance, “file.txt” will create a brand new file referred to as “file.txt.gpg”. You possibly can then rename the file if you want, or you would have named the file by including further choices within the command above, like this:
gpg -c –output MySecretFile.txt file.txt
Right here, now we have “gpg”, an area, “-c”, an area, “–output”, an area, the filename you need, an area, the identify of the file you’re encrypting.
It’s a good suggestion to apply decrypting the file. That is a technique:
gpg file.txt.gpg
That is simply “gpg”, an area, and the identify of the encrypted file. You don’t have to put any choices.
The GPG program will guess what you imply and can try and decrypt the file. In case you do that instantly after encrypting the file, you might not be prompted for a password as a result of the password continues to be within the pc’s reminiscence (for 10 minutes). In any other case, you’ll have to enter the password (GPG calls it a passphrase).
You’ll discover with the “ls” command (Mac/Linux) or “dir” command (Home windows), {that a} new file has been created in your working listing, with out the “.gpg” extension. You possibly can learn it from the command immediate with (Mac/Linux):
cat file.txt
One other solution to decrypt the file is with this command:
gpg -d file.txt.gpg
This is identical as earlier than however with a “-d” choice as nicely. On this case, a brand new file will not be created, however the contents of the file are printed to the display screen.
It’s also possible to decrypt the file and specify the output file’s identify like this:
gpg -d –output file.txt file.txt.gpg
Right here now we have “gpg”, an area, “-d” which isn’t strictly required, an area, “–output”, an area, the identify of the brand new file we would like, an area, and at last the identify of the file we’re decrypting.
Sending The Encrypted File
Now you can copy this file to a USB drive, or e mail it. It’s encrypted. No one can learn it so long as the password is sweet (lengthy and sophisticated sufficient) and might’t be cracked.
You would ship this message to your self in a foreign country by storing it in e mail or the cloud.
Some foolish folks have saved their Bitcoin non-public keys to the cloud in an unencrypted state, which is ridiculously dangerous. But when the file containing Bitcoin non-public keys is encrypted with a robust password, it’s safer. That is very true if it’s not referred to as “Bitcoin_Private_Keys.txt.gpg” – Don’t do this!
WARNING: It’s vital to grasp that by no means am I encouraging you to place your Bitcoin non-public key info on a pc ({hardware} wallets had been created to assist you to by no means want to do that). What I’m explaining right here is for particular circumstances, below my steering. My college students within the mentorship program will know what they’re doing and can solely use an air-gapped pc, and know all of the potential dangers and issues, and methods to keep away from them. Please don’t kind seed phrases into a pc except you’re a safety knowledgeable and know precisely what you’re doing, and don’t blame me in case your bitcoin is stolen!
The encrypted file will also be despatched to a different individual, and the password might be despatched individually, maybe with a special communication gadget. That is the less complicated, and fewer safe method, in comparison with choice two defined initially of this information.
There are literally all kinds of the way you’ll be able to assemble the supply of a secret message throughout distance and time. If these instruments, assume arduous and thoroughly about all of the dangers and situations, an excellent plan might be made. Or, I’m accessible to help.
Good luck, and completely satisfied Bitcoining!
This can be a visitor put up by Arman The Parman. Opinions expressed are completely their very own and don’t essentially mirror these of BTC Inc or Bitcoin Journal.
