Professional Documents
Culture Documents
Experiment No. 13: Design Security Protocols and Methods To Achieve Email Security
Experiment No. 13: Design Security Protocols and Methods To Achieve Email Security
13
Aim: Explore the GPG tool of Linux to implement email security
Objectives:
Understand the need for email security.
Understand the how GPG ensures email security.
Theory:
Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides
cryptographic privacy and authentication for data communication. PGP is often used for signing,
encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase
the security of e-mail communications.
PGP encryption uses a serial combination of hashing, data compression, symmetric-key
cryptography, and finally public-key cryptography; each step uses one of several supported
algorithms. Each public key is bound to a user name and/or an e-mail address. The first version of
this system was generally known as a web of trust to contrast with the X.509 system, which uses a
hierarchical approach based on certificate authority and which was added to PGP implementations
later. Current versions of PGP encryption include both options through an automated key
management server.
GNU Privacy Guard (GnuPG or GPG) is a free software replacement for Symantec's PGP
cryptographic software suite. GnuPG is a hybrid-encryption software program because it uses a
combination of conventional symmetric-key cryptography for speed, and public-key cryptography
for ease of secure key exchange, typically by using the recipient's public key to encrypt a session key
which is only used once. This mode of operation is part of the OpenPGP standard and has been part
of PGP from its first version.
Procedure:
$ gpg --gen-key
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 200 more bytes)
...+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 256 more bytes)
........+++++
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 246 more bytes)
+++++
gpg: /home/it/.gnupg/trustdb.gpg: trustdb created
gpg: key A0FBAFBC marked as ultimately trusted
public and secret key created and signed.
$ gpg --list-keys
/home/it/.gnupg/pubring.gpg
---------------------------
pub 4096R/A0FBAFBC 2018-07-09 [expires: 2019-07-09]
uid sangita (this is gpg) <sangita.sc@gmail.com>
sub 4096R/3E147825 2018-07-09 [expires: 2019-07-09]
mQINBFtDlhgBEADq+sCM1e9vaHwaLP5HhMU84lLmAMBrdPCVlSUfXeU6yez3jYI+
T6d27D3f8EWIP69mkyN6qf82OTIDrWF2fsUV52ob4v6ftPWV1jPNBs0GQ2ZgHa9v
HqI8yhPEfbVY8BMZ0nwdnUzejcthhdfdaM/Ez9VRbIfMERV3+GJwyXX/Gep4I89J
CwiPLzvcO5/dPTv956YMle9uApUwYMU7bzDdaU1YBWHZ5h31LXe5R/8MwdUUKDwo
OC1TeEgTR1JN3filASVVCIQ67bSysQofTOpoeLfTFCv9rv5MKgGHf/Ejxa27p71h
izjBR+fE8O9jkvWOvU+AkDwn75ESXTFFuZ792ofINRyKXBl/Z+Au4L54veI8wGHV
br8IBeSIluHkqZl3vP/J77NB7k3utxM86BcTm25y7z6FK2fLnllsQUNd3mDyLEtv
TdrW2SF1K/CAe3B26LxUJXsCt52RVwa6Sze0QjvuCRpcMtACyuDa6Vd7ljFwlzOP
feRXMrjDAlAah/26mcetpTc3ri81njjQXvf1P/DaOpT2rHsHdn3zvulTt0VH6hrV
+DG2oKwW50ps9NjM4NbqNd2D0aHbrQr1djnexItBrqkOrucQt+XLevM8LAApT/KB
7Ru7ng+uzOAygAQUTZXrCXAGqPDh/7atX6c5whNpcaF+LfwSZ6yLC1XppQARAQAB
tCxzYW5naXRhICh0aGlzIGlzIGdwZykgPHNhbmdpdGEuc2NAZ21haWwuY29tPokC
PgQTAQIAKAUCW0OWGAIbAwUJAeEzgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4
AA
CgkQYuH3Y6D7r7zhYg//ZlwkGZxQRT4UUWSTg2+oZhWaOVqm0dG9f2fQKYSpEGzk
KKkb315siYsevEKS3kjDApAFKjFls6mqMS07+X2YEKlKdFRpjl00fb7SJ/XMosAb
WxCtyANhSsjwlU2HLnVI8Utm1PGxr5iz19z5++83dZulhigY51yESbk+1Ed7b8tM
3Kf/Wa5qrung8YPDWXab/FGxDbPOLs67cJ5twRRO/GjrvrsQ/gX6Btpb/ns8Y8Lg
Awa9+2Gruk1LTIUntX8caW8PWrllUeIA650+dh3mXUHruCX89F+SnloAO0V51Na8
yxaLDSA8ZyhQs1M8J/f8O13WhC7otlhzlzjf0pImXHQqT29pLCH0BEi3prdkLEzb
Jd9ZHM50iHU7O07HTDJ2iv525d6wWnoNMXk1UJMHK6oIUcyRpJs2PebHP0QlZx2W
vE/4WuQeDakjO2+EYU3Ba49UVg3cnH7x4yj3aR3/GJd9GNQs0X7aA+T/YzPsiSPv
HyM2XOHseVL3JU0cO3WKaR1dKiVdBZKlnwL29d7MLf7vLik1QGclMRpVLLISBTXk
sqT28glcMhRX/v2snZNXAB3SXtzoHjjIwT+VzR591tmftyyYluhvkbWl7yZHVc40
GUB6g4ULFaiLvHPr+tl8xeQFppbP/59BH9Tn8Qpq7rPHH6WvKTkCH6mm7FiokpC5
Ag0EW0OWGAEQAMjQzpOwi/CF6qLpqP2riH2zhBqg4dxghEsJsen1ldEACaHJRFzG
kYaxQVS271om2BljpE4ZmniwOsAy0IpeceHWIjvgNNEIrsGg+7yA1s+2ydhJXCjp
xCLyUzlvihfjRRSnnYCkdTB4Saj+fpO+iTckHTKs0Ajbo93nrISpX0rOrn+rwKah
xbgxX9ViQ9Of9CodMyHyBe7Yedoh2W1ChxZ7Sro3sopOlHRcpj3wqHy4PA5cqkCy
iiD/exUWMI98J2Sh1y562kLYVWBwZYOJFM0RHAD//9of72QMGSno0BQlZj62ow66
eueMzm9Wgswo2fi9CKL/+yRAconPU1fZBRsg2AcLc3S6xIz68CDN9eTJ4g+RLF1A
tfMVPaJvZe2FhUJ+i6GTr7C8MQ67wOxrgPYDcNNaUIGGWxE/jut3/rOPFkWBymVU
9leH7tqa+5T7t8Fe2+lmHoRL+gRZ101JaCzb/ilMempZfXrrQo5UZhLPIre4yazI
FuE/tcRlgFXDQDrUn+jFjCKBNp0WQ+FA8DhXqT3QKzhUf/ZZXO8vbf+DnfycebKk
s2jvdI2nklOWyzSpnRJzaIbqi1mYpT1Xkv4Ml+htsZJj46SVSobnvRPTFVLFrxJF
XPHqCfsZZiV2UYuascQ/vl/7eLRgaVcMRUL9U0Qswfpeqri/7kvbcKNZABEBAAGJ
AiUEGAECAA8FAltDlhgCGwwFCQHhM4AACgkQYuH3Y6D7r7zYFRAAzIsNhjYtDL9/
XFTdTi2tju0qqtAyE98vqcp2s0tBqEop9vbyHjtGvXUD2SxChVCpO5r2NSm63OaO
krDMCFHDhhvMtuFZ7JhdI7js8HesBofqbuBj83NhOKutFdC4e2cG5CiIA/LU9tPa
JguCw4UeNe7adNkjJJcY7Y0VjGJWetIgeH99tMwq7L936Lst9ig9TgMwTUEtWHFr
aHIbz3g6fwdOmzMx71yUQokoVTepu3bjmt+QAksH8eNiluYzD52MpRZPSEkfmmIF
vXvo7Gs2mPkYItaq/wRLYn/UXQPwGX5R7TyFLF61le23QEmM4gYlG/q6ACayqu19
j7A9/anQiogyOss/DYsMKpjcwm1jqN7jvWfwr5GYQdlfbCpAiGOTvpDWY+nmabQ2
1bOfteEIvJOgcQTBvrZFFS72H/krHzH0UikdfmvQpiF2QZ0GGUBR2VQab/2hCIq8
+ZaFx5cA5MG1gy01FT2kjYt++5y5Ekdq1+9xYwF00aM4+ufVHpFYnY85WE46x00c
mveztzPiMMRw84OnEqhh5ebfR2LJGKbd+iyT5IlJMXqJfmR1bkBzp7wSvfGPXUyj
iAyZE2RbzByaT+2Hn26nPzkEl841WkhohwAwKWDs1MuiNaGeyIvnZOCKNBxXY9mt
6jkIjjL1hdBA3U04K7MmHo+6GrcQYGs=
=jpFF
-----END PGP PUBLIC KEY BLOCK-----
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 175 more bytes)
....+++++
...+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++
.+++++
gpg: key 4C8FAA8A marked as ultimately trusted
public and secret key created and signed.
Signing process:
gpg> fpr
pub 4096R/A0FBAFBC 2018-07-09 sangita (this is gpg) <sangita.sc@gmail.com>
Primary key fingerprint: 2B3A 3324 89F9 13A1 9BEA 2BCB 62E1 F763 A0FB AFBC
gpg> sign
"sangita (this is gpg) <sangita.sc@gmail.com>" was already signed by key A0FBAFBC
Nothing to sign with key A0FBAFBC
gpg> quit
$ cat secrets
hello
how r u?
Encryption
Current recipients:
Current recipients:
4096R/3E147825 2018-07-09 "sangita (this is gpg) <sangita.sc@gmail.com>"
it@it-Vostro-1014:~$ ls
a.out Desktop examples.desktop Pictures secrets_san TURBOC3
demo1.nam Documents Music Public Templates Videos
demo1.ns Downloads mypk secrets test.c
it@it-Vostro-1014:~$ cat secrets_san
#
k F # D=7 P # %#0@ # C -bQYz
| #! E h
k6 #h #g $ i YBSxeZ
v #M m<,h:6. 5 # O,r
# h# # F # z # R #U~^Ln 2F z
> # #}t
3 e# # r A W. o#t
" wU#YZ# V 9 #(m &v l& ` #>)
1(&6 H E Fa `ls& {m4E Q#
mn 1
i , fO$ ; d# S#<
@) W ? #yfB W l}
, ;` &it@it-Vostro-1014:~$
Decryption:
Conclusion:
GPG is used for authentication and privacy to messages over the internet. GPG was originated to
address the security concerns of plain e-mail or text messages. Gnupg is used to demonstrate usage
of GPG.