Ubuntu – How to easily install any GPG GUI on Ubuntu that actually works

gnupgguisoftware-recommendation

I am trying to install any GnuPG GUI for easy encryption/decryption of text, and I feel like I am in bizarro world where nothing works at all. On Mac OS X, I use GPGTools and it works flawlessly, so I thought it will be similar on Ubuntu, but no such luck so far.

What I tried so far:

GPA – it just starts, shows no less than 3 error messages on top of each other, and does nothing (doesn't even displays the keys I imported into gpg through bash).
KGPG – install tons of KDE packages through apt-get, and then it never starts anyway. I managed to get it to start once, but never again.
Seahorse – finally something that actually starts and shows my keys, but I can't find a way to do anything with them (encrypt or decrypt). Nothing shows up in any Nautilus menu. I have installed gedit-plugins, but nothing like GPG or Seahorse plugin shows up in gedit plugin list.

What are my other options?

(Note: I specifically don't want to use a mail client with GPG supoprt, I just want to encrypt and decrypt text files.)

Best Answer

Besides Seahorse, which is only the key manager, you need a package called seahorse-nautilus to be able to encrypt/decrypt files with Nautilus.

It adds a menu item to the right-click context menu that allows you to encrypt a file directly from the file manager.

Note: This is the package name in Ubuntu 14.04. Other versions may have a different package name.

Additional Note: It may be required to log out of the current session and re-login for everything to work properly after installing the required packages.

Related Solutions

Ubuntu – GPG Workflow in 11.04

Just type gpg --decrypt in the terminal, paste your code and press CTRL-D. You should then see the decrypted result.

Ubuntu – Why is gpg getting upset and how to stop it

I managed to reproduce the problem which you are experiencing. I did so doing the following:

$ gpg --no-default-keyring --keyring ./test-keyring  --secret-keyring ./test-secring --trustdb-name ./test-trustdb --no-random-seed-file --gen-key

<specified parameters and let it do its thing>

gpg: key 58018BFE marked as ultimately trusted
public and secret key created and signed.

<snip>

$

Notice that the process marked the key as "ultimately trusted".

Now I export the keys:

$gpg --no-default-keyring --keyring ./test-keyring  --secret-keyring ./test-secring --trustdb-name ./test-trustdb --no-random-seed-file --export-secret-keys -a >private.key

$gpg --no-default-keyring --keyring ./test-keyring  --secret-keyring ./test-secring --trustdb-name ./test-trustdb --no-random-seed-file --export -a > public.key

Now I import to a new gpg database:

$gpg --no-default-keyring --keyring ./test2-keyring  --secret-keyring ./test2-secring --trustdb-name ./test2-trustdb --no-random-seed-file --import public.key

$gpg --no-default-keyring --keyring ./test2-keyring  --secret-keyring ./test2-secring --trustdb-name ./test2-trustdb --no-random-seed-file --import private.key

Now if I attempt to encrypt using the new keyrings I get:

$ gpg --no-default-keyring --keyring ./test2-keyring  --secret-keyring ./test2-secring --trustdb-name ./test2-trustdb --no-random-seed-file -r Fake -e
gpg: AE3034E1: There is no assurance this key belongs to the named user

pub  1024R/AE3034E1 2013-06-13 Fake User <fake@example.com>
 Primary key fingerprint: AD4D BAFB 3960 6F9D 47C1  23BE B2E1 67A6 5801 8BFE
      Subkey fingerprint: 58F2 3669 B8BD 1DFC 8B12  096F 5D19 AB91 AE30 34E1

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

The reason for this is the "web of trust" model. By default, in order for a public key to be trusted, it requires either 1 "ultimate" trust certificate (typically where you personally have verified the identities of the people involved), or 3 "marginal" trust certificates (where somebody you know, who knows somebody you know ... has signed the certificate).

Because gpg is a security application, it warns you if you are attempting to encrypt to a key which is not listed as trusted. The reason your own key isn't trusted in this case is simple. It is because you did not export the trust relationships from the previous gpg instance. To do this, use the --export-ownertrust and --import-ownertrust commands.

As always, refer to the man page.

Best Answer

Related Solutions

Ubuntu – GPG Workflow in 11.04

Ubuntu – Why is gpg getting upset and how to stop it

Related Question