Features

Open PGP is an encryption standard to protect your privacy and confidential data. When using an Open PGP software package like TurboPGP, or a program with built-in PGP capability like TurboFTP, a user might need to deal with different files related to Open PGP. It helps comprehend PGP operations by clarifying each type of file involved and knowing how they look.

Let’s dive in and learn how to generate the various PGP file types using TurboPGP.

.pgp

The pgp file extension is the default file extension of the encryption output of TurboPGP Command Line. A .pgp file is created by default when encrypting a file or signing a file with an attached signature.

Note: Signing a file is not a means of encrypting your data but a means of verifying the authenticity and integrity of the data. Digital signatures can be attached to the signed file (.pgp) or generated as a separate signature file (.sig).

For instance, when signing a file:

  tbpgp --sign "Kali.txt" --signer D733FDCC

  [2022/08/13 10:01:16 +0300] program loaded
  Evaluation days left: 30
  Expired: 0 DEFAULT.
  [2022/08/13 10:01:17 +0000] load_keychain: 6 keys loaded from secret key chain
  [2022/08/13 10:01:17 +0000] load_keychain: 6 keys loaded from public key chain
  [2022/08/13 10:01:17 +0000] key lookup: found secret-key keyid D733FDCC
  Enter passphrase of secret key: *
  [2022/08/13 10:01:19 +0000] successfully created signed file 'Kali.txt.pgp' from m <h@gmail.com>  

Or when encrypting a document:

  tbpgp -e "Manjaro.txt" -r D733FDCC

  [2022/08/13 10:14:15 +0300] program loaded
  Evaluation days left: 30
  Expired: 0 DEFAULT.
  [2022/08/13 10:14:15 +0000] load_keychain: 6 keys loaded from secret key chain
  [2022/08/13 10:14:15 +0000] load_keychain: 6 keys loaded from public key chain
  [2022/08/13 10:14:15 +0000] key lookup: found secret-key keyid D733FDCC
  Enter passphrase of secret key: *
  [2022/08/13 10:14:21 +0000] successfully encrypted 'Manjaro.txt' to 'Manjaro.txt.pgp' (primary keyID=DC2CBE11D733FDCC, uid='m <h@gmail.com>')

Other PGP software might use a different extension for an encrypted or signed file. For example, GnuPG uses .gpg for the same purpose.

.sig

A file with a sig file extension is an Open PGP detached signature.

So what is a detached signature? The word “detach” means a file is signed, but its digital signature is separated from it to form an individual file. That is, the original file and its signature are preserved.

Example,

  tbpgp --sign "Manjaro.txt" --signer "D733FDCC" --detached

  [2022/08/13 10:26:17 +0300] program loaded
  Evaluation days left: 30
  Expired: 0 DEFAULT.
  [2022/08/13 10:26:17 +0000] load_keychain: 6 keys loaded from secret key chain
  [2022/08/13 10:26:17 +0000] load_keychain: 6 keys loaded from public key chain
  [2022/08/13 10:26:17 +0000] key lookup: found secret-key keyid D733FDCC
  Enter passphrase of secret key: *
  [2022/08/13 10:26:19 +0000] successfully created detached signature 'Manjaro.txt.sig' from m <h@gmail.com>

.asc

The asc file extension indicates it contains ASCII-armored data, which typically constructs Open PGP signatures or certificates.

Example of an ASCII-armored Open PGP secret key:


-----BEGIN PGP PRIVATE KEY BLOCK-----
  Version: TurboPGP v1.0

  lQPGBFlxvoIBCACbz0geVV1o71LEvwliB4SPOfeEKbCE9EGspaBPMb2eWVnjUvio
  trCKOf6Pg3axehSHLa3Ee6nd1DnqnJE+5Onon...
  -----END PGP PRIVATE KEY BLOCK-----

Example of an ASCII-armored Open PGP message:

   -----BEGIN PGP MESSAGE-----
   Version: TurboPGP v1.0

   yDgBO22WxBHv7O8X7O/jygAEzol56iUKiXmV+XmpCtmpqQUKiQrFqclFqUDBovzS
   vBSFjNSiVHsuAA==
   =njUN
   -----END PGP MESSAGE-----

Verifying Open PGP signatures using TurboPGP

Only the signed file is to be supplied for verification of a signed file, as it contains the original file data and the Open PGP signature. For verification of a detached signature, you need to provide both the original file being signed and the detached signature file (.sig file). Typically, both files should be distributed together.

OpenPGP is an open standard (RFC 4880) that uses cryptographic algorithms, including public-key algorithms, symmetric cipher algorithms, etc., to encrypt data. It is used for digitally signing, encrypting, or decrypting text, files, emails, etc. TurboPGP is a command-line PGP software tool created based on OpenPGP to protect confidential file data and ensure data integrity and authenticity.

Cryptographic Operations of TurboPGP

  • Generate an OpenPGP key pair.
  • Import a user's public or secret key.
  • Encrypt or decrypt a file using the OpenPGP standard.
  • Digitally sign a file and verify OpenPGP signatures.

To download the 30-day free trial of TurboPGP, you can go to its homepage. The PGP encryption software can natively run on Windows, Linux, and macOS. The command line syntax and options are the same for all the supported platforms. We now demonstrate its use on Windows.

Once installed, run the following command in Powershell to confirm the installation was successful:  

 tbpgp

Example:

  tbpgp  

  [2022/08/12 07:01:27 +0300] program loaded
  Evaluation days left: 30
  Expired: 0 DEFAULT.
  no operation option switch present.

Generating a PGP Key Pair

Before you can commence encrypting and decrypting files, documents, or any data of your choice, you need to generate a key pair for encryption and decryption.  

These keys are essential when you want to encrypt your data and when the recipient wants to decrypt the message received. TurboPGP comes in handy to create this key pair as it provides a key generator to create an OpenPGP key pair. Type the following command to generate an OpenPGP key pair:  

   tbpgp --gen-key "{username} <{user_email}>"

Example:  

  tbpgp --gen-key "john smith <john smith@test.com>"

  [2022/08/10 07:15:08 +0300] program loaded
  Evaluation days left: 30
  Expired: 0 DEFAULT.
  [2022/08/10 07:15:08 +0000] load_keychain: 5 keys loaded from secret key chain
  [2022/08/10 07:15:08 +0000] load_keychain: 5 keys loaded from public key chain
  Enter passphrase of secret key: ****
  [2022/08/10 07:15:17 +0000] key id B303E88F84D203A2 added to secret keychain
  [2022/08/10 07:15:17 +0000] key id B303E88F84D203A2 added to public keychain

Two keys have been generated, i.e., one public and one secret key, with each key being stored in their public keyring and secret keyring, respectively. Note: Your email should be enclosed within the < >; otherwise, you'll get an invalid name address pair error.  

To view the generated keys, type the following command:  

# list all the public keys
tbpgp --list-keys

# list all the secret keys
tbpgp --list-secret-keys

Example:

  tbpgp --list-keys

  Evaluation days left: 30
  Expired: 0 DEFAULT.
  [2022/08/12 07:08:59 +0000] load_keychain: 1 keys loaded from secret key chain
  [2022/08/12 07:08:59 +0000] load_keychain: 1 keys loaded from public key chain
  public keyring: C:\Users\alvin\AppData\Roaming\TurboSoft\TurboPGP\pubring.tpg
  pub   RSA   2048 84D203A2 2022-08-10
  uid                        john smith <john.smith@test.com>
  sub   RSA   2048 6267DA83 2022-08-10

  tbpgp --list-secret-keys

  [2022/08/12 07:18:24 +0300] program loaded
  Evaluation days left: 30
  Expired: 0 DEFAULT.
  [2022/08/12 07:18:25 +0000] load_keychain: 1 keys loaded from secret key chain
  [2022/08/12 07:18:25 +0000] load_keychain: 1 keys loaded from public key chain
  secret keyring: C:\Users\alvin\AppData\Roaming\TurboSoft\TurboPGP\secring.tpg
  sec   RSA   2048 84D203A2 2022-08-10
  uid                       john smith <john.smith@test.com>
  ssb   RSA   2048 6267DA83 2022-08-10

The good thing is that you can export your public key to a user you want to communicate with. The user will use this public key to encrypt their messages. To export, type the command:  

  tbpgp --export "key ID" --output <filename>

Replace "key ID" with your generated public key, e.g., "D733FDCC". Replace with a filename of your choice without <> included.

Example:

  tbpgp --export "D733FDCC" --output "my_publicKey.txt"
  
  [2022/08/12 07:32:20 +0300] program loaded
  Evaluation days left: 30
  Expired: 0 DEFAULT.
  [2022/08/12 07:32:20 +0000] load_keychain: 1 keys loaded from secret key chain
  [2022/08/12 07:32:20 +0000] load_keychain: 1 keys loaded from public key chain
  [2022/08/12 07:32:20 +0000] public key 'D733FDCC' exported to 'my_publicKey.txt'

Signing Files

A PGP signature is a unique sequence of octets generated against a given block of digital data. Generating a PGP signature involves hashing the entire block of payload data, be it a file or a particular PGP certificate, mixed with predefined data like timestamps. The hash value is then encrypted with a given public-key cryptographic algorithm like RSA to derive the signature.

TurboPGP can generate two types of signed files with an attached or detached signature.  

  • Signed file: The file's content is signed, with the signature attached. Usually denoted with a .pgp extension.
  • Detached signature file: It's the signature stored in an individual file, leaving the original file and its contents intact.

A detached signature file is denoted with a .sig extension.

Run the following commands on your terminal with a specified public key:  

  tbpgp --sign <filename> --signer <keyID>

Example:

  tbpgp --sign k.txt --signer "D733FDCC"

  [2022/08/11 06:42:06 +0300] program loaded
  Evaluation days left: 30
  Expired: 0 DEFAULT.
  [2022/08/11 06:42:06 +0000] load_keychain: 1 keys loaded from secret key chain
  [2022/08/11 06:42:06 +0000] load_keychain: 1 keys loaded from public key chain
  [2022/08/11 06:42:06 +0000] key lookup: found secret-key keyid D733FDCC
  Enter passphrase of secret key: *
  [2022/08/11 06:42:15 +0000] successfully created signed file 'k.txt.pgp' from john smith <john.smith@test.com>

The above command creates a signed file denoted with .pgp extension.
Note: Specifying outputFile is optional; it will automatically generate one with a .pgp extension.

  tbpgp --sign <filename> --signer <keyID> -o <filename.sig> --detached

The above one creates a detached signature file denoted with .sig extension.

Example:

  tbpgp --sign "k.txt" --signer "D733FDCC" -o "k.txt.sig" --detached

  [2022/08/10 18:36:29 +0300] program loaded
  Evaluation days left: 30
  Expired: 0 DEFAULT.
  [2022/08/10 18:36:29 +0000] load_keychain: 1 keys loaded from secret key chain
  [2022/08/10 18:36:29 +0000] load_keychain: 1 keys loaded from public key chain
  [2022/08/10 18:36:29 +0000] key lookup: found secret-key keyid D733FDCC
  Enter passphrase of secret key: *
  [2022/08/10 18:36:44 +0000] successfully created detached signature 'k.txt.sig' from john smith <john.smith@test.com>.

Signature Verification

Why do we need to verify a signature? A signature is verified basically to confirm the file at hand is from who the owner claims to be. Signature verification authenticates a file, text, or any data from the original owner.  

TurboPGP verifies a digital signature in two ways depending on signature attachment with the below command syntax:  

# verify a signed file (signature attached)
tbpgp --verify <signedFile>

# verify a detached signature
tbpgp --verify <detachedSignature> <originalFile>

Example:  

  tbpgp -verify k.txt.pgp
  
  [2022/08/11 07:08:49 +0300] program loaded
  Evaluation days left: 30
  Expired: 0 DEFAULT.
  [2022/08/11 07:08:50 +0000] load_keychain: 1 keys loaded from secret key chain
  [2022/08/11 07:08:50 +0000] load_keychain: 1 keys loaded from public key chain
  [2022/08/11 07:08:50 +0300] OpenPGP signed file with attached signature: 'k.txt.pgp'
  [2022/08/11 07:08:50 +0000] key lookup: found secret-key keyid DC2CBE11D733FDCC
  Enter passphrase of secret key: *
  [2022/08/11 07:08:56 +0300] Verification was successful for signature 'k.txt.pgp' from john smith <john.smith@test.com>.

Example:

  tbpgp -v k.txt.sig k.txt

  [2022/08/11 07:11:17 +0300] program loaded
  Evaluation days left: 30
  Expired: 0 DEFAULT.
  [2022/08/11 07:11:18 +0000] load_keychain: 1 keys loaded from secret key chain
  [2022/08/11 07:11:18 +0000] load_keychain: 1 keys loaded from public key chain
  [2022/08/11 07:11:18 +0300] OpenPGP detached signature file: 'k.txt.sig'
  [2022/08/11 07:11:18 +0300] OpenPGP signed file: 'k.txt'
  [2022/08/11 07:11:18 +0000] key lookup: found secret-key keyid DC2CBE11D733FDCC
  Enter passphrase of secret key: *
  [2022/08/11 07:12:11 +0300] Verification was successful for signature 'k.txt.sig' from john smith <john.smith@test.com>.

The importance of digital signatures is that they can be employed to prove the file is indeed from the owner of this public key and has not been tampered with.

Encryption

Encryption conceals a message by converting plain text into an unreadable format known as ciphertext. To encrypt with TurboPGP, use the following syntax:  

 tbpgp --encrypt <inputFile> --recipient <keyID> -o <outputFile>
         or
 tbpgp -e <inputFile> -r <keyID> -o <outputFile>

Example:  

  tbpgp --encrypt "b.txt" --recipient "D733FDCC"

  [2022/08/12 08:19:45 +0300] program loaded
  Evaluation days left: 30
  Expired: 0 DEFAULT.
  [2022/08/12 08:19:45 +0000] load_keychain: 1 keys loaded from secret key chain
  [2022/08/12 08:19:45 +0000] load_keychain: 1 keys loaded from public key chain
  [2022/08/12 08:19:45 +0000] key lookup: found secret-key keyid D733FDCC
  Enter passphrase of secret key: *
  [2022/08/12 08:19:47 +0000] successfully encrypted 'b.txt' to 'b.txt.pgp' (primary keyID=DC2CBE11D733FDCC, uid='john smith <john.smith@test.com>')

Example 2: When supplied file path or filename has spaces, enclose the argument in double quotes. e.g., "Hello world"

  tbpgp -e "Hello world.txt" -r "D733FDCC"

  [2022/08/12 09:39:26 +0300] program loaded
  Evaluation days left: 30
  Expired: 0 DEFAULT.
  [2022/08/12 09:39:26 +0000] load_keychain: 6 keys loaded from secret key chain
  [2022/08/12 09:39:26 +0000] load_keychain: 6 keys loaded from public key chain
  [2022/08/12 09:39:26 +0000] key lookup: found secret-key keyid D733FDCC
  Enter passphrase of secret key: *
  [2022/08/12 09:39:29 +0000] successfully encrypted 'Hello world.txt' to 'Hello world.txt.pgp' (primary keyID=DC2CBE11D733FDCC, uid='john smith <john.smith@test.com>')

If we open an encrypted file with Notepad in Windows, we see the contents are unreadable. Encrypted Document

NOTE: By default, TurboPGP names the encrypted file by appending a ".pgp" extension.

Decryption

Decryption is the reverse process of encryption. It converts encrypted data into its original form. TurboPGP can decrypt a PGP encrypted file with the following command syntax:  

 tbpgp --decrypt <inputFile> -r <keyID> -o <outputFile>

For instance:  

  tbpgp --decrypt "b.txt.pgp" -r "D733FDCC" -o "bb.txt"
  
  [2022/08/12 08:22:49 +0300] program loaded
  Evaluation days left: 30
  Expired: 0 DEFAULT.
  [2022/08/12 08:22:49 +0000] load_keychain: 1 keys loaded from secret key chain
  [2022/08/12 08:22:49 +0000] load_keychain: 1 keys loaded from public key chain
  [2022/08/12 08:22:49 +0000] archive was encrypted with key ID B3875E16F8869841
  [2022/08/12 08:22:49 +0000] key lookup: found secret-subkey keyid B3875E16F8869841
  Enter passphrase of secret key: *
  [2022/08/12 08:22:51 +0000] encrypted with 2041-bit RSA key, ID F8869841, created on Wed Aug 10 06:57:24 2022, user "john smith <john.smith@test.com>"
  [2022/08/12 08:22:51 +0000] successfully decrypted 'b.txt.pgp' to 'bb.txt'

The output above shows that the encrypted file was successfully decrypted to the output file bb.txt. The file can now be viewed and read as shown below with Notepad.

Decrypted Document

Above, we have demonstrated the primary usage of PGP software TurboPGP Command Line on Windows.

PGP (Pretty Good Privacy) is an encryption system that sends encrypted emails and encrypts sensitive files. PGP is employed for signing, encrypting, and decrypting text, email, files, manuals, and whole disk partitions to enhance the security of email communications. PGP provides end-to-end encryption, integrity checking, and authentication for data exchange workflows in security-sensitive industries such as healthcare and finance.

What is Open PGP?

Open PGP is an open-source offshoot established on PGP. "Open PGP" commonly refers to tools, features, and solutions that support open-source PGP encryption technology.

Open PGP allows developers to incorporate PGP into publicly available software for free. To do this, designers and traders that want to integrate Open PGP into their software solutions must comply with IETF standards and efficiently integrate with other OpenPGP-compliant software vendors.

PGP data processing consists of three steps:

Step 1: PGP generates a one-time, random session key.

Step 2: The session key is encrypted with the recipient's public key to protect the payload message with asymmetric cryptography, for example, RSA or ECDH. The recipient shares that key with someone who desires to accept messages.

Step 3: The recipient decrypts the session key by employing its private key.

 Step 4: The recipient decrypts the message payload with the session key using the corresponding symmetric algorithm, for instance, AES-256.

PGP compresses plain text data, saving disk space and transmission time and improving encryption security.

Uses of Automate PGP encryption

The most common reason to use Automate PGP encryption is to allow messages and data to be transmitted safely to each other using a combination of public and private keys. PGP is often used to encrypt email, files, text messages, and entire disk partitions and authenticate digital certificates.

Automate PGP data exchange in the Medical Field

HIPAA (Health Insurance Portability and Accountability Act) specifies standards for protecting sensitive patient data. Companies dealing with Protected Health Information (PHI) must take physical, network, and process security measures and follow them for HIPAA compliance. The target entities (those who provide medical treatment, payment, or practice) and business partners (those who have access to patient information and provide medical, payment, or practice support) must meet HIPAA Compliance. PGP is a secure method for sensitive information transfer from one location to another. In the medical industry, confidential data must be transferred safely. PGP tools can secure medical information, including names, telephone numbers, addresses, medical records, etc. If the data is hacked or leaked, it can be disastrous, so PGP helps the medical industry secure sensitive information.

TurboPGP is a PGP command-line tool that can encrypt and decrypt files using the Open PGP standard, providing enhanced endpoint security for static data and adding a solid layer of protection for data on the wire. With a simple, comprehensive command line interface, TurboPGP enables almost any digital workflow process to meet compliance requirements with automated and efficient information protection.

Automate PGP Data Exchange in the Finance Industry

Compliance requirements have different objectives and different operations for organizations working in the financial sector.

GDPR (General Data Protection Regulation) is an information privacy framework that sets rules regarding the collection, storage, transfer, and processing of the personal data of EU residents. Organizations that process the personal data of EU residents are required to comply with GDPR requirements. Here we can explore the importance of PGP, which is necessary to adopt for secure and sensitive file transfer and data storage. In the finance industry, many files are transferred daily. Turbo PGP command line encryption tool comes to help to automate these secure transfers.

The Sarbanes-Oxley Act (SOX) is an internal check and balance system for the accuracy of financial records. The SOX Act initially intended to track financial records' legitimacy but recently added a cybersecurity component. Financial associations are now required to implement a new and advanced tool such as PGP. Moreover, PCI DSS is a global standard for how organizations handle credit card information in the finance industry. PCI DSS compliance requires organizations to continuously monitor data on their networks to maintain a secure data network and limit the theft or destruction of credit card information. A PGP encryption tool like TurboPGP protects sensitive data assets in your storage and could be the ultimate means of protection even when the data falls into the hands of hackers.

In a security-sensitive industry like the Finance Industry, starting with a threat model is recommended to clearly understand the potential risks, identify specific threat scenarios to address, and determine the best data protection method to employ. TurboPGP can play an essential role in mitigating potential security risks.

How can TurboPGP Open PGP command line Tool help?

TurboPGP Command Line can be integrated into existing business workflows. It can import and export Open PGP keys created with third-party software like GnuPG. When creating a key pair, you can specify the asymmetric, encryption cipher, and compression algorithms. You can also delete keys and change your private key passphrase. Easy-to-use command-line options conform to the standard Unix command-line style. You can create an audit log of operations and encrypt all files that match filters in a folder with a single command.

PGP is also applied to authenticate messages and inspect a message's integrity to detect if it has been modified since the person claiming to have sent it wrote it. PGP creates a digital signature with the sender's secret key to prove that it is from the sender who owns the key and that the message or file has not been tampered with.

Verdict

TurboPGP can run on Windows, macOS, and Linux. As a PGP command line tool, it protects your sensitive data in transit and at rest with Open PGP encryption automation.