11

I'm producing an update for some systems and I want to encrypt the updates for keeping confidentiality, integrity and validity of my signature. I want to encrypt the file with my private key and send them to my client so that they can decrypt it with my public key. But the way GPG works is encryption with public and decrypt with private. I don't want to send my private key so that I can change it and send public key to anyone else . Any idea how to do that???

umläute
  • 28,885
  • 9
  • 68
  • 122
Hamid Reza Moradi
  • 429
  • 2
  • 4
  • 11
  • *But the way GPG works is encryption with public and decrypt with private.* Surely not. That would require publishing your private key which would *never* be done. Where did you draw that conclusion from? – scai Jan 21 '13 at 09:32
  • 1
    This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Information Security Stack Exchange](http://security.stackexchange.com/) would be a better place to ask. Also see [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306). – jww May 11 '15 at 07:00

5 Answers5

25

What you mean is not called "encryption" but "signing" in gpg lingo.

Signing is basically encrypting with your private key and decrypting with the public key.

Use

 gpg --sign myfile.ext

Or use your email-client's signing capabilities.

Signing will obviously allow anybody who has access to your "public" key to read the contents of your file (and since a "public" key is usually, well..., public, this will allow everybody to decypher the content).

If you are looking for a method, where only the recipient can decode the content, then you need to encrypt the data in a way where only the recipient has access to the decrypting token. obviously the recipient need to have such a token (that is: you encode with their public key, so they can decode with their private key)

UPDATE

To make it simple: if you want to guarantee integrity (that is: the recipient knows for sure, that the data comes from you and nobody else), you need to sign the data. If you want to guarantee confidentiality (that is: only your recipient can read the data), you need to encrypt the data.

Both signing and encryption are really the same thing. The only difference is, who has access to the keys.

With signing, you use your private key to encrypt the data, and it can be decrypted with your public key (and since everybody has access to the public key, everybody can decrypt it, and thus everybody can validate that the data has been signed by you)

With encrypting, you use your recipients public key to encrypt the data, and they use their private key to decrypt it (so only they can read it; but everybody can send them an encrypted datum, they have no guarantee that it really comes from the sender, but it is guaranteed that only they can read it).

If you need both confidentiality and integrity, you need to do both signing and encryption, and for this to work, both you and your recipients need to have a (different) public/private key pair.

CONCLUSION

Since both signing and encrypting are the same thing, you can use both to guarantee validity and integrity of your data, as long as you have full control over the availability of the keys involved.

umläute
  • 28,885
  • 9
  • 68
  • 122
  • He wants *confidentiality* so he needs to encrypt the information. Signing it only would allow others to read it. – scai Jan 21 '13 at 07:57
  • 2
    It is exactly what I need, but are you sure that signing keep the confidentiality of the content as long as public key is not available in this case? – Hamid Reza Moradi Jan 21 '13 at 08:14
  • to repeat: confidentiality can only be granted if the recipient is the only party in possession of the decyrpting token. if both tokens are held confidential, then data transimission is confidential. *there is no real difference whether you use keyA to encode and keyB to decode or the other way round*. usually however, one of the keys (named `public`) is published somewhere (hence the name). if you don't publish it (but give it to your recipient via some other *secure* way) then this is just as save as anything. – umläute Jan 21 '13 at 08:21
  • 2
    I tested this method. It don't keep confidentiality and only sign the package. data will transfer as clear text between machines. any other ways? I create a file with some text and I sign it with gpg --sing text.txt then I vi text.txt.gpg and I saw my text are clearly there – Hamid Reza Moradi Jan 21 '13 at 08:23
  • the strength of the usual public/private encryption (where all *public* keys are available to everybody, and all *private* keys are only available to their owners), is that you don't need *another secure way* to give the recipient the decyphering token. the drawback is, that they have to setup a public/private key pair and publish their private key. – umläute Jan 21 '13 at 08:24
  • 1
    thanks for your posts umlaeute. I'm disagree with some parts of your answer: "with signing, you use your private key to encrypt the data, and it can be decrypted with your public key " I believe that sign doesn't encrypt content at all(with or without public key) if i could encrypt with my private key so the user could have best of both world, encrypted content along with validity of my signature because they could open it with my public key. so I asked the question because I though they could be some way to do that. the clarification you provide didn't solved my problem. – Hamid Reza Moradi Jan 21 '13 at 09:10
  • @Hamid_Reza_Moradi, you need not believe me :-) but if *I* use `--sign' with my gpg implementation (1.4.12; as packaged in Debian), the resulting file (`myfile.ext.gpg`) is definitely encrypted. probably your version of `gpg` uses `clearsign` or `detach-sign` (as hinted by @lanzz) as the default for signing; feel free to report a bug with gpg or upgrade your version. – umläute Jan 21 '13 at 09:15
  • 2
    look at this example: echo "it is a test" > test2.txt ; gpg --sign test2.txt ; cat test2.txt.gpg ���A��b test2.txtP ;it is a test �P ; �Ym m���>L&��KEȽC��h@��!��W ׿K����v�j��y�{�-6&ԄMByX���I-ǃ���!�R��p�(Tc������w�yA��zC���uzH�Yܖ�{�8�L�=�?Oc������q�DU�( �hX�yd�8�G {Ҙ,)�y+���Ko����Q`�����8��(^�\�����d�)Kb – Hamid Reza Moradi Jan 21 '13 at 09:30
  • Using `--sign` allows to decrypt the message using the *public* key. As the name already suggests, the *public* key is not a secret key but usually known to others. If you want confidentiality then you should not encrypt using the *private* key and hide the *public* key but use another shared secret instead. – scai Jan 21 '13 at 09:41
  • 4
    I just noticed that the `--sign` of my gpg (1.4.11 from Ubuntu) doesn't produce an encrypted document (that would require specifying `--sign` and `--encrypt` to encrypt it for a specific recipient according to the manpage). That is, you can use `--decrypt` to read the plaintext *without* having the public key, you just can't check whether the signature is correct or not. So @HamidRezaMoradi is correct and a single `--sign` cannot be used to provide confidentiality here (the plaintext just gets *compressed* but not *encrypted*). – scai Jan 21 '13 at 10:33
  • 2
    I just went through all this independently and can confirm signing does not encrypt the payload. It's really easy to see if you add "--compress-level 0" on your --sign command, since that disables the compression and the result is your clear text merely wrapped with the signature. – Peter Hansen Feb 05 '15 at 05:10
9

It is not true that GnuPG requires you to publish your private key in order to encrypt a document. You should never publish your private key to anyone.

GnuPG supports two different encryption methods, asymmetric and symmetric encryption.

Asymmetric encryption requires to to know the public key of your recipient. This is usually not a problem because as the name already suggests these keys are not a secret but known to everyone. For decrypting it again only the private key can be used which is known only to your recipient. Asymmetric encryption using GnuPG is done with the --encrypt option.

If you don't know the public key of your recipient then you can use symmetric encryption where both parties share the same key. This requires a secure channel for transmitting the shared secret, of course. For symmetric encryption, use the --symmetric option. Neither a public nor a private key is required here but the secure exchange of the shared key makes symmetric encryption prone to attacks.

If you just need integrity and accountability (the document can't be modified without detecting it and you are able to verify who created/signed it) then you can use the --sign option to create a signature using your private key. Everybody having access to your public key can check this signature to verify both integrity and accountability. But note that everybody can read your original message content because this signature is no encryption. The resulting .gpg-file looks like binary data but only contains compressed but not encrypted text. You can also disable compression by specifying --compress-level 0 and you will see that the output file contains your original message in plaintext. So don't use this option if you want confidentiality.

scai
  • 20,297
  • 4
  • 56
  • 72
2

I am working on a similar problem: distribute software updates from a central source to be applied to many end-users in the field. End users need to validate that the update came from the official source (signed with private key), but I also want the update to travel confidentially (encrypted).

In the cryptography course I had at University ~30 years ago now, they taught that encrypting with one's private key was the same thing as signing a message - when the recipient decrypts using the public key, the fact that they do not get gibberish confirms use of the private key to encrypt. This also provides a measure of confidentiality if the public key is kept "close to the vest," which would be my preferred implementation.

As mentioned by others, I have confirmed that the gpg --sign operation does not encrypt the message, the message is visible in plaintext in the signed file. To use gpg to accomplish both certain authenticity with a signature from the private key, and a reasonable measure of confidentiality, I have settled on the solution of giving the field based receivers their own key pair, in addition to the public key of the update distributor. This isn't a terribly secure solution, anyone can reverse engineer a device in the field and get ahold of the "secret" key that it will hold, with that they can decrypt the signed update message and see its cleartext contents. What they cannot do is create a file with the distributor's secret key signature on it, and so they cannot make an update of their own that will be accepted by the devices in the field which are looking for both encryption with their public key, and a signature from the update distributor's privately held key.

It's a matter of degrees of exposure. The updates in transit are secure from anyone who does not have access to an endpoint device to reverse engineer. With physical access to an endpoint (something we cannot prevent), they will eventually be able to reverse engineer the installed software, and even the updates themselves, but they will never be able to sign their own update and push it to un-compromised machines. At least as long as RSA is secure.

Joe Merchant
  • 21
  • 2
0

Simple answer: forget the idea of keys. You only need a shared secret passphrase. So get together with your client. Call them on the phone. Or if you're paranoid, do it face to face. Agree on a passphrase you will share and keep it as secret as you need to. Based on my experience, I recommend using diceware together to pick a shared passphrase. Both of you keep a secure copy of that shared secret. If you're paranoid, don't write it down—memorize it! Now you can encrypt anything using that shared secret as the passphrase. Any symmetric encryption tool can do that for you, including GPG.

tbc0
  • 1,563
  • 1
  • 17
  • 21
-5

You might need to have a separate key pair for that explicit purpose, and distribute the private key, while keeping the public key secret (yes, it's kind of backwards with regard to the terms); then you just encrypt the updates normally with the public key, and your recipients can decrypt them with the private key.

lanzz
  • 42,060
  • 10
  • 89
  • 98
  • the problem here is that when you export your private key your public key will transfer too and you can't even delete a public key without removing its private key first – Hamid Reza Moradi Jan 23 '13 at 08:06