How to encrypt data in Linux using gpg and open SSL

1 Introduction

Encryption is the process of encoding messages or information in such a way that only authorized parties can read them. With almost no privacy in this digital generation of our’s, encryption of our data is one of the most required tools. Most of the applications like Gmail encrypt our data, but the data on your system is still unsecured and there are hackers or unauthorised users waiting to access them.

When you are building many other applications using various Linux based devices, you still have to take care of the data on it. One way to minimize the risk of data theft is to encrypt the data that is present even on our local system.

Now there is another very interesting topic called steganography. This involves hiding data. The key difference between encryption and steganography is that, in encryption, you know there is data but you cannot make any sense out of it. And decryption is the only way you can read the actual data. However, in steganography, you won’t even know that the data actually exists. it’s hidden in plain sight. You can easily build your own steganography tool in python.

This tutorial demonstrates several methods of encrypting the data on Linux systems using command line tools.

2 Encryption using GPG

2.1 GPG Introduction

GPG stands for GNU Private Guard which is a command line utility that is used to encrypt and decrypt data files or folders using either symmetric or public key encryption. GPG is a GPL Licensed alternative to the PGP cryptographic software suite. GPG is used by OpenPGP-compliant systems as well.

2.2 Encryption using Symmetric Key

Here I have a file named “test.txt” that I will encrypt and then decrypt with a symmetric key and print the decrypted text into another file called “output.txt”.

Run the following command to encrypt the file test.txt using a symmetric key. The option “-c” indicated the GPG to use symmetric keys.

gpg -c test.txt

The result of this will look like the image below. The first time when GPG is run, a .gnupg folder is created. It contains the files that are necessary for the encryption process. It then asks you to enter a passphrase twice. Please make sure that you enter a strong passphrase and that you remember it as you need this in future to decrypt your files.

So, once the passphrase is entered correctly, a file called “test.txt.gpg” is created. This is the encrypted file. The following image shows the file before and after encryption.You can see that the encrypted text is in an unreadable format.

Use the following command to decrypt the encrypted file

gpg -o output.txt test.txt.gpg

You will be prompted to enter the passphrase used to encrypt. Once you enter that correctly, “output.txt” file will be created with the same contents as that of “test.txt”. The output of decryption might look similar to the image below:

2.3 Public Key Encryption

Here we will encrypt a set of files using the public / private key encryption mechanism of GPG. It involves creation of a private key which should never be shared with anyone and a public key that has to be shared with the people who want to send you encrypted data. Public key cryptography is a very interesting topic. You can read about it in detail here.

First, we will have to pack the files into a compressed folder. Here I have a directory called “enctest”with three files test1.txt to test3.txt .We will compress this directory tar.gz file. I wll use the following command to create the compressed tar.gz archive:

tar czf files.tar.gz ~/enctest

This creates a file “files.tar.gz” . We now have to generate the public/private key pair. Run the following command to generate the key:

gpg –gen-key

Remember, this has to be done only once and any number of files and folders can be encrypted with this key. Once you type this command, various set of questions will be asked. The questions will be:

  • What kind of encryption to use? I selected 1 which is RSA and RSA.
  • What should be the key size? I chose 2048, you can choose any size in the range of 1024 and 4096.
  • When should the Key expire? I selected 0 , which means that the key never expires. But can provide days, weeks or years if you want it to expire in a particular time.

Other things like passphrase will be asked, you will be prompted to enter it twice. Make sure you use a strong one and that you remember the passphrase. Also your credentials will be used. The credentials that I have used here (provided below) are just for testing. It is recommended that you use your genuine credentials like name, email ID and provide some comment.

The following content shows my answer and how the output will be:

gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: John Doe
Email address: johndoe@somemail.com
Comment: tis is key generation
You selected this USER-ID:
    "John Doe (tis is key generation) <johndoe@somemail.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

Once you enter the passphrase, it begins to generate the key. It will ask you to do some work. It is recommended to move the mouse or type something or use the drives to open some files. It will use this work to generate random bits. You may have to do this multiple times. The output for me is shown below:

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 187 more bytes)
+++++
...+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 92 more bytes)
.....+++++

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 114 more bytes)

+++++

Once done, the key has been generated. It will look similar to the content below:

gpg: /home/akshay/.gnupg/trustdb.gpg: trustdb created
gpg: key FA2314B6 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   2048R/FA2314B6 2015-04-02
      Key fingerprint = 5A02 5D77 3E0A 8B69 8086  3032 DE51 6EA5 FA23 14B6
uid                  John Doe (tis is key generation) <johndoe@somemail.com>
sub   2048R/6F78E642 2015-04-02

There are two important things here: provide a strong passphrase and make sure to remember your passphrase

Now that the keys are generated, we will now have to export the public key file for importing it on other systems or to send it by email. To start the export, use the following command:

gpg –armor –output file-enc-pubkey.txt –export ‘John Doe’

Replace ‘John Doe’ with the name you used while generating the key.

It is also recommended to take a backup of the private key. We can use gpg to do that. To take the backup, use the following command:

gpg –armor –output file-enc-privkey.asc –export-secret-keys ‘John Doe’

Here the file “file-enc-privkey.asc” will hold the backup of the private key safely. Once exporting and key backup is complete, we can now encrypt and decrypt the .tar.gz file. Use the following command to encrypt:

gpg –encrypt –recipient ‘John Doe’ files.tar.gz

Remember to change ‘John Doe’ in the above command to the name given by you during key generation, else the encryption will fail. When the command runs successfully, an encrypted file called “files.tar.gz.gpg” will be created.

Now we can decrypt the tar.gz archive using the following command. It will use the private key along with the passphrase to decrypt and provide the decrypted folder. Use the following command to decrypt:

gpg –output output.tar.gz –decrypt files.tar.gz.gpg

The above command will ask for the passphrase and then decrypt the encrypted file and create a compressed file named “output.tar.gz” which can then be extracted to folder with tar to get back the files. The following image shows the output of encrypting and decrypting commands:

2.4 Why GPG?

GPG supports both: public key encryption and symmetric encryption and this provides a good amount of flexibility and can be used for a wide range of applications. There isn’t a need to provide any kind of sensitive information and also gpg can have any number of encryptors by using the public key. Choice is given to the user to select from multiple encryption algorithms. These reasons make it a very useful security tool to for encryption of files and folders or data.

Interested in Security, there is no better way to learn than knowing how to breach security:  Learn from experts on ethical hacking and how people and data can be manipulated to gain unauthorised access to private data :

Ethical Hacking By experts

3 Encryption using OpenSSL

3.1 Introduction to OpenSSL

The OpenSSL project is a collaborative effort to develop a robust, commercial-grade, full-featured and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS) protocols as well as a full-strength general purpose cryptographic library. OpenSSL is available for most Unix-like operating systems and it is based on SSLeay. OpenSSL supports also many SSH, SFTP, and SCP applications. Here we use OpenSSL to encrypt data by making use the asymmetric encryption and the AES cipher. Symmetric encryption can be used for encrypting bigger files or data.

3.2 Generating the Public and Private keys

The first thing we have to do is generate the public and private keys.We first generate the private key. To do so, use the following command:

openssl genrsa -out private_key.pem 1024

The above command instructs OpenSSL to use RSA to generate a private key with a size of 1024 bytes. The key is then stored securely within a file called “private_key.pem”. The output of this command will look similar to the image below:

Once the private (the secret) key is generated, we can use that to generate the public key so that they form a pair. Use the following command to generate the public key:

openssl rsa -in private_key.pem -out public_key.pem -outform PEM -pubout

It will look like the image below:

3.3 Encrypting data

We can now use the public key to encrypt data. Here we will encrypt the file “test.txt” and store the encrypted text in the file encrypt.dat. Execute the following command:

openssl rsautl -encrypt -inkey public_key.pem -pubin -in encrypt.txt -out encrypt.dat

The following images show the text file before and after encryption:

3.4 Decrypting data

Here we use the private key to decrypt the file. Run the following command:

openssl rsautl -decrypt -inkey private_key.pem -in encrypt.dat -out decrypt.txt

The file decrypt.txt will contain the decrypted data. The execution of the above command and also the file content is shown in the image below:

Source : My article from HowtoForge
Advertisements

Search Wikipedia from Command Prompt

This tutorial shows how to quickly setup python scripts to search Wikipedia  right form the terminal.  This would be ideal for people who want to quickly read up on a topic without having to open a browser , wait for it to load and search. Terminal would do the job more quickly and efficiently.

The way to solve this is to use the Wikipedia API  to send a http request to the website as a query action in json format and get the response is back as a json Object. This could be implemented using the request  module in python.

The next step is to parse this response json object. I found that Beautiful Soup can be used to do that. This was one of the best options available . Once the parsing was complete, we only have to display the data.

I found 2 scripts to do just that. These scripts however don’t use Requests module but use urllib and urllib2.

Advantage :
The advantage of using this is that, only a brief summary of the topic under search will be showed. And most of the time it is the only thing we want.

The second thing is that if there are sections in the topic, it will be shown.

Disadvantage :
What this lacks is that, it does not have a good pattern matching for searches, that is if it doesn’t ind the exact words in the article it will not be returned. This also happens if each result has multiple result.
Sometimes the data returned is either very less or a lot.

Procedure:

First download and save these 2 python file:
wikipedia.py  : This python Program  is used to form the url for the search term to get the article from wikipedia.com. Once the URL is formed, we send a request using the urllib python library.We perform the search and get the whole data from Wikipedia.

wiki2plain.py : This program is used to convert the full   document received  from previous program to readable text format. Usually, the response from the previous program is in the form of json/html. Thus we use this program to parse the json/html and get meaningful data on the topic.

Then create a python file and name it wiki.py and paste the following script in it:


from wikipedia import *
from wiki2plain import *

lang = ‘simple’
wiki = Wikipedia(lang)
try:
    data1 = raw_input(“enter searh query: “)
    raw = wiki.article(data1)
except:
    raw = None

if raw:
    wiki2plain = Wiki2Plain(raw)
    content = wiki2plain.text
    print content
else:
    print “No text returned”

This code just calls the previously downloaded files and allows you to dynamically enter a topic and search Wikipedia.
Save it in the same folder as the other two files and run  wiki.py

Enter the search term and get the results.

Screenshots :

Screenshot from 2014-04-20 22:21:28

Screenshot from 2014-04-20 22:21:06

Wikipedia on the terminal , using python

I wanted to get information on my terminal on Ubuntu. y requirement  was that, any  data that i wanted  should be output on the terminal itself. I didn’t want to open a browser each time i wanted some information. And all I needed was the data and not images and videos. So to view the information on the terminal was very convenient and efficient.

When i searched, I was looking for a python implimentstion , i came to know that using Wikipedia API, one can to send a http request to the website as a query action and json format and get the json object. This could be implemented using the request , module in python. So this would give the json object that had the data on the topic to be queried.

The next step was to parse it . And I found that Beautiful Soup can be used to do that so extract only the data. This was one of the best options available . An then the only thing to do was to print the data that is extracted.

I found 2 scripts to do just that. These scripts however dont use Requests module but use urllib and urllib2.
Advantage :
The advantage of using this is that, only a brief summary of the topic under search will be showed. And most of the time it is the only thing we want.

The second thing is that if there are sections in the topic, it will be shown.

Disadvantage :
What this lacks is that, it does not have a good pattern matching for searches, that is if it doesnt ind the exact words in the article it will not be returned. This also happens if each result has multiple result.
Sometimes the data returned is either very less or a lot.

Procedure:

First download and save tehse 2 python files.
wikipedia.py
    wiki2plain.py

Then create a python file and name it wiki.py . Then paste the following script in it.

from wikipedia import *
from wiki2plain import *

lang = ‘simple’
wiki = Wikipedia(lang)
try:
    data1 = raw_input(“enter searh query: “)
    raw = wiki.article(data1)
except:
    raw = None

if raw:
    wiki2plain = Wiki2Plain(raw)
    content = wiki2plain.text
    print content
else:
    print “No text returned”

Save it in the same folder as the other to files and run  wiki.py
Enter the search term and get the results.

Screenshots :

Screenshot from 2014-04-20 22:21:28

Screenshot from 2014-04-20 22:21:06

Android : connecting to AVD using TELNET

TELNET is a A terminal emulation program for TCP/IP networks such as the Internet. Telnet               provided access to a command-line interface on a remote host. Most network equipment and operating systems with a TCP/IP stack support a Telnet service for remote configuration. The Telnet program runs on your computer and connects your PC to a server on the network. You can then entercommands through the Telnet program and they will be executed as if you were entering them directly on the server console. This enables you to control the server and communicate with other servers on the network.

So we can use telnet to connect to the Android Virtual Device (AVD) or the android emulator and perform certain operations that deal with certain environmental values and settings. Here the AVD is running as a localhost. So before connecting, note down the port at which it is running. Generally the top of the AVD gives the port number. Eg. my AVD runs on 5554.

to connect to the  in the terminal use the command:

telnet localhost 5554

if connected successfully  an OK message should be displayed.he various operations that can be performed are-

1. To toggle between the speed of the Internet connection use:
                 network speed edge
    the result is that the network connection is now slow and can be seen on the avd with e marked     with the data pack symbol.
To get the full connection speed type
                network speed full

2.Sending SMS message . you can send to the avd messages :
the syntax is
“sms send <sender’s phone number> <message>”
Eg.   sms send 1234000000  this is good.
This will cause a message to appear in the avd from the phone 123400000 with the message “this     is good”.

3.The charging indicator can be changed to show the amount of charging done including  o for          full. All the input taken is in terms of percentages.

Eg.   power 50  will make the charging to 50%
power 73  will make the charging to 73%

4.  the   help  command will provide a list of  all the operations that can be performed along with        their  option if any. The others include operations like fixing the location(GPS COORDINATE) of        the AVD by using the  geo fix  command, or kill   command to terminate the instance of the            emulator

Here is a summary of the commands and its use:

 help|h|?         print a list of commands
    event            simulate hardware events
    geo              Geo-location commands
    gsm              GSM related commands
    kill             kill the emulator instance
    network          manage network settings
    power            power related commands
    quit|exit        quit control session
    redir            manage port redirections
    sms              SMS related commands
    avd              manager virtual device state
    window           manage emulator window

 

 

SOURCE : Webopedia , coursera