Using gpg to encrypt files on a web server

I was working on my website, and I wanted a way to protect files that are uploaded by the users. My solution is to encrypt the files with gpg when they are uploaded. Only the public key is stored on the server and the files are encrypted with this. The only way for the files to be decrypted is for them to be downloaded and then decrypted with my private key.

The steps needed in order to achieve this are:

  1. Obtain gpg and generate a public/private key if you don’t already have one (gpg –gen-key)
  2. Export your public key to a file (gpg -a –export > pubkey.txt)
  3. Upload the pubkey.txt file to your server
  4. Create a directory accessible to the webserver (apache) process
  5. Create a public keyring in this directory (gpg –no-default-keyring –keyring /path/to/pubring.gpg –import pubkey.txt)
  6. Make sure that this file is readable by your webserver process
  7. You may now encrypt files using the command line “gpg -q –batch –no-options –no-default-keyring –keyring /path/to/pubring.gpg -r brett –always-trust –output encrypted.enc –encrypt unencrypted.txt”.

Make sure you back up your private keyring - if you lose it, your files will NEVER be decrypted!