diff options
Diffstat (limited to 'src/content/docs/guides/encrypt-decrypt-text.md')
| -rw-r--r-- | src/content/docs/guides/encrypt-decrypt-text.md | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/src/content/docs/guides/encrypt-decrypt-text.md b/src/content/docs/guides/encrypt-decrypt-text.md new file mode 100644 index 0000000..a8db7af --- /dev/null +++ b/src/content/docs/guides/encrypt-decrypt-text.md @@ -0,0 +1,146 @@ +--- +title: Encrypt & Decrypt Text +--- + +The processes of encryption and decryption are fundamental to ensuring the +privacy and security of digital communications. GpgFrontend, a graphical +interface for GnuPG, simplifies these operations, making it accessible for users +to securely encrypt and decrypt text. Before diving into the specifics of how +GpgFrontend facilitates these operations, it's essential to understand the +underlying concepts and the prerequisites for encryption and decryption. + +Encryption is the process of converting plain text into a scrambled format known +as ciphertext, which is unreadable to anyone except those who possess the +correct key to decrypt it. This transformation is done using an encryption +algorithm and a key. In the context of GpgFrontend and most modern encryption +practices, this key is the recipient's public key. A public key is part of a key +pair that includes a private key; together, they are used in asymmetric +encryption, a cornerstone of modern cryptography. + +To initiate encryption with GpgFrontend, the sender must first have access to +the recipient's public key. This key is used to encrypt the message, ensuring +that only the recipient, who holds the corresponding private key, can decrypt +and read the message. The public key can encrypt messages, but cannot decrypt +them. This is a crucial aspect of asymmetric cryptography: it allows anyone to +send encrypted messages to the key owner without being able to decrypt messages +encrypted with that same public key. + +Generating a key pair is the first step in being able to engage in these secure +communications. This process usually involves choosing a key type and size, with +larger keys offering higher security. Once generated, the key pair consists of a +private key, which must be kept secure and confidential, and a public key, which +can be shared with anyone who wishes to send you encrypted messages. + +Decrypting a message with GpgFrontend requires the private key corresponding to +the public key used for encryption. Upon receiving an encrypted message, the +recipient uses their private key with GpgFrontend to decrypt the ciphertext back +into readable plain text. This decryption process is secure because the private +key is never shared, and it is computationally infeasible for an attacker to +derive the private key from the public key or the encrypted message. + +GpgFrontend streamlines these operations, providing a user-friendly interface +that abstracts the complexities of cryptographic operations. Users can easily +import public keys, encrypt messages or files for specific recipients, and +decrypt incoming messages or files using their private keys. This makes +GpgFrontend an invaluable tool for anyone needing to secure their digital +communications, from sensitive personal correspondence to confidential business +communications. + +In summary, encryption and decryption with GpgFrontend rely on the foundational +principles of asymmetric cryptography, where a public key is used for +encryption, and a corresponding private key is used for decryption. Before +engaging in these operations, users must generate a key pair and share their +public key with those from whom they wish to receive encrypted messages. This +setup ensures that only intended recipients can read the contents of encrypted +communications, providing a robust framework for privacy and security in the +digital age. + +## Encrypt + +The Encrypt operation itself uses a public key and does not require a private +key. Remember that whoever you want to send it to encrypts it with whose public +key. For people who don't use gpg very often, they often get confused and use +their own keys to encrypt ciphertext. + +### Only Encrypt + +In this case, you only encrypt the ciphertext, which results in a shorter +ciphertext. This is because the ciphertext does not contain additional signature +information that identifies the encryptor. If you do not want the recipient to +know your identity, use this method to generate your ciphertexts. + +After the encryption operation, no additional information will be displayed in +the information board except for a prompt indicating whether the operation was +successful. + + + +### Encrypt Sign + +To encrypt and sign text, you need to first prepare the plaintext and have a +public key that can perform encryption operations. The public key used for +encryption should belong to the intended recipient, not yourself. It is +important to verify that the recipient's public key has cryptographic +capabilities for encryption before proceeding. + +If you want the recipient to know that the ciphertext is from you, you can also +choose to sign the text while encrypting it. This ensures that the decrypted +text is credible and comes from your hand. This method is commonly used when +both parties need to ensure the authenticity of the decrypted text, and +typically in scenarios where both parties know each other. + +To encrypt and sign at the same time, select the public key(s) you need to use +for encryption, and during the encryption process, select the private key you +need to use for signing. This private key should belong to you and should have +the capability for signature operations. You can verify this by checking the +usage column in the key toolbox on the right (letter S stands for signature). + +The ciphertext generated by this operation is longer than ciphertext generated +by only encryption because of the additional signature information attached to +it. After the operation is complete, information about the cryptographic and +signature operations will be displayed in the Infomation Board, including +information about the signature pattern and algorithm used. + +To verify the authenticity of the ciphertext before decryption, you can use the +validate operation. Once the ciphertext is verified, you can proceed with +decryption using your private key. + + + +## Decrypt + +When decrypting the ciphertext, you can simply paste the obtained ciphertext +into GpgFrontend, and it will automatically select the appropriate private key +for decryption. It is important to note that decryption must be performed with +the private key associated with the public key used for encryption. + + + +When decrypting a ciphertext, it is not necessary to check the usage column in +the key toolbox to determine if the key is valid for decryption. Instead, you +need to use a valid private key that corresponds to the public key used for +encryption. You can identify whether a key is a public key or a private key by +checking the type column in the key toolbox. If all your local keys are not +valid for decryption of the ciphertext, the program will display a decryption +failure message. + +## Decrypt Verify + +During decryption with verification, gpg will check the signature attached to +the ciphertext to ensure its authenticity. This provides an additional layer of +security and helps to prevent tampering with the encrypted message. + +To perform decryption with verification, you need to select a file with a ".gpg" +or ".asc" extension, which contains the ciphertext and signature content. If the +signature is valid, gpg will decrypt the message and display it in plain text. +Otherwise, it will display an error message indicating that the signature is not +valid. + +It is important to note that whether a key pair can be used for verification +will not be displayed in the usage column. Instead, you need to remember that a +valid public key can be used for verification. Therefore, it is a good habit to +always verify the signature during decryption, regardless of whether the +encryptor has signed in advance. This helps to ensure the authenticity and +integrity of the decrypted message. + + |