Using GPG and KGpg: Difference between revisions
Jump to navigation
Jump to search
(Created page with "= Using the command-line gpg client = * Encrypt: gpg -c myfile.txt * Decrypt: gpg -d myfile.txt.gpg > myfile.txt = Using KGpg = * You just need to emerge kde-apps/kgpg. * From Dolphin, you can then encrypt file with Right Click -> Encrypt File. Then for a symmetrical encryption (simple password), select Options then check "Symmetrical encryption" and uncheck "ASCII armored encryption". * To decrypt, Right Click -> Open with KGpg.") |
No edit summary |
||
| Line 1: | Line 1: | ||
= General Concepts = | |||
* GnuPG (GNU Privacy Guard), also known as GPG, is a free implementation of the OpenPGP standard. | |||
* KGpg is a GUI / frontend to GPG, for the KDE desktop environment. | |||
* OpenPGP can allow a lot of complex things related to encryption. It can perform '''symmetrical''' and '''asymmetrical''' encryption. | |||
* Symmetrical means that the encryption is done with a simple passphrase / cypher key, anyone that has the passphrase can decode the encrypted content. | |||
* Asymmetrical means that it uses a public / private key pair. With GnuPG, the public key seems to be saved to a remote key server and associated with an email address. The private key is stored locally on the computer - without it the encrypted content cannot be decrypted. | |||
* Currently I use mostly symmetrical encryption which is simpler. | |||
= Using the command-line gpg client = | = Using the command-line gpg client = | ||
* Encrypt: | * Encrypt symmetrically: | ||
gpg -c myfile.txt | gpg -c myfile.txt # without ASCII armor encryption, it will create binary data and .gpg extension | ||
gpg -c --armor myfile.txt # with ASCII armor encryption, it will create text data and .asc extension | |||
* Decrypt: | * Decrypt: | ||
gpg -d myfile.txt.gpg > myfile.txt | gpg -d myfile.txt.gpg > myfile.txt | ||
== GnuPG Agent == | |||
* GPG uses a background running agent, that will cache the passphrases of the keys (or of symmetrically encrypted content). For instance, if you try to decrypt a file, GPG will first ask you the password of the private key. If you decrypt it a second time right away (it can be with a different frontend, like KGpg), it won't prompt you and will just use the cached password. | |||
* Manually killing the agent will clear the cache (which can be useful for debugging). | |||
= Using KGpg = | = Using KGpg = | ||
* You just need to emerge kde-apps/kgpg. | * You just need to emerge kde-apps/kgpg. | ||
* From Dolphin, you can then encrypt file with Right Click -> Encrypt File. Then for a symmetrical encryption (simple password), select Options then check "Symmetrical encryption" | * From Dolphin, you can then encrypt file with Right Click -> Encrypt File. Then for a symmetrical encryption (simple password), select Options then check "Symmetrical encryption". "ASCII armored encryption" should preferably be checked. | ||
* To decrypt, Right Click -> Open with KGpg. | * To decrypt, Right Click -> Open with KGpg. | ||
== Pinentry == | |||
* If Kgpg fails to decrypt encrypted content, it probably means that pinentry is not properly configured. Pinentry is the tool used to prompt for the passphrases needed by GnuPG. It can use various implementations (Qt, curses...) and should be set correctly. If you use KDE, this means that the implementation should be set to Qt 6: | |||
eselect pinentry set pinentry-qt6 | |||
* If not done, KGpg can't prompt for passphrases and thus won't be able to decrypt content. | |||
Latest revision as of 08:45, 22 November 2024
General Concepts
- GnuPG (GNU Privacy Guard), also known as GPG, is a free implementation of the OpenPGP standard.
- KGpg is a GUI / frontend to GPG, for the KDE desktop environment.
- OpenPGP can allow a lot of complex things related to encryption. It can perform symmetrical and asymmetrical encryption.
- Symmetrical means that the encryption is done with a simple passphrase / cypher key, anyone that has the passphrase can decode the encrypted content.
- Asymmetrical means that it uses a public / private key pair. With GnuPG, the public key seems to be saved to a remote key server and associated with an email address. The private key is stored locally on the computer - without it the encrypted content cannot be decrypted.
- Currently I use mostly symmetrical encryption which is simpler.
Using the command-line gpg client
- Encrypt symmetrically:
gpg -c myfile.txt # without ASCII armor encryption, it will create binary data and .gpg extension gpg -c --armor myfile.txt # with ASCII armor encryption, it will create text data and .asc extension
- Decrypt:
gpg -d myfile.txt.gpg > myfile.txt
GnuPG Agent
- GPG uses a background running agent, that will cache the passphrases of the keys (or of symmetrically encrypted content). For instance, if you try to decrypt a file, GPG will first ask you the password of the private key. If you decrypt it a second time right away (it can be with a different frontend, like KGpg), it won't prompt you and will just use the cached password.
- Manually killing the agent will clear the cache (which can be useful for debugging).
Using KGpg
- You just need to emerge kde-apps/kgpg.
- From Dolphin, you can then encrypt file with Right Click -> Encrypt File. Then for a symmetrical encryption (simple password), select Options then check "Symmetrical encryption". "ASCII armored encryption" should preferably be checked.
- To decrypt, Right Click -> Open with KGpg.
Pinentry
- If Kgpg fails to decrypt encrypted content, it probably means that pinentry is not properly configured. Pinentry is the tool used to prompt for the passphrases needed by GnuPG. It can use various implementations (Qt, curses...) and should be set correctly. If you use KDE, this means that the implementation should be set to Qt 6:
eselect pinentry set pinentry-qt6
- If not done, KGpg can't prompt for passphrases and thus won't be able to decrypt content.