Encrypting Files ---------------- This is a FYI and you probably should keep this for future use. Any sensitive information, such as passwords both system and private should be stored in encrypted files, and NOT as plain text. PGP (Pretty Good Privacy) and GPG (Gnu PGP) is normally used for sending and recieving encrypted mail, but it can also be used for encrypting and decrypting files with individual passwords. The following are details on how you can encrypt and decrypt files using the PGP system. First you do NOT need to have a PGP public/private key for encrypting files, such keys are generally for the sending of encrypted mail, not files. However GPG will insist in creating empty keyrings, even though they are not needed. It is posible to encrypt a file with your public key so only your private key will decrypt, or their public key so only the private key thay created can decrypt, this is not what were will be dealing with here. Files encrypted with PGP are saved with the suffix ".pgp" (encrypted with IDEA) while GPG files are saved with ".gpg" (typically CAST5 encryption). Such a file is generally a binary file, though a option exists to create a ascii version (known as ``ascii armoured'') which could then be safly mailed. To do this a "-a" option is also given during encryption, no change to the decryption is needed. ---------------------------------------------------------------------------- To encrypt an existing plain text file... (using v2) pgp -c file (using v5) pgpe -c file (gnu PGP) gpg -c --force-mdc file The password to use to encrypt the file is asked for twice. And the commands can encrypt multiple files to the same passwd. The version 2 command may on first use ask you to just type a long phase to initialise its random number generator, This is a once only excercise. Version 5 does not require you to do this, but may complain about missing `keyrings', if you have not created your mail public and private PGP keys. Just ignore this. After encrypting you sould delete the original file rm file To decrypt the encrypted files back to normal use... (using v2) pgp file.pgp (using v5) pgpv file.pgp (gnu PGP) gpg file.gpg To just view a encrypted file safely (without saving the de-crypted file to disk) you can use any of the following. The version 5 is prefered as version 2 PGP creates a decrypted temporary file! (using v2) pgp -m file.pgp pgp -f < file.pgp | less (using v5) pgpv -m file.pgp pgpv < file.pgp | less (gnu PGP) gpg -o - t.gpg ------------------------------------------------------------------------------- For the users using VIM you can also directly edit a ".pgp" file by creating a .vimrc file with the following... .vimrc =======8<-------- " " General options " set nocompatible " Use Vim defaults like multi-undo (much better!) " Edit PGP (v5) encrypted files (.pgp) autocmd! BufReadPre,FileReadPre *.pgp set bin autocmd BufReadPost,FileReadPost *.pgp '[,']!pgpv -f autocmd BufReadPost,FileReadPost *.pgp set nobin autocmd! BufWritePre,FileWritePre *.pgp set bin autocmd BufWritePre,FileWritePre *.pgp '[,']!pgpe -fc autocmd BufWritePost,FileWritePost *.pgp undo autocmd BufWritePost,FileWritePost *.pgp set nobin " Edit GPG encrypted files (.gpg) autocmd! BufReadPre,FileReadPre *.gpg set bin autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg -o - autocmd BufReadPost,FileReadPost *.gpg set nobin autocmd! BufWritePre,FileWritePre *.gpg set bin autocmd BufWritePre,FileWritePre *.gpg '[,']!gpg -c --force-mdc -o - autocmd BufWritePost,FileWritePost *.gpg undo autocmd BufWritePost,FileWritePost *.gpg set nobin " Edit GZip files (.gz) autocmd! BufReadPre,FileReadPre *.gz set bin autocmd BufReadPost,FileReadPost *.gz '[,']!gzip -d autocmd BufReadPost,FileReadPost *.gz set nobin autocmd! BufWritePre,FileWritePre *.gz set bin autocmd BufWritePre,FileWritePre *.gz '[,']!gzip autocmd BufWritePost,FileWritePost *.gz undo autocmd BufWritePost,FileWritePost *.gz set nobin =======8<-------- You can now edit (read and write) an encrypted file with vim file.pgp or vim file.gpg This is a very safe way of updating a encrypted file as it is only decrypted in the editors buffer. Warning: some parts of the file may be saved temporarially unencrypted to a ".swp" file however. further precautions may be needed. As a reference the `edit gzip' was included here to allow you to to directly edit ".gz" files as well. :-) -------------------------------------------------------------------------------