Home Request an Account Administration Policies
Resources Previous Research
Research in the HPCC
Linux and Clusters GPG and OpenSSL
Example Batch Scripts Video Tutorials
GPG and OpenSSL



GPG (GNU Privacy Guard) is a version of OpenPGP that allows users to encrypt files and communications, as well as manage private and public key systems. OpenSSL is another security system that also has tools to encrypt files and generate keys. Both are already supported on the MPRC cluster. We use the gpg2 version of GPG and OpenSSL 1.0.2k-fips. You will need to be able to use OpenSSL and GPG to encrypt your files, per the MPRC Security Policies.


Using GPG

Information about GPG can be found in the terminal by using the man command:

$ man gpg2

Note that there are many pages of information on this page so it is much more efficient to pipe this command through grep or another search command.
GPG can make an encrypted copies of a file using:

$ gpg -c encrypt.txt

And decrypt it using:

$ gpg encrypt.txt.gpg

Or:

$ gpg -d encrypt.txt.gpg


When you create an encrypted file this way, the original file is not touched, there is simply an encrypted copy. Thus, once you have encrypted your files (and ensured that they can be decrypted as well), be sure to shred your original files to keep your data secure.

For more information about GPG, visit their website at gnupg.org


Using OpenSSL

Information about the OpenSSL commands can be found in the terminal by typing openssl help, which will print lists of standard commands, message digest commands, and cipher commands. These commands can be used directly in the terminal by being preceded by openssl. For example, in order to encrypt our file chamberofsecrets.txt, we type:

$ openssl aes-256-cbc -a -salt -in chamberofsecrets.txt -out chamberofsecrets.txt.enc

Here, aes-256-cbc is the command for the cipher used, -a is optional but allows the output to be base64 (meaning that the file can be viewed in text editor or pasted into an email), -salt just adds strength to the encryption but should always be included in this command, and -in and -out just identify the files used. Once we have these files we can print the encrypted file in the terminal and see this:

U2FsdGVkX183785HZhliZi8/z9btqLMmW1wXskwWv3tXP1yQ5y+h/RSsBi1Y1F3W
AFvtNlW00NOlHPs9od76mw==

Now if we make a new file named chamberofsecrets.txt1.enc containing the above text, the encrypted file, we can decrypt it using:

$ openssl aes-256-cbc -d -a -salt -in chamberofsecrets.txt1.enc -out chamberofsecrets.txt.new

Then we can read the text using the password “Granger”.

Again, once you make sure that you can decrypt your file, you should shred the original.

For more information about OpenSSL, visit their website at openssl.org