Easy encryption with PGP and Docker

  • Sydney, Australia
  • comments

Encryption is complicated. People don’t pay too much attention because the process and tools are often cumbersome. In this post, I show you how to encrypt data effortlessly by combining tools like GPG and Docker (or Podman) containers. Your privacy in this wild wild internet is guaranteed!

TL;DR

The goal is for anyone to encrypt a message from anywhere addressed to a recipient (in this case myself):

echo "send me a secret" | docker run -i juliaaano/encrypt

Show me how

The intent is to provide a good experience by abstracting the use of GPG with Docker Linux containers.

The container image that I use is lightweight, has GPG installed and imports my public PGP key.

FROM debian:stable-slim

RUN apt-get update && apt-get install -y gnupg2 curl

RUN curl -sSL https://www.juliaaano.com/key.asc | gpg --import -

ENTRYPOINT ["gpg", "--trust-model", "always", "--encrypt", "--armor", "--output", "-", "--recipient", "juliaaano"]

About PGP/GPG

So far it has been assumed a PGP key pair exists so you have a public key for encryption and “hopefully” its private counterpart for decryption.

Creating a key pair with GPG is easy, and there are several resources available.

Once you’ve got your keys, you can build and distribute your container image so anyone can send encrypted messages to you. You still need to deal with GPG to decrypt them yourself.

Usage examples

  1. Encrypt a text message or a text file: 
    echo "send me a secret" | docker run -i juliaaano/encrypt
cat my-sample-file.txt | docker run -i juliaaano/encrypt
  2. Save encrypted output to a file: 
    echo "send me a secret" | docker run -i juliaaano/encrypt > secret.txt.asc
  3. Copy encrypted output to the clipboard (MacOS only): 
    cat my-sample-file.txt | docker run -i juliaaano/encrypt | pbcopy
  4. Encrypt binary (non-text) files: 
    docker run -v $(pwd):/tmp juliaaano/encrypt /tmp/myfile.zip > myfile.zip.asc
  5. Use Podman containers instead of Docker: 
    echo "send me a secret" | podman run -i juliaaano/encrypt
cat my-sample-file.txt | podman run -i juliaaano/encrypt

Summary

The source code for this project can be found at juliaaano/encrypt.

If you like it, comment with an encrypted message down below :-)