Tuesday, June 17, 2014

GEdit text encryption

You know: like vim on the shell, GEdit is the default editor in GNOME 2.30.2.
One out of many cool things of GEdit is the Seahorse plugin for text encryption.

I'd like to give an example of how easy is to use it!
And all that is available for the Solaris 11 desktop, of course.

Suppose I get a regular text file I wish to encrypt its content:




I assume the following prerequisites have been fulfilled:
 
To encrypt all the text simply choose Edit | Encrypt on the GEdit main menu.


This time I won't be signing the message to assure its integrity. 
Arguably a different key could be used for the purpose of signing.
For now I just select the encryption key and click OK:
(on the figure below I've masked my own key)


If the key passphrase isn't cached by a GNOME keyring, it will be prompted before continuing. Note that there's a degree of asynchronism between the GNOME keyring prompt and the text encryption plugin operation in GEdit, so it's advisable to promptly input the passphrase when asked for.


If everything goes well GEdit will automatically refresh accordingly:


Note the * in front of the file name on the GEdit editor tab.
In order to confirm the changes the file must be saved.
Of course the file will grow a few more bytes:


NOTE
It's important to notice that Nautilus will know nothing about the fact that the file has been encrypted. From its point of view it's a regular text/plain.
NOTE
As long as the valid key is present on both the endpoints where the message is exchanged one can freely copy and paste the region
-----BEGIN PGP MESSAGE----- 
Version: GnuPG v2.0.17 (SunOS)

...

-----END PGP SIGNATURE-----
NOTE
SHA-1 has been deprecated as vulnerable nowadays.
While the expected SHA-3 isn't available use SHA-512 instead.
Fear nothing, adjust the GNUPG defaults and regenerate the key.
Use RSA 4096 and SHA-512.

Naturally, to decrypt the message from within GEdit it's just as easy.
Choose Edit | Decrypt/Verify from the main menu.
The passphrase may be asked accordingly.

And that's all.