How To Do Encryption, Decryption & Signing Easily With Seahorse [Linux]

Varun Kashyap 09-01-2010

Encryption has been around for quite some time now. It is one of the preferred ways to keep data private and to sign content as coming from an authentic source. The other day I realized that I had forgotten the default keyring password for one of my Ubuntu installs and while trying to get it back to work I realized that Ubuntu (Gnome in general) has an excellent front end to GPG. It is called Seahorse.


All this while I had been using the terminal to encrypt a file or two when required. Seahorse makes the work so much easier by offering you a nice GUI to GPG. Under Ubuntu you can access Seahorse encryption via System > Preferences > Passwords and Encryption Keys. The menu entry is not entirely descriptive and you might write it off as a tool to manage stored passwords and encryption keys. Well Seahorse does that but it offers much more as we shall see.

First things first, lets set the ground a bit. If you don’t know about GPG here is a quick line or two, specially for you. GPG stands for Gnu Privacy Guard and it is a tool that you can use to encrypt information. GPG implements the OpenPGP, which sets the norms and rules as to how data should be encrypted so that it can be passed along safely. If that doesn’t make sense, don’t scratch your head too much. Just remember whenever I mention OpenPGP I am referring to a standard, and when I say GPG I mean the program/application/tool.

One important thing to realize is that a password along cannot solve the problem when dealing with sensitive information. There are tens of ways you can read a file without even entering the password let alone needing to crack the password.

The Public Key & The Private Key

These two terms used to confuse the heck out of me. Things have gone better now and I would try to put it in as simple words as I can. Whenever you need to encrypt any file or message using GPG you would create a set of keys. One of them is called the Public key and the other is called the Private key. Both of these are like two keys to the same lock, either of them can be used to encrypt the file or message, but – there is a twist. The twist being that If you encrypt the message using the Public key it can be unlocked using the Private key and if you encrypt the message using the Private key it can be unlocked using the Public key.

You might wonder, why use two keys in the first place. The answer to that will become clearer as you read ahead. For now remember that one of these keys is to be given to the recipient. Since you cannot actually use your handwriting or signatures you use GPG to “sign” messages. A signed message is accepted to be coming from the mentioned user and can be verified using the public key.


Let us see how you can use Seahorse:

Step 1: Create A key

Click File & New and choose PGP key. Enter in the required information. Leave the algorithm to DSA Elgamal if you are not sure about other options. You can bump up the strength if you want. With everything entered, click Create. You would then be prompted to enter a password or passphrase. Choose a real tough one, make it hard to guess, make it long. Remember a chain is only as strong as the weakest link and in this case the password/passphrase is the weakest link. At the same time, keep in mind that if you forget the passphrase all the information you encrypted using it would be lost.

seahorse encryption

Step 2: Publish The Public Key

As I explained above two types of keys are generated. A public key and a private key. The recipient. will need to have your public key before he can view any messages or files sent by you. Choose Remote > Sync and Publish keys. Choose a server, click close and then Sync. While the idea of putting your public key on a server might seem scary, it is completely safe and foolproof as we shall see.


seahorse encryption

Encrypt The File

Now that you have done all the hard work, encrypting the file is easy peasy. Right click on the file and choose Encrypt… In the window that pops up check all the recipients whom you want to be able to see the message/file. Also choose the account you would like to sign it as. Send it along. The intended recipients will be able to view the file after entering their own passphrase.

seahorse encryption

Decrypt The File

Any file that was meant to be seen by you can be decrypted by entering your own passphrase. Keep in mind that you will need to have the sender’s public key. It is the combination of the fact that the message was meant for you plus you have the sender’s public key that makes it possible to decrypt the file and view its contents.


seahorse encrypt file

If you are interested in not only seahorse encryption but all types, you might want to check out how you can create a private encrypted directory on your Linux system How To Encrypt Files in Linux with eCryptfs Read More , if you would like to do all the above on Windows you might want to check out this How To Easily Encrypt Email or Text Documents [Windows] Read More .

Related topics: Encryption, GNOME Shell, Online Privacy, Password, Ubuntu.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Shemar
    October 18, 2017 at 8:34 pm

    Haven't finished reading but your explanation is great gonna continue reading just stopped to show appreciation

  2. cka2nd
    November 5, 2016 at 5:59 pm

    I've created a private key in seahorse 3.10.2 but when I right-click on the folder that I want to encrypt, the "Encrypt" command is not there. Nor is it in the menu when I right-click on any of the files in the folder. Am I missing something or have the instructions and/or commands for encrypting folders changed? FYI, I'm using Linux Mint 17 Cinnamon 2.2.16.

  3. Nandu
    October 12, 2016 at 4:17 am

    As Cr0w suggested, your explanation is backwards.. people publish their public keys. so if you want to send a secret mail, you encrypt it with their public key and send. Since the private is known only to the guy ( hence private), only he can decrypt it. I guess seahorse does it correctly, but you got the explanation wrong.

  4. Cr0w
    March 18, 2010 at 6:59 am

    Any system that will allow the Public Key to decrypt a message encrypted with a Private Key is a flawed system and I seriously doubt that you are correct.

    A Public key is used to encrypt and the Private Key to decrypt.
    (Maybe it is possible to encrypt and decrypt with the Private Key....)

    If a person requires a file to be encrypted, he need to publish or supply you with HIS Public Key, not yours.

    • Glen
      March 30, 2010 at 6:21 am

      Not flawed at all.
      If I encrypt with my private key only, the recipient will be able to verify the sender ID by using my public key.
      If I ONLY encrypt with the receiver's public key, the sender ID is uncertain.
      Encrypt with BOTH my private key AND the recipient's public key, then the content is secure with a verified sender ID.

  5. minh
    January 9, 2010 at 3:47 pm

    seahorse is under application/accessories/passwords and encryption keys for Ubuntu 9.10 karmic koala. Nice guide btw :)