If you will be transferring a secret file from one file system to another, you might want to protect the file from theft or exposure during the transfer. This could be an encryption key file for decrypting a multi-challenge encrypted file system or similar secret file, that are to be transferred on an unencrypted storage medium, such as an USB stick with EXFAT, NTFS or MSDOS file system on it. If you will be using the GNU Privacy Guard (GPG) without GPG key pairs, then you can encrypt with a symmetric cipher by specifying a pass phrase.

Encrypting with symmetric cipher

If you will be using GPG without GPG key pairs, then you can encrypt with a symmetric cipher by specifying a pass phrase. In cryptography, this means, that the same pass phrase will be used to encrypt and decrypt. The user, who will encrypt the file, will choose a pass phrase, which will be used to write a new encrypted file, that contain the secret file. The pass phrase should be as long and non-dictionairy complex as possible. The default cipher is AES-128.

$ gpg --symmetric keyfile.bin

The encrypted file can now be transferred safely.

$ ls keyfile.bin.gpg

You can test, that the file can be decrypted and compare it to the original file.

$ gpg --yes --output keyfile.bin.decrypted --decrypt keyfile.bin.gpg
$ cmp -s keyfile.bin keyfile.bin.decrypted && echo "Pass" || echo "Fail"

The encrypted file can be decrypted on the target file system by anyone, who know the pass phrase, that was used to encrypt the file. It is not required, that the target user has a GPG key pair.

$ gpg --yes --output keyfile.bin --decrypt keyfile.bin.gpg

The decrypted secret file can now be used.

$ ls keyfile.bin

References

Published by Micski

Micski lives in Copenhagen, which is the capitol city of Denmark, where he's a system administrator of information technology and a semi-professional poker player.