So far we’ve been concerned mainly with securing your computer system. Now we turn to securing your data, specifically, your files. At a basic level, file permissions , enforced by the operating system, can protect your files from other legitimate users on your system. (But not from the superuser.) We’ll provide a few recipes based on the chmod (change mode) command.

File permissions only go so far, however—your file data are still readable if an attacker masquerades as you (e.g., by stealing your login password) or breaks other aspects the system, perhaps using some security exploit to gain root access on the host, or simply stealing a backup tape.

To guard against these possibilities, use encryption to scramble your data, so that a secret password or key is required to unscramble and make it intelligible again. Thus, merely gaining the ability to read your file is not enough; an attacker must also have your secret password in order to make any sense out of the data. We’ll focus on the excellent encryption software included with most Linux systems: the Gnu Privacy Guard , also known as GnuPG or GPG. If you’ve used PGP (Pretty Good Privacy), you’ll find GnuPG quite similar but far more configurable. While the pgp command has around 35 command-line flags, its GnuPG equivalent gpg has a whopping 140 at press time.

GnuPG supports two types of encryption: symmetric (or secret-key) and asymmetric (or public-key). In symmetric encryption, the same ...