Open in app

Sign in

Write

Sign in

Securely and Easily Transmitting Secrets over an Insecure Medium with PGP

Nick Doyle
3 min readDec 1, 2020

Use Case: You need to send or receive a secret (password, ssh key) via email

These instructions are for the person receiving the key. If you wish to send a secret to someone else, you could get them to follow these instructions (feel free to share to third parties).

The technique uses an online tool called CyberChef, which enables you to easily generate URLs to a web app containing prepopulated steps of encryption (amongst other functions) with prepopulated keys, making it easy for less-technical 3rd parties to use, with no system dependencies.

The recipient will generate a PGP public and private key using CyberChef.

They will keep the private key secret known only to themselves, and send the public key to the sender (encoded in a CyberChef URL for ease of use).

The sender will then use CyberChef to enter the secret, have it encrypted using the recipient’s public key, then send the encrypted text to the recipient.

The recipient will then use CyberChef to decrypt the text using their private key.

Generate your PGP Keys

Visit https://gchq.github.io/CyberChef/#recipe=Generate_PGP_Key_Pair('RSA-2048','','','')

Copy and save the Output private & public key blocks

For this example, our public and private keys are:

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: Keybase OpenPGP v2.1.13
Comment: https://keybase.io/cryptoxcLYBF/F4GoBCACwnIKj/5XR7/xjgmMdACgg7Dsj7RTq4F7FZAI3E1RpcM6oA3q+
MvS8RHPqouW99iGw5fwF8iCxmaNYeMMah/z2MA5HMjsXy9m6v4LkpvQBTgnq8g+b
IgbK10CPf5wlhkxjEXSQesB0IY7VV03JSRtz5fSlQYvoj8XBbSw/0QfE4I1pMt/b
zdVtLlFJowyyUuHwfno7TDG9O70+NmNVXLV0Iv96JRH2zZ3tAjL3i5CX70GlyGTP
CTAIeXPE9moBlxyvT0C07rtLnTVgDeVz7NuakPEniqiBlbk7eGD8xonPkuWmhSog
LGIhZRr7MtQaCkrh6guTFcExhbx9M9iNthBjABEBAAEAB/43vRWAA7x5duetUivM
rc18YoHhu0PEQw619nO6hRe5dVhLb1mwKG3T8ziwPzwJwWHtrg/lon6N/qKuW+Kb
f3qnChCfiKtcvcHYLfP2DPjqZoI7y6yANfN11gxynYAe2a1HAO3MYWlW3XZyP2z1
z2RiJhuZgj/RJHrxqm5yL5rnl741UXSrTTEaF0zEYKqj0dhtGwUPXMD/1Pw7Z4Ux
Tt4k5dxdhfvynrMitKi+wcrohm9iMFDn98gx4sl7NHVsiBV839t0CE1Fm+khC3b5
ZEQOH1UKYnuh4TdhLUqwnBhwnYpDoqoib57nAQjZbLyMw/9dhz0a2AkuMgk/C1hr
aUpVBADrEThat0DPzxzBZ6AWJPXe0fjNunelm8vSBAvMm0QqG1x4+vlUzV4gstJ9
XwDTN+GUdpfPWuyvz2+QNv2IH85iOMOoSRd2hK3wK8UdTj7OcO1cfRaQ01YBU0eV
aQNmBWBEE99iqanKByUW9TlhEAcuvXaLTZqmromtT8sf4liFRQQAwFau4/dSHvS1
fChrRr/OWHDXpQ9XbgqAtR3DoR6b3wlwUoiGB5PO1RScvssD1AcD3my8+za//KJt
3BQ2y/mKq3ZvkdzghEdJyWQtDpx/C063OispamK1KSIc6DGu6kcFLZRYF2rN9B/F
X6nLp5xG5bB7wtV/gm0cmvmKw8l2tYcD/A3fiuBytilSIXQHqR5ZTsKX7Fn6vqDk
0iw8qriTXl2SIzJ+h3SP0IPUJA0q38xhx5MU1JD8obZEJwUCtQWaLqHZ2gIBvZBc
vHeQiuqFN6QAoNsk7cMlNuFoblmG8FuC63XeAUYc5SLewkM1s41RC7gleCmddDZy
JS1Qj1glQq8iPKbNAMLAdAQTAQoAHgUCX8XgagIbLwMLCQcDFQoIAh4BAheAAxYC
AQIZAQAKCRButzEM/n0MF0tdB/94PoeoaOackyFUiXDOoA6j6FbBb1f24f+vjddz
tIN9JaFEs6FUJYiUBZjuSpleBvHE3XGMLpWfIUMQUkUtRpUqA0nybz8ceCjdVnM7
y/MMYEzdLrRtuungfxh7ebprX6q4nUyfGjXNjACo9Jd/PQL2hae+7oeSarwtZtd5
lQ/kiHFbNptBPTsRIIcW9BAyIFvbcYgunzqFfBdGUKtNr3dqJxjtO4fa+iVrMquq
Z4xl3gw4fuVy3BiPiUtVmDyh28wQtBvvVCfnkujH4TE4AUmh3upFy/052lRdIq4d
j0XYUIybf1h05hSjSxOICivvAxq+9QufDNjb7gjV/lYPmo6Vx8EYBF/F4GoBBADa
GxFv2UyEWPxdU9jIP1ggBwyqILPU3csEn8ZsTXJ4sN9nfVnNCxN9jWTq67CnaiPj
ROEWpf8TrvkLecc2MzGJAwQ8YaRN/n+xhwo/XIozwa3zkH1bBh9DWjaTNh4wyamH
NmAm1O7qnbWoXhoITO9sRq99/W337xsdDrQi/k2SoQARAQABAAP+IDMFfKkXU3qn
rJznpjiOfrv2XK998nEuuxII2I2z1qmWHHs0ZMG7249M/3moQi8N+UwpRuS0JxMa
kAfR0eig6T7D72n2frOoQJZXLvKZUfzoVJ6tHxCaDZawnPCL5JW134fM4f6eiBPE
tcyJD7poKk7ZvzQwk7rCneU7x4JPqzkCAPwmBImhwODxXheP75jWZwmMsfxQQJSG
3CyDiXKg4RmeHsy6/wywP2g+SyfSnfiKCO0NUAp2HNtHCBE7tsJRswsCAN1v7qAh
giPGaaCymZdHg4cMfVB3LYTqht/Z/uJ+vtN80FEvoTmHSgsX5MpbMyHuwxrfCKlC
VM56nY7YTu7VXIMB+wdvV/9qyZoxdFckU9pVI/30y2ZZPJg1t4AwavmXjH/XjbXW
IF5xzuVMcipMhKH4NSEQMqtPBGVKv8tu4e3Lb7+ndMLBAwQYAQoADwUCX8XgagUJ
DwmcAAIbLgCoCRButzEM/n0MF50gBBkBCgAGBQJfxeBqAAoJED+42m2fjr0SjKsE
AKVRMsbNQrwH6NUnKQAHBiajBHslosOG/hPIb7EPaYDGACIRlM+Sm0iLrHa2uUUF
caGZpqnqfz8oy3zBJAEj/rstBRDHEzJw0C5QUjmhxeaA2EDOP0GnUmaT4RXjNQiv
IFW2mLMkM7UadrMmQAdgYx0TNhbwwxW09vi2i9mZ2oHmtQwH/AvAvALFRYs1tFMO
uvyOPKzwKWGnDimUTbktoUrVBnXcvXvObjFmmXxPfh1XJkEs1baDubk7VtUoWb9a
2QAvP8Sx6mOke13GeDcz+elT0j0co92WDW5MiR4XKU39Ncsp2eAx8/NoiQrfB86q
kY1zqJBogelelPx9vQMWvoic9U+kfhkACO1+2pr/XuPWyvrt+cW2HvyyZup8o1uk
bqehdFUCbXw0ez9Ho6wJu6OwpzYSewW+b2iKMgoo+vDesugcbFHAQhKUp7icR4ZS
dG8tjwMM6+UJIamgMcxeU2SdEsGAX1ZldOI3l/VlYHnc5oXUB4paaicbezh7SH/G
GEyQfAHHwRgEX8XgagEEAL7d/fD7OaABa4u874XxfjhU8z6vtE3YYLRQv04RSuip
pwu1+EkL3DRMneLXBi19gvoQ1kKjSfxLLUT3vk5loxl3EVn6K9BVC+0HSk6pCGkc
tNhgXAvytW1JCBKjR5ETfsSFTUI5nB6gdilD85hZ/Z0o+8B6loQRsbvyChAqlYvF
ABEBAAEAA/9FlQCC3dOANYRTiSl5FzUArFeRPtTonD2E/vr/Jua8Mz0m08wUNTKu
DlBw5hrmcp9RMtopqQXL6Ew0nGzQf9UZThtjbRe7rj/B9QrzhRbz4/cKh2bJBaJk
s++EMJyYX7EMaUIHL0nWu4f2EIA5bDb6j4pYfK2tetgnPmfoOOg18QIA6UWGm4oY
n1ZhuapZzChGF+ILZF7EbvrDLlegpL11WiCqFdRDLOd2v60XSn5UDYhZPfTNaujC
MCBA2vjAUaN6OwIA0XbGop2uN3Nz2bkQ73M4X95YmDLDdbhpJaivte1RS6HHAY3+
Iq6BVSm+haCIyJMxwvGa6N4fZSEqnYbu4/Sx/wIAuH5a8GQobN64hE6NVywz4Gmw
Aeb4nvnkFDajSlnNVSCI5P1oTteYC2s1EbL8O9jmjwpoScWMC59TRnOQI31xxKJc
wsEDBBgBCgAPBQJfxeBqBQkDwmcAAhsuAKgJEG63MQz+fQwXnSAEGQEKAAYFAl/F
4GoACgkQyInTOFqAuZ9XdgP+Nux3QdNTNSU0HTspg6Nz0iWpbEQTO1ryoRi5zN+G
JmtECtYHYliIOg/xDzNTAA4uEyQhOgy2fhwxJagWg4vHzoCYRgxa2/yh8JjKKqNb
jTnQ9X2/aGZ8NRUkpHAyq920nicTLbybvMUM2GfTGi7qI7n3xkXgzDIFrhtuMbdg
ilU7Rwf9EfYSqx7PHst3FmSb0Rzb/d1Zcp2b0Rct54/+adNhpTKASzowLp+BMOao
AHxTLwjym3VAYJ9PiFFlIh8FbjQJIgE0qNo9kuAuoP/rbPJXK2NwPTqMQ6a+yT8V
+kQ+6X+wi0REfOOEz+NmjrOjKUUD+pey18s2ATtGdjDIhgiSiTE8VgC50aXzDXGM
Fkc0fKKe8aQioTSRvMAV7GQ0OZEvxhAHLabXcqImjRgNOVVFe27GK0z/QU+BNCSi
4JllJIjCLc5BKf8t8vlrgHe0DL2nukaGWgGqLf26rYXJ0j5Ny4BdA1/r6JmcwzqB
+bhGYcClMYVLWl4yMTThvITY1u0p/w==
=rT3G
-----END PGP PRIVATE KEY BLOCK----------BEGIN PGP PUBLIC KEY BLOCK-----
Version: Keybase OpenPGP v2.1.13
Comment: https://keybase.io/cryptoxsBNBF/F4GoBCACwnIKj/5XR7/xjgmMdACgg7Dsj7RTq4F7FZAI3E1RpcM6oA3q+
MvS8RHPqouW99iGw5fwF8iCxmaNYeMMah/z2MA5HMjsXy9m6v4LkpvQBTgnq8g+b
IgbK10CPf5wlhkxjEXSQesB0IY7VV03JSRtz5fSlQYvoj8XBbSw/0QfE4I1pMt/b
zdVtLlFJowyyUuHwfno7TDG9O70+NmNVXLV0Iv96JRH2zZ3tAjL3i5CX70GlyGTP
CTAIeXPE9moBlxyvT0C07rtLnTVgDeVz7NuakPEniqiBlbk7eGD8xonPkuWmhSog
LGIhZRr7MtQaCkrh6guTFcExhbx9M9iNthBjABEBAAHNAMLAdAQTAQoAHgUCX8Xg
agIbLwMLCQcDFQoIAh4BAheAAxYCAQIZAQAKCRButzEM/n0MF0tdB/94PoeoaOac
kyFUiXDOoA6j6FbBb1f24f+vjddztIN9JaFEs6FUJYiUBZjuSpleBvHE3XGMLpWf
IUMQUkUtRpUqA0nybz8ceCjdVnM7y/MMYEzdLrRtuungfxh7ebprX6q4nUyfGjXN
jACo9Jd/PQL2hae+7oeSarwtZtd5lQ/kiHFbNptBPTsRIIcW9BAyIFvbcYgunzqF
fBdGUKtNr3dqJxjtO4fa+iVrMquqZ4xl3gw4fuVy3BiPiUtVmDyh28wQtBvvVCfn
kujH4TE4AUmh3upFy/052lRdIq4dj0XYUIybf1h05hSjSxOICivvAxq+9QufDNjb
7gjV/lYPmo6Vzo0EX8XgagEEANobEW/ZTIRY/F1T2Mg/WCAHDKogs9TdywSfxmxN
cniw32d9Wc0LE32NZOrrsKdqI+NE4Ral/xOu+Qt5xzYzMYkDBDxhpE3+f7GHCj9c
ijPBrfOQfVsGH0NaNpM2HjDJqYc2YCbU7uqdtaheGghM72xGr339bffvGx0OtCL+
TZKhABEBAAHCwQMEGAEKAA8FAl/F4GoFCQ8JnAACGy4AqAkQbrcxDP59DBedIAQZ
AQoABgUCX8XgagAKCRA/uNptn469EoyrBAClUTLGzUK8B+jVJykABwYmowR7JaLD
hv4TyG+xD2mAxgAiEZTPkptIi6x2trlFBXGhmaap6n8/KMt8wSQBI/67LQUQxxMy
cNAuUFI5ocXmgNhAzj9Bp1Jmk+EV4zUIryBVtpizJDO1GnazJkAHYGMdEzYW8MMV
tPb4tovZmdqB5rUMB/wLwLwCxUWLNbRTDrr8jjys8Clhpw4plE25LaFK1QZ13L17
zm4xZpl8T34dVyZBLNW2g7m5O1bVKFm/WtkALz/EsepjpHtdxng3M/npU9I9HKPd
lg1uTIkeFylN/TXLKdngMfPzaIkK3wfOqpGNc6iQaIHpXpT8fb0DFr6InPVPpH4Z
AAjtftqa/17j1sr67fnFth78smbqfKNbpG6noXRVAm18NHs/R6OsCbujsKc2EnsF
vm9oijIKKPrw3rLoHGxRwEISlKe4nEeGUnRvLY8DDOvlCSGpoDHMXlNknRLBgF9W
ZXTiN5f1ZWB53OaF1AeKWmonG3s4e0h/xhhMkHwBzo0EX8XgagEEAL7d/fD7OaAB
a4u874XxfjhU8z6vtE3YYLRQv04RSuippwu1+EkL3DRMneLXBi19gvoQ1kKjSfxL
LUT3vk5loxl3EVn6K9BVC+0HSk6pCGkctNhgXAvytW1JCBKjR5ETfsSFTUI5nB6g
dilD85hZ/Z0o+8B6loQRsbvyChAqlYvFABEBAAHCwQMEGAEKAA8FAl/F4GoFCQPC
ZwACGy4AqAkQbrcxDP59DBedIAQZAQoABgUCX8XgagAKCRDIidM4WoC5n1d2A/42
7HdB01M1JTQdOymDo3PSJalsRBM7WvKhGLnM34Yma0QK1gdiWIg6D/EPM1MADi4T
JCE6DLZ+HDElqBaDi8fOgJhGDFrb/KHwmMoqo1uNOdD1fb9oZnw1FSSkcDKr3bSe
JxMtvJu8xQzYZ9MaLuojuffGReDMMgWuG24xt2CKVTtHB/0R9hKrHs8ey3cWZJvR
HNv93VlynZvRFy3nj/5p02GlMoBLOjAun4Ew5qgAfFMvCPKbdUBgn0+IUWUiHwVu
NAkiATSo2j2S4C6g/+ts8lcrY3A9OoxDpr7JPxX6RD7pf7CLRER844TP42aOs6Mp
RQP6l7LXyzYBO0Z2MMiGCJKJMTxWALnRpfMNcYwWRzR8op7xpCKhNJG8wBXsZDQ5
kS/GEActptdyoiaNGA05VUV7bsYrTP9BT4E0JKLgmWUkiMItzkEp/y3y+WuAd7QM
vae6RoZaAaot/bqthcnSPk3LgF0DX+vomZzDOoH5uEZhwKUxhUtaXjIxNOG8hNjW
7Sn/
=P4Wt
-----END PGP PUBLIC KEY BLOCK-----

The Sender Encrypts the Secret

Go here https://gchq.github.io/CyberChef/#recipe=PGP_Encrypt('')

And paste in your public key e.g.

Your browser address bar will update, such that visiting its URL will open CyberChef with this current configuration (link for our example)

Copy this URL

It’ll be quite long, so you’ll probably want to use a URL shortener like tinyurl.com in order to send it to the sender. Do so and request them to paste the secret into the Input box, and to send you the resulting Output.

The output will be encrypted with your Public Key, and can only be decrypted the person possessing your private key (you).

(and maybe gchq and github if we’re being paranoid)

For example, if the secret is xx this is my very secret phrase! xx their screen would look like this:

And the sender should send to you, from the Output box

-----BEGIN PGP MESSAGE-----
Version: Keybase OpenPGP v2.1.13
Comment: https://keybase.io/cryptowYwDP7jabZ+OvRIBBACAo1zKVSxap4VruRTu8AWoIGTH6UayvXYiVj4r2KBpgfSm
99UYzc8XmtK+sP96ZKEWYSGMqhgegx/p6oTHkQo5A5+EXMpjvOabMJ3Nf8buOghY
2pxMForKiw3ltaavm6JlKwy9Cvb6EUd3Bqt3591Y0wvOXkuWBpERe+qxY8HX9tJf
AXkID98UJwRDFuiUdElUwOuE/ZwKBsALFQN2a/kI2EoEihnzadTary+kHC1ZGxCm
EOBF1WFLfW0/iYBmkoXLfVHAaT09dY2KkcSTwQru80Gb5zJePid2PFJC3JEqlhk=
=t2i3
-----END PGP MESSAGE-----

Decrypt the Secret

Go here https://gchq.github.io/CyberChef/#recipe=PGP_Decrypt('','')

Enter your private key, and the encrypted secret from the Sender, and you will receive the unencrypted secret.

Voila!

Encryption
Cybersecurity
Easy
Secrets
Secretos

--

--

Nick Doyle

Written by Nick Doyle

67 Followers

Cloud-Security-Agile, in Melbourne Australia, experience includes writing profanity-laced Perl, surprise Migrations, furious DB Admin and Motorcycle instructing

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams