Protecting your private key with the OpenPGP smartcard

Encrypted Email

Once you complete the somewhat complex configuration steps, sending encrypted email is far easier. Click the Write button in the main window in Thunderbird as usual. To encrypt your email, select Security | Require Encryption from the menu.

You can also sign your email, either in addition to encryption or without encryption. To sign a message, opt for Security | Digitally Sign this Message. To send your email, place your OpenPGP smartcard in the card reader and click Send. Thunderbird will now ask you for the PIN for your card and the password for your key. Provide both, and the email is on its way to the recipient.

Encrypting Files

The most common application for GnuPG is probably encrypting and signing emails, but GnuPG also lets you protect files against prying eyes, both asymmetrically and symmetrically. That is, files that you want to pass on to another person, as well as files that you want to encrypt in storage on your own PC.

If you want to pass a file to another person, use the command from Listing 4, Line 1. This command tells GnuPG to asymmetrically encrypt the file named at the end of the command so that only you and the recipient with the email address user@example.com can decrypt the file using their own GnuPG key.

Listing 4

Passing a File

01 gpg --output file.gpg --encrypt --recipient user@example.com file_name
02 gpg --output file.gpg --symmetric file_name
03 gpg --output file_name --decrypt file.gpg

If you want to encrypt the file symmetrically instead, i.e., not pass it on, use the command from Listing 4, Line 2. In this case, GnuPG will ask you for a password to encrypt the file. In both cases, you unlock the encrypted file.gpg file with the command from Listing 4, Line 3.

Conclusions

GnuPG boosts the security of email traffic and encrypts important files. You can use GnuPG even more securely with an OpenPGP smartcard. The one-off setup is a little more complicated, but once everything is configured, the encryption process is quite effortless and will be easy to build into your routine.

If you need a digital password safe and a generator for one-time passwords in addition to the functions described in this article, it is worth taking a look at the Nitrokey Pro 2 (p. 24 of this issue), which also comes with an integrated OpenPGP card in addition to these functions. However, keep in mind that these additional functions mean the Nitrokey is considerably more expensive.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Secretive

    KDE Kleopatra, a front end for the GNU PrivacyGuard command-line program, lets you sign and encrypt email for more secure communication.

  • Enigmail

    Combining the Enigmail add-on and the GnuPG encryption software gives Thunderbird users a powerful tool for encrypting and signing email.

  • GPG Key Management

    PGP/GnuPG is becoming increasingly popular, thanks to digital crime and government surveillance. We take a look behind the scenes and show how you can keep your keyring current and valid.

  • Nitrokey Pro 2

    The Nitrokey Pro 2 is a small device that covers a wide range of cryptographic functions.

  • Encrypting Email

    The leading email applications include new features for helping users secure and authenticate their mail messages, but each tool has a different approach to handling tasks such as signing and encryption. This article describes how to add encryption and digital signatures to the Thunderbird, Kmail, and Evolution mail clients.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News