If a file isn't secret but you still need to ensure authenticity and integrity, you can just sign it without encrypting it:
- Create an unencrypted message for Frank and then sign it:
donnie@ubuntu:~$ gpg -s not_secret_for_frank.txt
You need a passphrase to unlock the secret key for
user: "Donald A. Tevault <[email protected]>"
2048-bit RSA key, ID 9FD7014B, created 2017-10-27
gpg: gpg-agent is not available in this session
donnie@ubuntu:~$ ls -l
. . .
-rw-rw-r-- 1 donnie donnie 40 Oct 27 19:30 not_secret_for_frank.txt
-rw-rw-r-- 1 donnie donnie 381 Oct 27 19:31 not_secret_for_frank.txt.gpg
Just as before, this creates a .gpg version of the file.
- Send the message to Frank.
- Log in as Frank. Have him try to open it with less:
frank@ubuntu:~$ less not_secret_for_frank.txt.gpg
"not_secret_for_frank.txt.gpg" may be a binary file. See it anyway?
<A3>^A^Av^A<89><FE><90>^M^C^@^B^A<88>o3W<9F><D7>^AK^A<AC>Fb^Xnot_secret_for_frank.txtY<F3><C1><C0>This isn't secret, so I just signed it.
<89>^A^^D^@^A^B^@^F^E^BY<F3><C1><C0>^@
. . .
. . .
<D3>K<E5>^G<8E><90>d<8C><DA>Aɱb<86><89><DA>S<B6><91><D8><D2><E0><B3>K<FC><9E>
<ED>^@*<EF>x<E7>jø<FD><D3><FA><9A>^]
not_secret_for_frank.txt.gpg (END)
- There's a lot of gibberish there because of the signature, but if you look carefully, you'll see the plain, unencrypted message. Have Frank use gpg with the --verify option to verify that the signature really does belong to you:
frank@ubuntu:~$ gpg --verify not_secret_for_frank.txt.gpg
gpg: Signature made Fri 27 Oct 2017 07:31:12 PM EDT using RSA key ID 9FD7014B
gpg: Good signature from "Donald A. Tevault <[email protected]>"
frank@ubuntu:~$
This wraps it up for our discussion of encrypting individual files. Let's now take a look at encrypting block devices and directories.