How To Do Encryption, Decryption & Signing Easily With Seahorse [Linux]

privacylogo   How To Do Encryption, Decryption & Signing Easily With Seahorse [Linux]Encryption has been around for quite some time now. It is one of the preferred ways to keep data private and to sign content as coming from an authentic source. The other day I realized that I had forgotten the default keyring password for one of my Ubuntu installs and while trying to get it back to work I realized that Ubuntu (Gnome in general) has an excellent front end to GPG. It is called Seahorse.

All this while I had been using the terminal to encrypt a file or two when required. Seahorse makes the work so much easier by offering you a nice GUI to GPG. Under Ubuntu you can access Seahorse encryption via System > Preferences > Passwords and Encryption Keys. The menu entry is not entirely descriptive and you might write it off as a tool to manage stored passwords and encryption keys. Well Seahorse does that but it offers much more as we shall see.


First things first, lets set the ground a bit. If you don’t know about GPG here is a quick line or two, specially for you. GPG stands for Gnu Privacy Guard and it is a tool that you can use to encrypt information. GPG implements the OpenPGP, which sets the norms and rules as to how data should be encrypted so that it can be passed along safely. If that doesn’t make sense, don’t scratch your head too much. Just remember whenever I mention OpenPGP I am referring to a standard, and when I say GPG I mean the program/application/tool.

One important thing to realize is that a password along cannot solve the problem when dealing with sensitive information. There are tens of ways you can read a file without even entering the password let alone needing to crack the password.

The Public Key & The Private Key

These two terms used to confuse the heck out of me. Things have gone better now and I would try to put it in as simple words as I can. Whenever you need to encrypt any file or message using GPG you would create a set of keys. One of them is called the Public key and the other is called the Private key. Both of these are like two keys to the same lock, either of them can be used to encrypt the file or message, but – there is a twist. The twist being that If you encrypt the message using the Public key it can be unlocked using the Private key and if you encrypt the message using the Private key it can be unlocked using the Public key.

You might wonder, why use two keys in the first place. The answer to that will become clearer as you read ahead. For now remember that one of these keys is to be given to the recipient. Since you cannot actually use your handwriting or signatures you use GPG to “sign” messages. A signed message is accepted to be coming from the mentioned user and can be verified using the public key.

Let us see how you can use Seahorse:

Step 1: Create A key

Click File & New and choose PGP key. Enter in the required information. Leave the algorithm to DSA Elgamal if you are not sure about other options. You can bump up the strength if you want. With everything entered, click Create. You would then be prompted to enter a password or passphrase. Choose a real tough one, make it hard to guess, make it long. Remember a chain is only as strong as the weakest link and in this case the password/passphrase is the weakest link. At the same time, keep in mind that if you forget the passphrase all the information you encrypted using it would be lost.

newkey   How To Do Encryption, Decryption & Signing Easily With Seahorse [Linux]

Step 2: Publish The Public Key

As I explained above two types of keys are generated. A public key and a private key. The recipient. will need to have your public key before he can view any messages or files sent by you. Choose Remote > Sync and Publish keys. Choose a server, click close and then Sync. While the idea of putting your public key on a server might seem scary, it is completely safe and foolproof as we shall see.

publishkeys   How To Do Encryption, Decryption & Signing Easily With Seahorse [Linux]

Encrypt The File

Now that you have done all the hard work, encrypting the file is easy peasy. Right click on the file and choose Encrypt… In the window that pops up check all the recipients whom you want to be able to see the message/file. Also choose the account you would like to sign it as. Send it along. The intended recipients will be able to view the file after entering their own passphrase.

encrypt   How To Do Encryption, Decryption & Signing Easily With Seahorse [Linux]

Decrypt The File

Any file that was meant to be seen by you can be decrypted by entering your own passphrase. Keep in mind that you will need to have the sender’s public key. It is the combination of the fact that the message was meant for you plus you have the sender’s public key that makes it possible to decrypt the file and view its contents.

decrypt   How To Do Encryption, Decryption & Signing Easily With Seahorse [Linux]

If you are interested in not only seahorse encryption but all types, you might want to check out how you can create a private encrypted directory on your Linux system, if you would like to do all the above on Windows you might want to check out this.

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

4 Comments -

minh

seahorse is under application/accessories/passwords and encryption keys for Ubuntu 9.10 karmic koala. Nice guide btw :)

Cr0w

Any system that will allow the Public Key to decrypt a message encrypted with a Private Key is a flawed system and I seriously doubt that you are correct.

A Public key is used to encrypt and the Private Key to decrypt.
(Maybe it is possible to encrypt and decrypt with the Private Key….)

If a person requires a file to be encrypted, he need to publish or supply you with HIS Public Key, not yours.

Glen

Not flawed at all.
If I encrypt with my private key only, the recipient will be able to verify the sender ID by using my public key.
If I ONLY encrypt with the receiver’s public key, the sender ID is uncertain.
Encrypt with BOTH my private key AND the recipient’s public key, then the content is secure with a verified sender ID.