Easy encryption with PGP and Docker

  • Sydney, Australia
  • comments

Encryption is complicated. People don’t pay too much attention because the process and tools are often cumbersome. In this post, I show you how to encrypt data effortlessly by combining tools like GPG and Docker (or Podman) containers. Your privacy in this wild wild internet is guaranteed!

TL;DR

The goal is for anyone to encrypt a message from anywhere addressed to a recipient (in this case myself):

echo "send me a secret" | docker run juliaaano/encrypt

Show me how

The intent is to provide a good experience by abstracting the use of GPG with Docker Linux containers.

The container image that I use is lightweight, has GPG installed and imports my public PGP key.

FROM debian:stable-slim

RUN apt-get update && apt-get install -y gnupg2 curl

RUN curl -sSL https://www.juliaaano.com/key.asc | gpg --import -

ENTRYPOINT ["gpg", "--trust-model", "always", "--encrypt", "--armor", "--output", "-", "--recipient", "juliaaano"]

About PGP/GPG

So far it has been assumed a PGP key pair exists so you have a public key for encryption and “hopefully” its private counterpart for decryption.

Creating a key pair with GPG is easy, and there are several resources available.

Once you’ve got your keys, you can build and distribute your container image so anyone can send encrypted messages to you. You still need to deal with GPG to decrypt them yourself.

Usage examples

  1. Encrypt a text message or a text file:
    echo "send me a secret" | docker run juliaaano/encrypt
    cat my-sample-file.txt | docker run juliaaano/encrypt
  2. Save encrypted output to a file:
    echo "send me a secret" | docker run juliaaano/encrypt > secret.txt.asc
  3. Copy encrypted output to the clipboard (MacOS only):
    cat my-sample-file.txt | docker run juliaaano/encrypt | pbcopy
  4. Encrypt binary (non-text) files:
    docker run -v $(pwd):/tmp juliaaano/encrypt /tmp/myfile.zip > myfile.zip.asc
  5. Use Podman containers instead of Docker:
    echo "send me a secret" | podman run juliaaano/encrypt
    cat my-sample-file.txt | podman run juliaaano/encrypt

Summary

The source code for this project can be found at juliaaano/encrypt.

If you like it, comment with an encrypted message down below :-)