How To Do Encryption, Decryption & Signing Easily With Seahorse [Linux]
Encryption has been around for quite some time now. It is one of the preferred ways to keep data private and to sign content as coming from an authentic source. The other day I realized that I had forgotten the default keyring password for one of my Ubuntu installs and while trying to get it back to work I realized that Ubuntu (Gnome in general) has an excellent front end to GPG. It is called Seahorse.
All this while I had been using the terminal to encrypt a file or two when required. Seahorse makes the work so much easier by offering you a nice GUI to GPG. Under Ubuntu you can access Seahorse encryption via System > Preferences > Passwords and Encryption Keys. The menu entry is not entirely descriptive and you might write it off as a tool to manage stored passwords and encryption keys. Well Seahorse does that but it offers much more as we shall see.
First things first, lets set the ground a bit. If you don’t know about GPG here is a quick line or two, specially for you. GPG stands for Gnu Privacy Guard and it is a tool that you can use to encrypt information. GPG implements the OpenPGP, which sets the norms and rules as to how data should be encrypted so that it can be passed along safely. If that doesn’t make sense, don’t scratch your head too much. Just remember whenever I mention OpenPGP I am referring to a standard, and when I say GPG I mean the program/application/tool.
One important thing to realize is that a password along cannot solve the problem when dealing with sensitive information. There are tens of ways you can read a file without even entering the password let alone needing to crack the password.
The Public Key & The Private Key
These two terms used to confuse the heck out of me. Things have gone better now and I would try to put it in as simple words as I can. Whenever you need to encrypt any file or message using GPG you would create a set of keys. One of them is called the Public key and the other is called the Private key. Both of these are like two keys to the same lock, either of them can be used to encrypt the file or message, but – there is a twist. The twist being that If you encrypt the message using the Public key it can be unlocked using the Private key and if you encrypt the message using the Private key it can be unlocked using the Public key.
You might wonder, why use two keys in the first place. The answer to that will become clearer as you read ahead. For now remember that one of these keys is to be given to the recipient. Since you cannot actually use your handwriting or signatures you use GPG to “sign” messages. A signed message is accepted to be coming from the mentioned user and can be verified using the public key.
Let us see how you can use Seahorse:
Step 1: Create A key
Click File & New and choose PGP key. Enter in the required information. Leave the algorithm to DSA Elgamal if you are not sure about other options. You can bump up the strength if you want. With everything entered, click Create. You would then be prompted to enter a password or passphrase. Choose a real tough one, make it hard to guess, make it long. Remember a chain is only as strong as the weakest link and in this case the password/passphrase is the weakest link. At the same time, keep in mind that if you forget the passphrase all the information you encrypted using it would be lost.
Step 2: Publish The Public Key
As I explained above two types of keys are generated. A public key and a private key. The recipient. will need to have your public key before he can view any messages or files sent by you. Choose Remote > Sync and Publish keys. Choose a server, click close and then Sync. While the idea of putting your public key on a server might seem scary, it is completely safe and foolproof as we shall see.
Encrypt The File
Now that you have done all the hard work, encrypting the file is easy peasy. Right click on the file and choose Encrypt… In the window that pops up check all the recipients whom you want to be able to see the message/file. Also choose the account you would like to sign it as. Send it along. The intended recipients will be able to view the file after entering their own passphrase.
Decrypt The File
Any file that was meant to be seen by you can be decrypted by entering your own passphrase. Keep in mind that you will need to have the sender’s public key. It is the combination of the fact that the message was meant for you plus you have the sender’s public key that makes it possible to decrypt the file and view its contents.
If you are interested in not only seahorse encryption but all types, you might want to check out how you can create a private encrypted directory on your Linux system , if you would like to do all the above on Windows you might want to check out this .