How to encrypt files with GnuPG and send it to Red Hat Support

Solution Verified - Updated -

Environment

  • Red Hat OpenShift Service on AWS (ROSA)
  • Red Hat OpenShift Dedicated (OSD)

Issue

  • How to install GnuPG?
  • How to import provided public key provided by Red Hat Support?
  • How to encrypt a file with recipient's (ID) public key?

Resolution

Note:
GnuPG, is a tool that is compliant with the OpenPGP Internet standard described in RFC4880 and which is used for secure communication and data storage. It has a robust key management system and integrates easily with other applications. Digital signatures are used to ensure that you get an exact copy from the original packager and not a malicious version from a compromised site.

Steps to encrypt file(s):

  1. Make sure everything is in one file. If there are multiple files, you can put them inside a folder and create a tarball of that folder, or just directly tarball all the files

Folder

# tar czf name_of_archive_file.tar.gz name_of_directory_to_tar

File(s)

# tar czf name_of_archive_file.tar.gz file1 file2 file3
  1. Most Linux distributions already have GnuPG installed, and the current version will likely use GnuPG 2.0 by default. If GnuPG is not available proceed with the installation.
# dnf install gnupg2.x86_64

# dnf list gnupg*

Installed Packages
gnupg2.x86_64                         2.2.20-3.el8_6                    @rhel-8-for-x86_64-baseos-rpms                                    
gnupg2-smime.x86_64                   2.2.20-3.el8_6                    @rhel-8-for-x86_64-baseos-rpms
  1. Import a public key that has been provided by Red Hat Support

Note: The first time you run any gpg command, a configuration directory and keyring will be created in your home directory

# gpg --list-keys
gpg: directory '/home/user/.gnupg' created
gpg: keybox '/home/user/.gnupg/pubring.kbx' created
gpg: /home/user/.gnupg/trustdb.gpg: trustdb created

# gpg --import public_key.txt

gpg: key DCE3823597F5EAC4: public key "Red Hat, Inc. (Product Security) <secalert@redhat.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
  1. Encrypt a file with a recipient's public key
    Note: Use the -e or --encrypt option to encrypt a file. If you do not specify the recipient on the command line with the -r or --recipient option, you are prompted to specify the user ID. The email address is often the easiest way to specify the user ID.
# gpg -e -r secalert@redhat.com secret_file.txt 

gpg: B8914F503278E012: There is no assurance this key belongs to the named user

sub  rsa4096/B8914F503278E012 2017-11-01 Red Hat, Inc. (Product Security) <secalert@redhat.com>
 Primary key fingerprint: 77E7 9ABE 9367 3533 ED09  EBE2 DCE3 8235 97F5 EAC4
      Subkey fingerprint: 687D C529 E3F2 E453 87B0  A0E6 B891 4F50 3278 E012

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y

# ls -lah | grep secret_file

-rw-rw-r--.  1 user user   48 Apr 12 14:59 secret_file.txt
-rw-rw-r--.  1 user user  645 Apr 12 15:01 secret_file.txt.gpg
  1. Share the encrypted file to the Red Hat support using preferred tool or attach to the support portal

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments