Suppose I want to encrypt a file so that only I can read it, by knowing my SSH private key password. I am sharing a repo where I want to encrypt or obfuscate sensitive information. By that, I mean that the repo will contain the information but I will open it only in special cases.
-
Suppose I am using SSH-agent, is there some easy way to encrypt the file for only me to open it later?
-
I cannot see why I should use GPG for this, question here; basically I know the password and I want to only decrypt the file by the same password as my SSH key. Is this possible?
Best Answer
I think your requirement is valid, but on the other hand it is also difficult, because you are mixing symmetric and asymmetric encryption. Please correct me if I'm wrong.
Reasoning:
Conclusion: Basically you want to re-use your passphrase for symmetric encryption. The only program you would want to give your passphrase is ssh-agent and this program does not do encryption/decryption only with the passphrase. The passphrase is only there to unlock your private key and then forgotten.
Recommendation: Use
openssl enc
orgpg -e --symmetric
with passphrase-protected keyfiles for encryption. If you need to share the information, you can use the public key infrastucture of both programs to create a PKI/Web of Trust.With openssl, something like this:
and decryption something like
Update: It is important to note that the above openssl commands do NOT prevent the data from being tampered with. A simple bit flip in the enc file will result in corrupted decrypted data as well. The above commands cannot detected this, you need to check this for instance with a good checksum like SHA-256. There are cryptographic ways to do this in an integrated way, this is called a HMAC (Hash-based Message Authentication Code).