This action might not be possible to undo. Are you sure you want to continue?
Public Key Encryption
Classic methods for encryption only use one key for encryption. The sender encrypts the message with this key. To be able to decrypt this, the receiver needs to have this very same key. This key must have been given to the receiver in a way, that others won't have had the opportunity to obtain this key. If somebody else does have the key, this method of encryption is useless. The use of so-called Public Keys can solve this problem. Public Keys is a concept where two keys are involved. One key is a Public Key that can be spread through all sorts of media and may be obtained by anyone. The other key is the Private Key. This key is secret and cannot be spread. This key is only available to the owner. When the system is well implemented the secret key cannot be derived from the public key. Now the sender will crypt the message with the public key belonging to the receiver. Then decryption will be done with the secret key of the receiver. Crucial in this concept is that the secret key remains a secret and should not be given away or become available to anyone else but the owner of this key. YOU CANNOT SEND THIS KEY OVER THE INTERNET. Also it is very unwise to use GnuPG over telnet (you might consider never to use telnet based on the high security risks).
In order to prove that a message was really sent by the alleged sender the concept of Digital Signatures was invented. As the name says a message is digitally signed by the sender. By using this signature you can check the authenticity of a message. Using this will reduce the risk for Trojan horses (a message that claims to be a patch to a certain problem but actually contains a virus or does something bad with data on your computer). Also information or data can be verified as coming from a legitimate source and thus be regarded as real. A digital signature is made through a combination of the secret key and the text. Using the senders public key the message can be verified. Not only will be checked if the correct sender is involved, also the content will be checked. So you know that the message comes from the sender and has not been changed during the transportation process.
Web of trust
A weak point of the Public key algorithms is the spreading of the public keys. A user could bring a public key with false user ID in circulation. If with this particular key messages are made, the intruder can decode and read the messages. If the intruder passes it on then still with a genuine public key coded to the actual recipient, this attack is not noticeable.
gpg --gen-key (use defaults for all) [fred@mail . Elgamal is used for encryption and uses the public key system or asymmetric Keys are located in the users home directory in /home/user/. gpg --help Creating keys When you create a key with gpg it creates 2 keys • • public key secret/private key (need passphrase. To be absolutely positive that the key is correct you have to compare the finger print over reliable channels before giving absolute trust. • • DSA is used for signing. you can trust the signature.doc 2 . Commands gpg help options To find out what options are available type the following. A public key can be signed by other people.gnupg]$ gpg --gen-key Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) 147699146. This signature acknowledges that the key used by the UID (User Identification) actually belongs to the person it claims to be. it operates on message hash and uses public keys to decrypt signatures and compare.gnupg/ • • secret key is kept in the file secring. Only when you can trust the key of the signer.4LNX2 openGPG The PGP solution (and because of that automatically the GnuPG solution) exists in signing codes.gpg public keys are kept in the file pubring. It is then up to the user of GnuPG how far the trust in the signature goes. You can consider a key as trustworthy when you trust the sender of the key and you know for sure that the key really belongs to that person.gpg To create your key type the following. the default is to use DSA and Elgamal. and entropy) You are asked during this process to select the type of key.
.. the prime generation.. ELG-E keys may be between 1024 and 4096 bits long. We need to generate a lot perform some other action utilize the disks) during random number generator a of random bytes. ..pdn Comment: 4LNX2 You selected this USER-ID: "Fred Derf (4LNX2) <fred@networking..4LNX2 Your selection? 1 DSA keypair will have 1024 bits...pdn>" Change (N)ame....++ +++>++++++++++... (C)omment... move the mouse.... this gives the better chance to gain enough entropy. It is a good idea to (type on the keyboard. Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf. 0 = key does not expire <n> = key expires in n days openGPG <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key.++++++++++++++++++++......doc 3 ..++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++....++++++++++++++++++++.de>" Real name: Fred Derf Email address: fred@networking.. the software constructs the user ID from the Real Name...... (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key... What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid.+++++ 147699146.+++++....
...doc 4 ..+++++..gnupg/pubring... type the following command.. 0m.+++++ +++++..pdn> 2048g/4EDE3EF6 2009-04-08 To list your private key..gnupg]$ gpg --list-keys /home/fred/. the prime generation. gpg: checking the trustdb gpg: 3 marginal(s) needed.++++++++++. 147699146.. 0q..+++++^^^ gpg: key 078BBFEE marked as ultimately trusted public and secret key created and signed.+++++++++++++++++++++++++++++++++++..+++++++++++++++....++++ +.++++++++++.. It is a good idea to (type on the keyboard.++++++++++++++++++++. 1 complete(s) needed.4LNX2 We need to generate a lot perform some other action utilize the disks) during random number generator a openGPG of random bytes.... +++++.++++++++++>+++++...++++++++++>.gpg ----------------------------pub uid sub 1024D/078BBFEE 2009-04-08 Fred Derf (4LNX2) <fred@networking... 0n. this gives the better chance to gain enough entropy... 1024D/078BBFEE 2009-04-08 1504 A499 8E14 Key fingerprint = A523 3623 55D8 B530 C852 078B BFEE uid sub Fred Derf (4LNX2) <fred@networking.......>.... gpg --list-keys [fred@mail .pdn> 2048g/4EDE3EF6 2009-04-08 [fred@mail ...++++++++ +++++++..gnupg]$ List keys To list your public keys type the following command. PGP trust model gpg: depth: 0 1u pub valid: 1 signed: 0 trust: 0-. 0f. move the mouse.+++++.+++++..
To export your public key in ASCII format to STDOUT. this may be done over the phone or through some other means as long as you can guarantee that you are communicating with the key’s owner. To export your public key type the following command. We need to convert this file to ASCII so that it can be sent through email or published on a web page.gpg ----------------------------sec uid ssb 1024D/078BBFEE 2009-04-08 Fred Derf (4LNX2) <firstname.lastname@example.org/secring.pdn> 2048g/4EDE3EF6 2009-04-08 The fingerprint is used to validate the key you have received from another user.gnupg]$ gpg --list-secret-keys /home/fred/.gpg ----------------------------pub 1024D/078BBFEE 2009-04-08 1504 A499 Key fingerprint = A523 3623 55D8 B530 C852 8E14 078B BFEE uid sub Fred Derf (4LNX2) <fred@networking. gpg --export Notice how the key is send to STDOUT and that it is a binary file. gpg --export --armor To export your key as ASCII and to save to a text file type the following command.pdn> 2048g/4EDE3EF6 2009-04-08 Exporting key You need to export your public key so that other users may add you to their keyring.doc 5 . 147699146. “TRUST” To list your fingerprint. type the following command.gnupg]$ gpg --fingerprint /home/fred/.4LNX2 openGPG [fred@mail . type the following commad.gnupg/pubring. [fred@mail .
4LNX2 openGPG gpg --export --armor >> freds.pdn> sub 2048g/3A88FFA9 2009-04-08 pub uid sub 1024D/078BBFEE 2009-04-08 Fred Derf (4LNX2) <email@example.com gpg: key 078BBFEE: public key "Fred Derf (4LNX2) <firstname.lastname@example.org> 2048g/54954A6A 2009-04-08 pub 1024D/BEDF6EB5 2009-04-08 uid Lecturer (4LNX2) <email@example.com/pubring.key Importing keys A public key may be added to your public keyring with the import option.doc 6 .gpg ----------------------------pub uid sub 1024D/F708B71D 2009-04-08 Greg Lynch (4LNX2) <firstname.lastname@example.org> 2048g/4EDE3EF6 2009-04-08 147699146. [greg@mail ~]$ gpg --import freds.key cat freds. Type the following commands to import another users public key and then confirm it has been added to your public keyring.pdn>" imported gpg: Total number processed: 1 gpg: imported: 1 [greg@mail ~]$ gpg --list-keys /home/greg/.
doc expires: never validity: unknown 7 . etc.4LNX2 openGPG Validating keys Once you have confirmed the fingerprint for a users public key you will want to validate this key to stop warning messages. Fred Derf (4LNX2) <fred@networking.) 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu Your decision? 5 Do you really want to set this key to ultimate trust? (y/N) y pub 1024D/078BBFEE usage: SC created: 2009-04-08 trust: ultimate 147699146.pdn> Please decide how far you trust this user to correctly verify other users' keys (by looking at passports. [greg@mail ~]$ gpg --edit-key email@example.com> Command> trust pub 1024D/078BBFEE usage: SC created: 2009-04-08 trust: unknown sub 2048g/4EDE3EF6 usage: E created: 2009-04-08 expires: never validity: unknown expires: never [ unknown] (1). Fred Derf (4LNX2) <fred@networking. Type the following command to validate a users public key.pdn pub 1024D/078BBFEE usage: SC created: 2009-04-08 trust: unknown sub 2048g/4EDE3EF6 usage: E created: 2009-04-08 expires: never validity: unknown expires: never [ unknown] (1). checking fingerprints from different sources.
type the following commands.pdn> Please note that the shown key validity is not necessarily correct unless you restart the program.txt Welcome to 4LNX2 I hope you have a good time See you after the holidays Confirm the contents of this file [greg@mail ~]$ cat plain. First create a text file to encrypt [greg@mail ~]$ cat >> plain. (you may use "-r") Current recipients: Enter the user ID. Fred Derf (4LNX2) <firstname.lastname@example.org 8 End with an empty line: fred derf .4LNX2 sub 2048g/4EDE3EF6 usage: E created: 2009-04-08 expires: never openGPG [ unknown] (1).txt You did not specify a user ID.txt Welcome to 4LNX2 I hope you have a good time See you after the holidays Encrypt the text file for the user fred derf [greg@mail ~]$ gpg --encrypt --armor plain. Current recipients: 147699146. Command> quit [greg@mail ~]$ Encrypting documents To convert a plain text file to an encrypted file so that only a certain user may decrypt it.
asc View the contents of the cipher text file [greg@mail ~]$ cat plain.txt plain.4LNX2 openGPG 2048g/4EDE3EF6 2009-04-08 "Fred Derf (4LNX2) <email@example.com 9 .5 (GNU/Linux) hQIOAzsni5VO3j72EAf9HQ6MB0hpQOqCd9jBMEBVPWsi+xjjjYM9BYyJCAl760Of hQE+hPtiUSqrRUwMCCbm2TcdlPnNRa2m60pBHN4P0rjeGDjhs5ZfYskIHaEWyRH1 mCNWqHkxPpPHEl1CmVHZ463IG52d0pHHpeNTFHTmbohM/8sNVpnF4WQbEDLcyvSK nkpMbfIxzSJTDx5YwDM9cO8NZihYsQ8epz4xbK8lgwO/YHqfjk5iBvq9tHGUf3/d R6FmkRtn+sELk3vUhkfOHIGCH00VRy3Xv47XWogTDk+pIMwEtRV8qWlsUsY+Ld9b YkdQjRjC/f+rz5g1E8uHCetONgCgHC0VOBpbRXksgAf9GhxHeGFFFPmSQJuvPKL4 CJLpHUOFnec+4RceRKp/ZAASeSL2s9Izn9KpXWXw7vlEETs0kVCQL8PRGoi/UOoT 4XFnjeIP5Dv2BrQDWBpR2Anf9huJZA0Xj7O2SiRYac4nwMP99gXItar+QNDa4jog nWh0e6O/uo6xx7MfITp8I3WvfwdvcCVVFm6wZPut6kstnsuxIEmHMNg7g4lfWV+3 PwPcAHtd6MnoZ10s97KarSmnJBn7fLnyPFdXVw3AnejgdVKUeMNOl2J/b9hK/rDv 0brgGZ7zdWD3cb0/BatH0ZDONzUho6Rriwuj62EoyPysKWpPlEtYwjUF88EXL/0d IdKHAezSEAwpYk4hhX31rTTCLK4AIuJDfx2n4vJXT2WbLJIGkQKjgxpWj4bQ97eU d3uMT98Xm0pu6gAMmYr+hj+TdO9VUkUYpCPtYssOJejjmLpgx6NXZFtXJuUQ7fkP zGs+2Fj8mYc3kxlKYffv0M6ioVVCGql8pmrT+yd/WY9SmPCGaQb6q6Xf =eJFc -----END PGP MESSAGE----[greg@mail ~]$ 147699146. [greg@mail ~]$ ls freds.pdn>" Enter the user ID. one cipher text. one plain text.txt. End with an empty line: Notice now that we have two files.key plain.asc -----BEGIN PGP MESSAGE----Version: GnuPG v1.4.
Enter the following commands to decrypt the file. created 2009-04-08 (main key ID 078BBFEE) gpg: encrypted with 2048-bit ELG-E key.txt. This will encompass message with itself with signature Type the following command [greg@mail ~]$ ls plain.txt 147699146.asc (note with the --decrypt option the file will be decrypted to STDOUT) You need a passphrase to unlock the secret key for user: "Fred Derf (4LNX2) <firstname.lastname@example.org (ciphertext file) back to plain text. ID 4EDE3EF6. created 200904-08 "Fred Derf (4LNX2) <fred@networking. a verification of the signature will fail. ID 4EDE3EF6.txt. Since this file has been encrypted with fred’s public key he will be able to use his private key to decrypt the plain.txt Welcome to 4LNX2 I hope you have a good time See you after the holidays [fred@mail ~]$ Digital Signatures A digital signature certifies and timestamps a document.asc [fred@mail ~]$ gpg plain.pdn>" 2048-bit ELG-E key.4LNX2 openGPG Email this file to the user fred. [fred@mail ~]$ ll -rw-rw-r-.txt.doc 10 . If the document is subsequently modified in any way. A digital signature can server the same purpose as a hand-written signature with the additional benefit of being tamperresistant.pdn>" [fred@mail ~]$ cat plain.1 fred fred 2094 Apr 9 01:26 plain.
created 2009-04-08 You did not specify a user ID. ID F708B71D.doc 11 .asc -----BEGIN PGP MESSAGE----Version: GnuPG v1.4LNX2 [greg@mail ~]$ gpg --encrypt --armor --sign plain.txt You need a passphrase to unlock the secret key for user: "Greg Lynch (4LNX2) <email@example.com>" Enter the user ID. End with an empty line: Check to see the created file [greg@mail ~]$ ls plain.5 (GNU/Linux) hQIOAzsni5VO3j72EAf+Pd2g7MgapbtLoKNPO5Uo9RM+xpoOppium1LJXIQDmHhf z+aqaEUCBImK3N5ke1oQYJKsQDTjeBJIXgCsS/eYAKAQT4L+AJZgwef0/8GxTg0G Z4ihUxkMaMlnW/LGWgm520DO7j5a+CR5vsdWMi0Tq8VYBrYw+kW+GfhyIOdDqCCq 0UMFSMa4noY1rE6X9IPmf8p3tLRmavHA7ppiPEUfWr4NWJUgQntsfUtnFhFKRGs0 oIJ6Zmo6t8y5ITkDlYl/V0dqD1LA6UsEmbWuPhsaRveMmTRU9iFGgdRCQExeHgZk 9sxblln1ImxvS5oen2bgCHbGYAVcb04L0PtMNo0iKwf/Rn4i/PaMQgPlm6O+VC50 DDFxVpQ8gr137XTjvTAj+hZIfRDe4hFhiT2thyofHSIRgmVhseP3SA6JXj1g+uT+ mVhVLYDFI39fp8sluTfRd1uDQpwLm055+DoUCzaGOi1+yeh5G/1+mlzUmG3b1nRo RF+jigD5j1rB10urHxf/zL61x12CmDB73AZstGSNPWAoFq4rjnv7XTDXCdRmqCKp 147699146.4.asc Output the file to STDOUT [greg@mail ~]$ cat plain.pdn>" 1024-bit DSA key.txt. (you may use "-r") Current recipients: Enter the user ID.txt plain. Current recipients: End with an empty line: fred derf openGPG 2048g/4EDE3EF6 2009-04-08 "Fred Derf (4LNX2) <firstname.lastname@example.org.
doc 12 .4LNX2 openGPG 089XXAzxAAK3wIil5wPYM9V1Tl6ZLA2BbtBgVYvY0RymE+lEIFelR2zZjCSKk9Gu jIgJ0uU/P5pkEdd7bLMae3EIgr/oUbGR+y8B3r0k3H+HwZnTlSQoz0i/BKAzrt4H O9LqAbQ4tjcA+whU9HzVqkEDN7nwkxPAj9yM3DQj3jHRBGSXJ8aYQr1YQqU/srKS auK5xKNmqtxEW2KeDoDVt9iYroQSSgd6ka2PZlfwcsn21EHq3EdUFKu1DyEYTQ93 v5BG1FNbCXP3h8Vp7x7CHrp5ZB+28PVUYugUlBn69sRhg/AMx6gfkvveogAQTfLN G91MGO5Wiv+hsyZ4sY2wHM/q/ho9d92n31ixBxUjRwL7tK2KNjgOD2EVEgFJCX48 QT1AKFn1yhxQ05rd6SqAtNBIYNcgYNjC/lzUIjopCAC23eNqgdfvS/9CYgz/aH9F f2EmTCA8L8hUv7IxGimdb4L/dPIS6UoNPBrCMkPfEPDLFV801fg2sXwizf28QN8W smNCVzeSSZ0qlpTC5ksqtnRNElcJx1DNt4CVbiOd5M5oWq9B/aWhYZ8DHZ9p7XPu YRI2dSkyn8/DrlSsz8c8WLkCNficv6aSyz7wTU2EDVSNr9JMvXdMguknhagpK05F v4WJm68j3SS2BhVA7ZdLKD8RrFWGMzdHuUJNIK1/RNgkEPy1oHCH1maGouyXchSl CA4SQIjQWYKp9fpsUfnrm06WThKz58xD3WH2+512Lh2f10e1ibvqoMgdwO+1KA/N HU99jASDSpGzl/iScuPkmcxwySBrMxEJGkWSBr6OAAQBO4LTlRMwr1m7i+NyyGvU lgiuZox7EH/iCIC01WpJ2wZXJFUvX6HKSHSd/+XuSBWy1a/T95Fwo/Z53gbD7VsL c6p4u7iYR6pUTc2Q4N8zKU8iwI0eq/EcbyFDgxGwyo1sax7iAB8QwCd9G60klMO2 QwQO922w9vtZiMNV8AuEDgq6gbE0Zb9VdaUMia3mYRCZq63RKgu1uNHjD1tvJXl3 f3QjDqe0cllma/Z1joCPELR5ET7JXfzXhjEA0eru44UKv+1UgoEIdvPxYLveaCGJ 9CcepxT/DTzMtejgd2IhVC6l13J8x1jOubcuvdQ9fvhZ22niCisfVpgVkdBs/ylC M7vwozhEMT8IJ15nMvFl92XOCUnz3JCZtOE+KQv3T/Xo5LJgEFWj0givg56+Tt+6 EWu86yyjTlBS9aAR4tyLKzrQrKFFSNBVzWTumHcNLTFp8QCyJ2rg3TOA0v8zeyWE i791yXp/zF78lk35aHBcQ3QNZeHA2Wo0vWXIclWv1FmcLMpY13KN8UPhiAcvz24Y s1JhofxgA8AZ2pFtK2icrDeuJAhYXpYhe67Ky2JH6Ra2uZl1K2YjDGZ8RM/k2foe +IaVyQ3TByMh2cJwU3kaVU3FQeDrzPxvYYDY34HXxQtQlMzskZPfTqL8rhY2xaaw 3+IHx+v3XVN1tAh/37+XPv4Tsic/VeCq5LQP8DiL20vMrbY5vUV3mwa81F2s5cvc UiRZDG3QJRGQDRY= =jPS8 -----END PGP MESSAGE----[greg@mail ~]$ 147699146.
gpg --list-keys Start Evolution 1. First obtain your key ID by typing the following command. Click Close Send an email to someone.doc 13 . Specify your key ID in the PGP/GPG Key ID field (eight character string) 5. 147699146. Select the account you want to use securely. Click OK 6. then click Edit 3. Click the Security Tab 4. Click Edit > Preferences. then click Mail Accounts 2.4LNX2 openGPG Email this file to the user Evolution To get evolution to automatically sign your emails every time you send an email do the following steps.
Send an email to yourself to test sending and receiving email.doc 14 .70. Logout of root 5.Send an email to the lecturer with your public key.networking.pdn Sending email Server type: SMTP Server: mail.pdn Receiving email Server type: POP Server: mail. 147699146. Export your public key as a text file 8. 10.Import the lecturers public key and trust it.4LNX2 openGPG Class Activity 1. Login as the user you created in step 1 6. On you computer create a user provided by you lecturer (note this account should match the user account created on the MTA (mail server) • • useradd greg passwd greg 2. Configure evolution to connect to the mail server • • • • • • • email account <user>@networking.0.pdn Uncheck: Server requires authentication Finish 9. Change your network to “P” and restart your network interfaces • • service network restart ifconfig (confirm you have a IP address with on the 10. network 4. Open terminal and make gpg keys for your user (use email account from mail server of <user>@networking.pdn) 7.networking. also asking them for their public key 11. Install evolution if it is not already installed • yum install evolution 3.
4LNX2 openGPG 12. 13.12 with a user next to you. 147699146. 14.Configure evolution to sign all outgoing email messages.Encrypt a text file for the lecturers then email the cipher text to the lecturers email account asking for confirmation that he was able to decrypt the message.Do the above steps 10 .doc 15 .
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.