i am new to PGP and i need some help here.
i received a file with extension .asc which i got in mail from another pgp user and the instruction is file must be encryped and signed
currently the user is using ftp server and we have .asc file in opt/PGP/Keyrings folder and secring.skr and pubring.pkr in opt/PGP folder of our linux server.
In future they are planning to move to SFTP server and they gave us this new .asc file to work on.
The question is how do i encrypt data using .asc file that they have sent?.
NOTE:
I already have the following code to encrypt data :
opt/PGP/pgp -es +force "PATH OF FILE TO ENCRYPT" '<RECIPIENT_ID KEY>' -z 'passphrase'
How does the encryption happens using above command?what are the files it uses internally to encrypt data?
How do i use .asc file to my new program?
Also if i use my new .asc file will my existing secring.skr and pubring.pkr file gets override? This question is under assumption that .skr and .pkr file are generated from .asc file .
Is my assumption correct ?
Is it possible to have more .pkr file if so how do i make my script to point to particular .pkr file to encrypt ?
Fair warning: I'm no expert and my experience with PGP-compliant systems is specific to GnuPG so the syntax might not be 100% identical to your implementation but hopefully this will shed some light on your situation.
Firstly, PGP uses an asymmetric encryption scheme. This means it uses different keys for encrypting and decrypting data. To do this, a user must generate a pair of (2) keys, their public and private keys. Data encrypted with the public key of a pair can be decrypted only with the corresponding private key and vice versa.
A typical situation might go something like: Alice and Bob exchange public keys with each other in a manner that lets them be reasonably sure that Alice's public key really belongs to Alice and Bob's to Bob. Later, Alice wants to send a message(or file) to Bob but the message contains sensitive information she wants only Bob to read. To accomplish the transmission safely, she encrypts the message with Bob's public key. Now the only way anybody can read the encrypted message is by first decrypting it with Bob's secret key. Assuming Bob keeps his key secure, nobody else will be able to decipher the encrypted message, even if they intercept it.
I suspect the .asc file you received is the other user's public key, which you'll need to send them messages/files. You can verify this by opening it in a text editor (or less/cat/head/tail etc on Linux) and reading the contents. If the first line of the .asc file is something like ----BEGIN PGP PUBLIC KEY BLOCK---- and the last is ----END PGP PUBLIC KEY BLOCK---- then you know that's their public key. If it is, you'll want to import it into your keyring so you can encrypt messages for that user. In gpg/gpg2 that would look like this:
gpg2 --import sharedKey.asc
It is also possible that the .asc file they sent you is actually an encrypted message of some sort. If it is, you'll need the private key that corresponds to the public key they encrypted it with in order to read it, but it sounds like you're just getting set up so that shouldn't be the case.
Once you have your recipient's public key imported to your keyring, you'll need to generate your own public/private key pair if you don't have one already. This only needs to happen once, not once per message. In gpg2 the command to start the generation process is
gpg2 --gen-key
This command walks you through some setup details, then creates the keypair that'll be used to prove that you sent any given file via signing. Signing is a process that involves using your private key to alter a message you send. Because you use your private key to sign, anybody with your public key can decrypt the signature and, if it decrypts successfully, they can be sure that whoever signed the document controlled your private key (hopefully that means it was you).
Once you have your own keypair generated, and you have imported your recipient's public key, you're ready to encrypt and sign files/messages so that they can be sent securely to that person. I'm not familiar with all the syntax in the code you provided, but I'll explain what I think I understand from it.
-e encrypt the file specified
-s sign the encrypted file
"Path of file to encrypt" needed to encrypt the correct file
'Recipient_id key' needed to encrypt the file for that person
-z compress the result
'passphrase' the passphrase needed to use your secret key for signing
I don't know anything on +force.
You can find the recipient id in your keyring after you import their public key. In gpg you would use
gpg2 -k
to get a list of all public keys in your keyring. Each key's id would be an 8-digit hex value, listed after the rsa level used for that key. i.e.
pub rsa4096/DE936295 2017-11-28 [SC] [expires: 2018-11-28]
has a key id of DE936295.
Importing public keys or generating new keypairs shouldn't overwrite anything in your keychain. Instead it will add new entries. It wouldn't hurt to look into making backup copies of your keyrings if you're nervous though. If you do lose your private keys you wont be able to decrypt any messages that are encrypted with the matching public keys anymore. You ought to have options like
gpg2 --export-secret-keys --armor -o mykey.priv.asc
gpg2 --export --armor -o pubKey.pub.asc
to help you make backup copies of your keys.
TL;DR
I hope it helps, although I'm 99% sure the syntax provided here wont perfectly fit your application it should point you in the right direction.