Using GPG and KGpg

From Elvanör's Technical Wiki
Revision as of 08:45, 22 November 2024 by Elvanor (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

General Concepts

  • GnuPG (GNU Privacy Guard), also known as GPG, is a free implementation of the OpenPGP standard.
  • KGpg is a GUI / frontend to GPG, for the KDE desktop environment.
  • OpenPGP can allow a lot of complex things related to encryption. It can perform symmetrical and asymmetrical encryption.
  • Symmetrical means that the encryption is done with a simple passphrase / cypher key, anyone that has the passphrase can decode the encrypted content.
  • Asymmetrical means that it uses a public / private key pair. With GnuPG, the public key seems to be saved to a remote key server and associated with an email address. The private key is stored locally on the computer - without it the encrypted content cannot be decrypted.
  • Currently I use mostly symmetrical encryption which is simpler.

Using the command-line gpg client

  • Encrypt symmetrically:
gpg -c myfile.txt # without ASCII armor encryption, it will create binary data and .gpg extension
gpg -c --armor myfile.txt # with ASCII armor encryption, it will create text data and .asc extension
  • Decrypt:
gpg -d myfile.txt.gpg > myfile.txt

GnuPG Agent

  • GPG uses a background running agent, that will cache the passphrases of the keys (or of symmetrically encrypted content). For instance, if you try to decrypt a file, GPG will first ask you the password of the private key. If you decrypt it a second time right away (it can be with a different frontend, like KGpg), it won't prompt you and will just use the cached password.
  • Manually killing the agent will clear the cache (which can be useful for debugging).

Using KGpg

  • You just need to emerge kde-apps/kgpg.
  • From Dolphin, you can then encrypt file with Right Click -> Encrypt File. Then for a symmetrical encryption (simple password), select Options then check "Symmetrical encryption". "ASCII armored encryption" should preferably be checked.
  • To decrypt, Right Click -> Open with KGpg.

Pinentry

  • If Kgpg fails to decrypt encrypted content, it probably means that pinentry is not properly configured. Pinentry is the tool used to prompt for the passphrases needed by GnuPG. It can use various implementations (Qt, curses...) and should be set correctly. If you use KDE, this means that the implementation should be set to Qt 6:
eselect pinentry set pinentry-qt6
  • If not done, KGpg can't prompt for passphrases and thus won't be able to decrypt content.