[ad_1]
On this information, I’ll clarify the choices at your disposal for encrypting recordsdata utilizing open-source software program on a Linux, Mac, or Home windows laptop. You’ll be able to then transport this digital info throughout distance and time, to your self or others.
This system “GNU Privateness Guard” (GPG) an open-source model of PGP (Fairly Good Privateness), permits:
- Encryption utilizing a password.
- Secret messaging utilizing public/non-public key cryptography
- Message/Knowledge authentication (utilizing digital signatures and verification)
- Personal key authentication (utilized in Bitcoin)
Choice One
Choice one is what I’ll be demonstrating under. You’ll be able to encrypt a file utilizing any password you want. Any particular person with the password can then unlock (decrypt) the file to view it. The issue is, how do you ship the password to somebody in a safe manner? We’re again to the unique drawback.
Choice Two
Choice two solves this dilemma (how-to right here). As an alternative of locking the file with a password, we are able to lock it with somebody’s public key — that “somebody” is the supposed recipient of the message. The general public key comes from a corresponding non-public key, and the non-public key (which solely the “somebody” has) is used to unlock (decrypt) the message. With this technique, no delicate (unencrypted) info is ever despatched. Very good!
The general public key’s one thing that may be distributed over the web safely. Mine is right here, for instance. They’re often despatched to keyservers. Keyservers are like nodes that retailer public keys. They preserve and synchronize copies of peoples’ public keys. Right here’s one:
You’ll be able to enter my e-mail and discover my public key within the end result. I’ve additionally saved it right here and you’ll evaluate what you discovered on the server.
Choice Three
Choice three just isn’t about secret messages. It’s about checking {that a} message has not been altered throughout its supply. It really works by having somebody with a personal key signal some digital knowledge. The info is usually a letter and even software program. The method of signing creates a digital signature (a big quantity derived from the non-public key and the info that’s getting signed). Right here’s what a digital signature appears to be like like:
It’s a textual content file that begins with a “start” sign, and ends with an “finish” sign. In between is a bunch of textual content that truly encodes an infinite quantity. This quantity is derived from the non-public key (a large quantity) and the info (which is definitely all the time a quantity additionally; all knowledge is zeros and ones to a pc).
Anybody can confirm that the info has not been modified because the authentic creator signed it by taking the:
- Public key
- Knowledge
- Signature
The output to the question can be TRUE or FALSE. TRUE implies that the file you downloaded (or message) has not been modified because the developer signed it. Very cool! FALSE implies that the info has modified or the incorrect signature is being utilized.
Choice 4
Choice 4 is like possibility three, besides that as an alternative of checking if the info has not been modified, then TRUE will imply that the signature was produced by the non-public key related to the general public key supplied. In different phrases, the one that signed has the non-public key to the general public key that we’ve got.
Apparently, that is all that Craig Wright must do to show he’s Satoshi Nakamoto. He doesn’t have to really spend any cash.
We have already got the addresses (much like public keys) which might be owned by Satoshi. Craig can then produce a signature along with his non-public key to these addresses, mixed with any message comparable to “I actually am Satoshi, haha!” and we are able to then mix the message, the signature, and the deal with, and get a TRUE end result if he’s Satoshi, and a CRAIG_WRIGHT_IS_A_LIAR_AND_A_FRAUD end result if he isn’t.
Choice Three And 4 — The Distinction.
It’s truly a matter of what you belief. For those who belief that the sender owns the non-public key to the general public key you will have, then verification checks that the message has not modified.
For those who don’t belief the non-public key / public key relationship, then verification just isn’t concerning the message altering, however the important thing relationship.
It’s one or the opposite for a FALSE end result.
For those who get a TRUE end result, then you already know that BOTH the important thing relationship is legitimate, AND the message is unaltered because the signature was produced.
Get GPG For Your Pc
GPG already comes with Linux working techniques. In case you are unlucky sufficient to be utilizing a Mac, or God forbid a Home windows laptop, then you definately’ll must obtain software program with GPG. Directions to obtain and apply it to these working techniques will be discovered right here.
You don’t want to make use of any of the graphical elements of the software program, every thing will be finished from the command line.
Encrypting Information With A Password
Create the key file. This is usually a easy textual content file, or a zipper file containing many recordsdata, or an archive file (tar). Relying on how delicate the info is, you may contemplate creating the file on an air-gapped laptop. Both a desktop laptop constructed with no WiFi elements, and by no means to be linked to the web by cable, or you possibly can construct a Raspberry Pi Zero v1.3 very cheaply, with directions right here.
Utilizing a terminal (Linux/Mac) or CMD.exe (Home windows), change your working listing to wherever you set the file. If that is not sensible, search the web and in 5 minutes you possibly can learn to navigate the file system particular to your working system (search: “YouTube navigating file system command immediate” and embrace your working system’s title).
From the proper listing, you possibly can encrypt the file (“file.txt” for instance) like this:
gpg -c file.txt
That’s “gpg”, an area, “-c”, an area, after which the title of the file.
You’ll then be prompted for a password. This may encrypt the brand new file. For those who’re utilizing GPG Suite on the Mac, discover the “Save in Keychain” is checked by default (see under). You may need to not save this password if it’s notably delicate.
Whichever OS you utilize, the password can be saved for 10 minutes to the reminiscence. You’ll be able to clear it like this:
gpg-connect-agent reloadagent /bye
As soon as your file is encrypted, the unique file will stay (unencrypted), and a brand new file can be created. You will need to resolve if you’ll delete the unique or not. The brand new file’s title would be the similar as the unique however there’ll be a “.gpg” on the finish. For instance, “file.txt” will create a brand new file known as “file.txt.gpg”. You’ll be able to then rename the file if you want, or you possibly can have named the file by including additional choices within the command above, like this:
gpg -c –output MySecretFile.txt file.txt
Right here, we’ve got “gpg”, an area, “-c”, an area, “–output”, an area, the filename you need, an area, the title of the file you’re encrypting.
It’s a good suggestion to observe decrypting the file. That is a technique:
gpg file.txt.gpg
That is simply “gpg”, an area, and the title of the encrypted file. You don’t must put any choices.
The GPG program will guess what you imply and can try to decrypt the file. For those who do that instantly after encrypting the file, you will not be prompted for a password as a result of the password remains to be within the laptop’s reminiscence (for 10 minutes). In any other case, you’ll must enter the password (GPG calls it a passphrase).
You’ll discover with the “ls” command (Mac/Linux) or “dir” command (Home windows), {that a} new file has been created in your working listing, with out the “.gpg” extension. You’ll be able to learn it from the command immediate with (Mac/Linux):
cat file.txt
One other option to decrypt the file is with this command:
gpg -d file.txt.gpg
This is identical as earlier than however with a “-d” possibility as properly. On this case, a brand new file just isn’t created, however the contents of the file are printed to the display.
It’s also possible to decrypt the file and specify the output file’s title like this:
gpg -d –output file.txt file.txt.gpg
Right here we’ve got “gpg”, an area, “-d” which isn’t strictly required, an area, “–output”, an area, the title of the brand new file we would like, an area, and at last the title of the file we’re decrypting.
Sending The Encrypted File
Now you can copy this file to a USB drive, or e-mail it. It’s encrypted. No person can learn it so long as the password is sweet (lengthy and complex sufficient) and might’t be cracked.
You may ship this message to your self in a foreign country by storing it in e-mail or the cloud.
Some foolish individuals have saved their Bitcoin non-public keys to the cloud in an unencrypted state, which is ridiculously dangerous. But when the file containing Bitcoin non-public keys is encrypted with a powerful password, it’s safer. That is very true if it’s not known as “Bitcoin_Private_Keys.txt.gpg” – Don’t try this!
WARNING: It’s necessary to grasp that under no circumstances am I encouraging you to place your Bitcoin non-public key info on a pc ({hardware} wallets have been created to will let you by no means want to do that). What I’m explaining right here is for particular circumstances, underneath my steering. My college students within the mentorship program will know what they’re doing and can solely use an air-gapped laptop, and know all of the potential dangers and issues, and methods to keep away from them. Please don’t sort seed phrases into a pc except you’re a safety skilled and know precisely what you’re doing, and don’t blame me in case your bitcoin is stolen!
The encrypted file will also be despatched to a different particular person, and the password will be despatched individually, maybe with a unique communication gadget. That is the less complicated, and fewer safe manner, in comparison with possibility two defined in the beginning of this information.
There are literally all kinds of the way you possibly can assemble the supply of a secret message throughout distance and time. If you already know these instruments, assume onerous and punctiliously about all of the dangers and eventualities, a great plan will be made. Or, I’m out there to help.
Good luck, and blissful Bitcoining!
It is a visitor publish by Arman The Parman. Opinions expressed are totally their very own and don’t essentially replicate these of BTC Inc or Bitcoin Journal.
[ad_2]