So occasionally I need to transmit files securely without the worry of it somehow falling into the hands of an unintentional recipient. I remember during one security incident, the security personal correctly requested that all evidence be encrypted. This seems a simple enough of a task. But wait, without any kind of infrastructure set up, how? I do not want to email them a password to decrypt the file, same as I do not want them knowing my password, I do not want to know theirs. In a perfect world, all of our email would be encrypted to start with, but again without the infrastructure in place, getting a certificate and configuring your email client to encrypt your email can be a real pain in the rear when all you want to do is securely send someone a file. And once the intended recipient receives it, are they going to just leave an unencrypted copy lying around? I hope not.

Well one really simply way is to use PGP or the open source GPG. Now there are lots of how-tos, quick starts and cheat sheets on how to use these tools and so it is well worth your time to do a few Google searches and get a wealth of information.

GPG can be downloaded for your particular platform from http://www.gnupg.org/. You will need it and your intended file recipient will need it as well. Once downloaded, it is always a good idea to make sure that you downloaded what you think you downloaded and check the checksum.

Rather than duplicating yet another how-to, quick start or cheat sheet, a good place that I have found to start is http://www.madboa.com/geek/gpg-quickstart/. They have outline a good process of creating a key pair, encrypting a file and then decrypting it. No need for me to waste your time here.

One more tip, if you have probems importing your recipenients public key, don't forget about the good ol unix2dos and dos2unix tools to remove any carriage returns. Shouldn't be necessary, but may be worth keeping it in the back of your head.