Solved

How to encrypt a file.

Posted on 2013-11-16
6
841 Views
Last Modified: 2013-11-24
I want to simply encrypt a file using GnuPG on Windows 7 PC
gpg -c c:\aaa\test.txt
I get prompted for a passphrase...I enter it twice into the popup window.
File gets copied as test.txt.gpg (but the original file is sitting right beside it still, so I have to manually delete it) - so I delete it.
Now it is not very secure because someone can come along and right click the .gpg file and choose decrypt. And it does without asking for the very passphrase I applied to it.

How can I make it do the following:
encrypt the file with a passphrase and allow no way of opening it without entering the passphrase.
0
Comment
Question by:claghorn
6 Comments
 
LVL 36

Expert Comment

by:Mahesh
ID: 39654249
You can use zip category softwares (7Zip, Winzip) to set password on files.
Check below link.
http://www.howtogeek.com/170352/
http://windows.microsoft.com/en-in/windows-vista/can-i-protect-files-or-folders-with-a-password
0
 
LVL 14

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39654568
so I have to manually delete it - so I delete it.
If you did not securely delete it, then you'll need to overwrite that deleted data.  This can be done with the cipher command natively, or with the tools referenced below.

It appears that gpg-agent.exe is caching your symmetric key (password) in memory.  If you were to distribute your protected file, the symmetric key would be required to decrypt.

You can test this locally on your machine as follows:

gpg --symmetric --cipher-algo aes256 -o test.gpg test.txt
taskkill /f /im gpg-agent.exe
gpg -d test.gpg

Open in new window


Here's the switches supported by gpg-agent.exe

Syntax: gpg-agent [options] [command [args]]
Secret key management for GnuPG

Options:

     --daemon                     run in daemon mode (background)
     --server                     run in server mode (foreground)
 -v, --verbose                    verbose
 -q, --quiet                      be somewhat more quiet
 -s, --sh                         sh-style command output
 -c, --csh                        csh-style command output
     --options FILE               read options from FILE
     --no-detach                  do not detach from the console
     --no-grab                    do not grab keyboard and mouse
     --log-file                   use a log file for the server
     --use-standard-socket        use a standard location for the socket
     --pinentry-program PGM       use PGM as the PIN-Entry program
     --scdaemon-program PGM       use PGM as the SCdaemon program
     --disable-scdaemon           do not use the SCdaemon
     --keep-tty                   ignore requests to change the TTY
     --keep-display               ignore requests to change the X display
     --default-cache-ttl N        expire cached PINs after N seconds
     --ignore-cache-for-signing   do not use the PIN cache when signing
     --no-allow-mark-trusted      disallow clients to mark keys as "trusted"
     --allow-preset-passphrase    allow presetting passphrase
     --enable-ssh-support         enable ssh support
     --enable-putty-support       enable putty support
     --write-env-file FILE        write environment settings also to FILE

Please report bugs to <http://bugs.gnupg.org>.

Use the --default-cache-ttl switch to expire your cache as desired.

Regarding automatic secure removal on the original file, it seems the included GUI, Kleopatra, provides an option to remove the unencrypted file (not certain as of yet if removal is secure, however) although it doesn't appear the GPG command provides for this same functionality.

GUI
To be on the safe side, I'd use another utility such as SDelete to accomplish the same purpose.  Can copy the stand-alone executable to same folder as GPG4Win.

gpg --symmetric --cipher-algo aes256 -o test.gpg test.txt&sdelete -p 7 test.txt

Open in new window


Some other secure deletion apps are:
http://eraser.heidi.ie/
http://active-eraser.com/

Pick any one which meet is US Department of Defense 5220.22 M compliant or uses Gutmann's algorithm (if overly paranoid.)

See Secure File Deletion: Fact or Fiction?
http://www.sans.org/reading-room/whitepapers/incident/secure-file-deletion-fact-fiction-631
0
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39655394
If you're looking to encrypt local files for your own use, rather than for secure distribution,  TrueCrypt may be a better alternative for you.

See http://www.experts-exchange.com/Networking/Network_Management/Disaster_Recovery/Q_28295298.html#a39651525
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39657864
Understand encryption and the product before you use them, also it's Asymentric encryption  :)
http://www.experts-exchange.com/Security/Encryption/A_12134-Choosing-the-right-encryption-for-your-needs.html
GPG does make an encrypted version, and you do have to delete or move the original somewhere else. Also you have to be in charge of your keys so that they aren't just sitting around with the source. It's like password protecting an attachment in email and sending the password in the body.
-rich
0
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39657909
also it's Asymentric encryption
@richrumble

Actually, while PGP/GPG support both asymmetric and symmetric algorithms, the examples provided are strictly symmetric (e.g. CAST5, AES)

Hence...
gpg --symmetric --cipher-algo aes256 -o test.gpg test.txt

The default GPG cipher for file encryption is CAST5 (CAST-128), a symmetric block cipher.

PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and finally [asymmetric] public-key cryptography
http://en.wikipedia.org/wiki/Pretty_Good_Privacy

Granted, a higher degree of confidentiality could be obtained by encrypting the symmetric key with an asymmetric public key, generated by a much stronger cryptosystem such as RSA/DSA/Elgamal 2048-bit.

But let's not confuse the poor lad.  :0)
0
 

Author Closing Comment

by:claghorn
ID: 39673505
Yes, I have to kill the agent because it was caching the passphrase and using it at will.
And even when I reboot the computer the agent remains killed!
Which is good.

so:
gpg --symmetric --cipher-algo aes256 -o test.gpg test.txt
taskkill /f /im gpg-agent.exe

then to decrypt I use:
gpg --output test.txt --decrypt test.gpg

and it asks for the passphrase regardless if its from
some gui or from the command line. which is good.

Thanks.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now