Experiment No.

13
Aim: Explore the GPG tool of Linux to implement email security

Objectives:
Understand the need for email security.
Understand the how GPG ensures email security.

Outcomes: The learner will be able to

Design security protocols and methods to achieve Email security.

Hardware / Software Required: Unix/Linux, gnupg

Theory:

Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides
cryptographic privacy and authentication for data communication. PGP is often used for signing,
encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase
the security of e-mail communications.
PGP encryption uses a serial combination of hashing, data compression, symmetric-key
cryptography, and finally public-key cryptography; each step uses one of several supported
algorithms. Each public key is bound to a user name and/or an e-mail address. The first version of
this system was generally known as a web of trust to contrast with the X.509 system, which uses a
hierarchical approach based on certificate authority and which was added to PGP implementations
later. Current versions of PGP encryption include both options through an automated key
management server.
GNU Privacy Guard (GnuPG or GPG) is a free software replacement for Symantec's PGP
cryptographic software suite. GnuPG is a hybrid-encryption software program because it uses a
combination of conventional symmetric-key cryptography for speed, and public-key cryptography
for ease of secure key exchange, typically by using the recipient's public key to encrypt a session key
which is only used once. This mode of operation is part of the OpenPGP standard and has been part
of PGP from its first version.

Procedure:

Step1: Installation of gpg

$ sudo apt-get install gnupg

Reading package lists... Done

Building dependency tree
Reading state information... Done
Suggested packages:
gnupg-curl gnupg-doc parcimonie
The following packages will be upgraded:
gnupg
1 upgraded, 0 newly installed, 0 to remove and 559 not upgraded.
Need to get 646 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://in.archive.ubuntu.com/ubuntu xenial-updates/main i386 gnupg i386 1.4.20-1ubuntu3.2
[646 kB]
Fetched 646 kB in 2s (246 kB/s)
(Reading database ... 204817 files and directories currently installed.)
Preparing to unpack .../gnupg_1.4.20-1ubuntu3.2_i386.deb ...
Unpacking gnupg (1.4.20-1ubuntu3.2) over (1.4.20-1ubuntu3.1) ...
Processing triggers for install-info (6.1.0.dfsg.1-5) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up gnupg (1.4.20-1ubuntu3.2) ...

Step 2: Generation of Key

$ gpg --gen-key

gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:

(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Tuesday 09 July 2019 10:35:16 PM IST
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: sangita

Email address: sangita.sc@gmail.com
Comment: this is gpg
You selected this USER-ID:
"sangita (this is gpg) <sangita.sc@gmail.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform

some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
...........+++++

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 200 more bytes)
...+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 256 more bytes)
........+++++

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 246 more bytes)
+++++
gpg: /home/it/.gnupg/trustdb.gpg: trustdb created
gpg: key A0FBAFBC marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb

gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2019-07-09
pub 4096R/A0FBAFBC 2018-07-09 [expires: 2019-07-09]
Key fingerprint = 2B3A 3324 89F9 13A1 9BEA 2BCB 62E1 F763 A0FB AFBC
uid sangita (this is gpg) <sangita.sc@gmail.com>
sub 4096R/3E147825 2018-07-09 [expires: 2019-07-09]

Step 3: Listing Keys

$ gpg --list-keys

/home/it/.gnupg/pubring.gpg
---------------------------
pub 4096R/A0FBAFBC 2018-07-09 [expires: 2019-07-09]
uid sangita (this is gpg) <sangita.sc@gmail.com>
sub 4096R/3E147825 2018-07-09 [expires: 2019-07-09]

it@it-Vostro-1014:~$ gpg --armor --export sangita.sc@gmail.com>mypk

it@it-Vostro-1014:~$ cat mypk
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFtDlhgBEADq+sCM1e9vaHwaLP5HhMU84lLmAMBrdPCVlSUfXeU6yez3jYI+
T6d27D3f8EWIP69mkyN6qf82OTIDrWF2fsUV52ob4v6ftPWV1jPNBs0GQ2ZgHa9v
HqI8yhPEfbVY8BMZ0nwdnUzejcthhdfdaM/Ez9VRbIfMERV3+GJwyXX/Gep4I89J
CwiPLzvcO5/dPTv956YMle9uApUwYMU7bzDdaU1YBWHZ5h31LXe5R/8MwdUUKDwo
OC1TeEgTR1JN3filASVVCIQ67bSysQofTOpoeLfTFCv9rv5MKgGHf/Ejxa27p71h
izjBR+fE8O9jkvWOvU+AkDwn75ESXTFFuZ792ofINRyKXBl/Z+Au4L54veI8wGHV
br8IBeSIluHkqZl3vP/J77NB7k3utxM86BcTm25y7z6FK2fLnllsQUNd3mDyLEtv
TdrW2SF1K/CAe3B26LxUJXsCt52RVwa6Sze0QjvuCRpcMtACyuDa6Vd7ljFwlzOP
feRXMrjDAlAah/26mcetpTc3ri81njjQXvf1P/DaOpT2rHsHdn3zvulTt0VH6hrV
+DG2oKwW50ps9NjM4NbqNd2D0aHbrQr1djnexItBrqkOrucQt+XLevM8LAApT/KB
7Ru7ng+uzOAygAQUTZXrCXAGqPDh/7atX6c5whNpcaF+LfwSZ6yLC1XppQARAQAB
tCxzYW5naXRhICh0aGlzIGlzIGdwZykgPHNhbmdpdGEuc2NAZ21haWwuY29tPokC
PgQTAQIAKAUCW0OWGAIbAwUJAeEzgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4
AA
CgkQYuH3Y6D7r7zhYg//ZlwkGZxQRT4UUWSTg2+oZhWaOVqm0dG9f2fQKYSpEGzk
KKkb315siYsevEKS3kjDApAFKjFls6mqMS07+X2YEKlKdFRpjl00fb7SJ/XMosAb
WxCtyANhSsjwlU2HLnVI8Utm1PGxr5iz19z5++83dZulhigY51yESbk+1Ed7b8tM
3Kf/Wa5qrung8YPDWXab/FGxDbPOLs67cJ5twRRO/GjrvrsQ/gX6Btpb/ns8Y8Lg
Awa9+2Gruk1LTIUntX8caW8PWrllUeIA650+dh3mXUHruCX89F+SnloAO0V51Na8
yxaLDSA8ZyhQs1M8J/f8O13WhC7otlhzlzjf0pImXHQqT29pLCH0BEi3prdkLEzb
Jd9ZHM50iHU7O07HTDJ2iv525d6wWnoNMXk1UJMHK6oIUcyRpJs2PebHP0QlZx2W
vE/4WuQeDakjO2+EYU3Ba49UVg3cnH7x4yj3aR3/GJd9GNQs0X7aA+T/YzPsiSPv
HyM2XOHseVL3JU0cO3WKaR1dKiVdBZKlnwL29d7MLf7vLik1QGclMRpVLLISBTXk
sqT28glcMhRX/v2snZNXAB3SXtzoHjjIwT+VzR591tmftyyYluhvkbWl7yZHVc40
GUB6g4ULFaiLvHPr+tl8xeQFppbP/59BH9Tn8Qpq7rPHH6WvKTkCH6mm7FiokpC5
Ag0EW0OWGAEQAMjQzpOwi/CF6qLpqP2riH2zhBqg4dxghEsJsen1ldEACaHJRFzG
kYaxQVS271om2BljpE4ZmniwOsAy0IpeceHWIjvgNNEIrsGg+7yA1s+2ydhJXCjp
xCLyUzlvihfjRRSnnYCkdTB4Saj+fpO+iTckHTKs0Ajbo93nrISpX0rOrn+rwKah
xbgxX9ViQ9Of9CodMyHyBe7Yedoh2W1ChxZ7Sro3sopOlHRcpj3wqHy4PA5cqkCy
iiD/exUWMI98J2Sh1y562kLYVWBwZYOJFM0RHAD//9of72QMGSno0BQlZj62ow66
eueMzm9Wgswo2fi9CKL/+yRAconPU1fZBRsg2AcLc3S6xIz68CDN9eTJ4g+RLF1A
tfMVPaJvZe2FhUJ+i6GTr7C8MQ67wOxrgPYDcNNaUIGGWxE/jut3/rOPFkWBymVU
9leH7tqa+5T7t8Fe2+lmHoRL+gRZ101JaCzb/ilMempZfXrrQo5UZhLPIre4yazI
FuE/tcRlgFXDQDrUn+jFjCKBNp0WQ+FA8DhXqT3QKzhUf/ZZXO8vbf+DnfycebKk
s2jvdI2nklOWyzSpnRJzaIbqi1mYpT1Xkv4Ml+htsZJj46SVSobnvRPTFVLFrxJF
XPHqCfsZZiV2UYuascQ/vl/7eLRgaVcMRUL9U0Qswfpeqri/7kvbcKNZABEBAAGJ
AiUEGAECAA8FAltDlhgCGwwFCQHhM4AACgkQYuH3Y6D7r7zYFRAAzIsNhjYtDL9/
XFTdTi2tju0qqtAyE98vqcp2s0tBqEop9vbyHjtGvXUD2SxChVCpO5r2NSm63OaO
krDMCFHDhhvMtuFZ7JhdI7js8HesBofqbuBj83NhOKutFdC4e2cG5CiIA/LU9tPa
JguCw4UeNe7adNkjJJcY7Y0VjGJWetIgeH99tMwq7L936Lst9ig9TgMwTUEtWHFr
aHIbz3g6fwdOmzMx71yUQokoVTepu3bjmt+QAksH8eNiluYzD52MpRZPSEkfmmIF
vXvo7Gs2mPkYItaq/wRLYn/UXQPwGX5R7TyFLF61le23QEmM4gYlG/q6ACayqu19
j7A9/anQiogyOss/DYsMKpjcwm1jqN7jvWfwr5GYQdlfbCpAiGOTvpDWY+nmabQ2
1bOfteEIvJOgcQTBvrZFFS72H/krHzH0UikdfmvQpiF2QZ0GGUBR2VQab/2hCIq8
+ZaFx5cA5MG1gy01FT2kjYt++5y5Ekdq1+9xYwF00aM4+ufVHpFYnY85WE46x00c
mveztzPiMMRw84OnEqhh5ebfR2LJGKbd+iyT5IlJMXqJfmR1bkBzp7wSvfGPXUyj
iAyZE2RbzByaT+2Hn26nPzkEl841WkhohwAwKWDs1MuiNaGeyIvnZOCKNBxXY9mt
6jkIjjL1hdBA3U04K7MmHo+6GrcQYGs=
=jpFF
-----END PGP PUBLIC KEY BLOCK-----

it@it-Vostro-1014:~$ gpg --gen-key

gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:

(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Tuesday 09 July 2019 11:01:08 PM IST
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: ssc

Name must be at least 5 characters long
Real name: sschaudhari
Email address: sschaudhari@acpce.ac.in
Comment: gpg
You selected this USER-ID:
"sschaudhari (gpg) <sschaudhari@acpce.ac.in>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform

some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 175 more bytes)
....+++++
...+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++
.+++++
gpg: key 4C8FAA8A marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb

gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2019-07-09
pub 1024R/4C8FAA8A 2018-07-09 [expires: 2019-07-09]
Key fingerprint = 72CE 9B82 48A2 47A2 5E58 4650 BDA7 5ED2 4C8F AA8A
uid sschaudhari (gpg) <sschaudhari@acpce.ac.in>
sub 1024R/5D9D9E6A 2018-07-09 [expires: 2019-07-09]

it@it-Vostro-1014:~$ gpg --list-keys

/home/it/.gnupg/pubring.gpg
---------------------------
pub 4096R/A0FBAFBC 2018-07-09 [expires: 2019-07-09]
uid sangita (this is gpg) <sangita.sc@gmail.com>
sub 4096R/3E147825 2018-07-09 [expires: 2019-07-09]

pub 1024R/4C8FAA8A 2018-07-09 [expires: 2019-07-09]

uid sschaudhari (gpg) <sschaudhari@acpce.ac.in>
sub 1024R/5D9D9E6A 2018-07-09 [expires: 2019-07-09]

it@it-Vostro-1014:~$ gpg --import mypk

gpg: key A0FBAFBC: "sangita (this is gpg) <sangita.sc@gmail.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1

it@it-Vostro-1014:~$ gpg --list-keys

/home/it/.gnupg/pubring.gpg
---------------------------
pub 4096R/A0FBAFBC 2018-07-09 [expires: 2019-07-09]
uid sangita (this is gpg) <sangita.sc@gmail.com>
sub 4096R/3E147825 2018-07-09 [expires: 2019-07-09]

pub 1024R/4C8FAA8A 2018-07-09 [expires: 2019-07-09]

uid sschaudhari (gpg) <sschaudhari@acpce.ac.in>
sub 1024R/5D9D9E6A 2018-07-09 [expires: 2019-07-09]

Signing process:

it@it-Vostro-1014:~$ gpg --edit-key sangita.sc@gmail.com

gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 4096R/A0FBAFBC created: 2018-07-09 expires: 2019-07-09 usage: SC
trust: ultimate validity: ultimate
sub 4096R/3E147825 created: 2018-07-09 expires: 2019-07-09 usage: E
[ultimate] (1). sangita (this is gpg) <sangita.sc@gmail.com>

gpg> fpr
pub 4096R/A0FBAFBC 2018-07-09 sangita (this is gpg) <sangita.sc@gmail.com>
Primary key fingerprint: 2B3A 3324 89F9 13A1 9BEA 2BCB 62E1 F763 A0FB AFBC

gpg> sign
"sangita (this is gpg) <sangita.sc@gmail.com>" was already signed by key A0FBAFBC
Nothing to sign with key A0FBAFBC

gpg> quit

Encryption and Decryption

$ cat > secrets

hello
how r u?

$ cat secrets
hello
how r u?

Encryption

it@it-Vostro-1014:~$ gpg --out secrets_san --encrypt secrets

You did not specify a user ID. (you may use "-r")

Current recipients:

Enter the user ID. End with an empty line: sangita.sc@gmail.com

Current recipients:
4096R/3E147825 2018-07-09 "sangita (this is gpg) <sangita.sc@gmail.com>"

it@it-Vostro-1014:~$ ls
a.out Desktop examples.desktop Pictures secrets_san TURBOC3
demo1.nam Documents Music Public Templates Videos
demo1.ns Downloads mypk secrets test.c
it@it-Vostro-1014:~$ cat secrets_san
#
k F # D=7 P # %#0@ # C -bQYz
| #! E h
k6 #h #g $ i YBSxeZ
v #M m<,h:6. 5 # O,r

# h# # F # z # R #U~^Ln 2F z

#m+ # K_## @7 5Q mI M#H X 0#@ T NQ- # #

Q wt m@ u#t^ R JU # t q - r K # } !a

B ? Wu# #L p0'/V 2 NKM!IY } kg Fr# 7 $# #"

eU PTC ##Eq# >5P D " U w x i

> # #}t
3 e# # r A W. o#t
" wU#YZ# V 9 #(m &v l& ` #>)
1(&6 H E Fa `ls& {m4E Q#
mn 1
i , fO$ ; d# S#<
@) W ? #yfB W l}
, ;` &it@it-Vostro-1014:~$

Decryption:

it@it-Vostro-1014:~$ gpg --output secrets_fron_san --decrypt secrets_san

You need a passphrase to unlock the secret key for

user: "sangita (this is gpg) <sangita.sc@gmail.com>"
4096-bit RSA key, ID 3E147825, created 2018-07-09 (main key ID A0FBAFBC)

gpg: encrypted with 4096-bit RSA key, ID 3E147825, created 2018-07-09

"sangita (this is gpg) <sangita.sc@gmail.com>"
it@it-Vostro-1014:~$ ls
a.out Desktop examples.desktop Pictures secrets_fron_san test.c
demo1.nam Documents Music Public secrets_san TURBOC3
demo1.ns Downloads mypk secrets Templates Videos
it@it-Vostro-1014:~$ cat secrets_fron_san
hello
how r u?

Conclusion:

GPG is used for authentication and privacy to messages over the internet. GPG was originated to
address the security concerns of plain e-mail or text messages. Gnupg is used to demonstrate usage
of GPG.