GPG
GPG is a tool to send encrypted messages and files between people, typically used to send secure encrypted emails. In this case, I will be using it to encrypt files from my Raspberry Pi before uploading them to a cloud for backup.
How it works is, if a person wants to send me a securely encrypted file using GPG, they encrypt the file using their private key and my public key, then when I receive the file, I can decrypt it using their public key and my private key.
Next, I will explain how to set up GPG on Mac and Raspberry Pi.
Setup
It’s pretty easy to create GPG keys on Mac using GPG Suite; once installed, the GUI prompts you to create a new key.
Once the key is created, I upload my public key to the public keys server and to my keybase account, so it’s pretty easy to share with others and install my public key on other machines.
To create GPG keys on my Raspberry Pi, open the terminal to run the following command:
$ gpg --full-generate-key
The above command will guide you through the setup, this is what I selected:
- Kind of key: RSA and RSA (default)
- Keysize: 4096
- how long the key should be valid: key does not expire
- Password: Empty
I decided to use an empty password because I’m going to be automating the encryption, and it’s only going to be one-way encryption to an external public key, not the other way around.
Once created, export the public key:
$ gpg --output ~/rpi.asc --armor --export my_email@email.com
and copy it to the local machine using scp
, in my case to my mac:
$ scp satoshi@raspberrypi.local:rpi.asc ./Downloads
Once copied, I double-click it to install it in my Mac’s GPG Keychain.
Now, export the Mac’s public key from the GPG Keychain by right-clicking it and exporting the public key. Make sure that you DON’T have selected to export the private key. Once exported, use the scp
command to upload it to the Raspberry Pi
$ scp ~/Downloads/mac.asc satoshi@raspberrypi.local:
Once uploaded to Rpi, import it to GPG:
$ gpg --import mac.asc
Or if you have uploaded your public key to Keybase, you can download and import the public key in one run like:
curl https://keybase.io/objsal/pgp_keys.asc | gpg --import
Now sign the key so that we’re not warned every time we use it:
$ gpg --sign-key my_email@email.com
Now, do a test by encrypting a random file on your rpi and decrypting it from your Mac. In my case, I encrypted the mbox
file:
$ gpg --output mbox.gpg --encrypt --sign --armor --recipient my_email@email.com mbox
Copy it to your Mac using scp
$ scp satoshi@raspberrypi.local:mbox.gpg ./Downloads
Double-click it, and it should decrypt the file correctly on your Mac ✔️