This action might not be possible to undo. Are you sure you want to continue?
1 PGP PGP, or Pretty Good Privacy is a freely available encryption program written by Phil Zimmermann which provides individuals with the kind of strong cryptography that has, in the past been available only to the military, intelligence agencies, and large corporations. You can use PGP to encrypt your ﬁles and electronic mail. You can also use PGP to sign documents with a tamperproof digital signature, proving that you wrote these documents and they weren’t modiﬁed during transmission. We describe how PGP can be used on Linux machines, in the following paragraphs.
1.1 Encrypting and Decrypting ﬁles The simplest thing you can use PGP for, is to keep your ﬁles out of reach of everyone except you. pgp -c encrypts a ﬁle, pgp -cw will delete the original ﬁle upon encryption, leaving just the encrypted ﬁle in the directory. This is different from using a command like rm because deleted ﬁles can be recovered. pgp will ask for passphrase when you invoke it with the -c option. It is this pass phrase that is used to generate the key for the encryption.
1.2 Decrypting an Encrypted ﬁle Files encrypted using -c option can be decrypted, provided the user knows the pass phrase that was given while encrypting the ﬁle. Simply, typing pgp followed by the encrypted ﬁle name,
1.3 Creating PGP keys Having seen how we can encrypt ﬁles and prevent unauthorized access to them, we consider the more interesting usage of PGP, i.e. secure transfer of ﬁles and emails. Before we do that, we need to generate keys that PGP will use. In particular, we need to create a key pair for us. In order to create your key pair, type on the command prompt $ pgp -kg This will ask for the following information.
2.kv option lets you view the keys in a key ring.pgp which contains only one key. You can see the contents of the key using a command like cat.pgp/ secring. the command $ pgp -kv $HOME/. Pass phrase .pkr will display all the public keys contained in key ring pubring.pkr. If you have entered everything properly. You cannot directly open the ﬁle and see your keys. On successful completion of the key generation process your public key will be store in the ﬁle $HOME/ .1. The user needs to enter this pass phrase each time he/she is trying to encrypt or decrypt messages. ie the key of the person xyz.This is used for encrypting your secret key. 4. Key size(1024 recommended).ac. 3. it gives the Key generation completed message. ex: firstname.lastname@example.org Extracting keys from a key ring The -kx(key extract) option extracts a key from a key ring so that you can give it to someone the -kxa (extract and ASCII armor) option extracts the key and stores it in printable ASCII(the -kx contains nonprintable characters) representation. Viewing the key will be discussed in the next subsection. The -kvc option (key view and check) option gives additional information about the keys.skr .spce. Enter some random data.pgp/pubring. 1. .pgp/ pubring.pkr and your secret key(private key) will be stored in the ﬁle $HOME/ .in>) Giving your full name and email id is recommended since it will appear along with your public key and it makes easier for others to identify you as the owner of your public key. 1. User Id(Can be anything. $ pgp kxa xyz filename This will generate the printable ASCII representation of the key of xyz and put it in the ﬁle filename. For example $ pgp -kx xyz filename will create a separate key ring named filename.4 Viewing Keys in a Key Ring The . This is used to generate the random number required while generating your key pairs. For example. This can serve as a readable form of your key which you can distribute.
You can also use the hexadecimal key ID to select a key. For example$ pgp -kr aldrin arun. You can edit keys and change user the ID of your public keys.asc into your key ring. You can enter a user ID or the fragment of a user ID to select a key. Get the public key of the person you want to add to your public key ring (Getting others public key will be discussed later). You can also specify the key ring to which you wish to add the key.9 Editing keys The -ke (key edit) option edits a key ring.6 Distributing Keys After you create your keys.8 Removing keys from a key ring The -kr (key remove) option removes keys from a key ring.kr would remove public key of user aldrin from the keyring. 1. Typing $ pgp -kr would ask for the user to enter the name of the key to be removed. The command $ pgp -ka filename adds the key to your key ring. You have three alternatives for distributing your public key: – – – Make your public key available through a public key server Include your public key in an email message with every message that you are sending Export your public key or copy it to a text ﬁle and distribute the ﬁle. PGP makes an intelligent selection from the keys present and asks the user before deleting the key. or put it on your web page. 1. Put it in some ﬁle.1.7 Adding keys to a key ring The -ka(key add) option adds new keys to a key ring. 1. or . add alternative user IDs. you need to make them available to others so that they can send you encrypted information and verify your digital signature.asc will add the public key stored in the ﬁle abc. Try the -kv option to verify if its actually there. For example the command $ pgp -ka abc.
One can get public key of a person either from the person himself or from any key server. The a is used to generate ASCII armored output.12 Digital Signature using PGP Digital signature can perform two different functions. 4. 1. A signature. is a mechanism for preserving the integrity and authenticity of the message. It is done using the ea option. Using the e . 3.11 Decrypting Email To decrypt a message sent to you encrypted using your public key.delete user IDs. For example. Authentication: A digital signature makes it possible for you to mathematically verify the name of the person who signed the message. For example. The -s option is used to digitally sign the given ﬁle.10 Encrypting Email Sending encrypted email with PGP is a four step process. $ pgp -ea messagefile aldrin encrypts the message in messagefile using user aldrin’s key. Signing a message is not the same as encrypting it. not its secrecy. consisting of the following steps: 1. Create the message that you want to send which can be done using some word processor. Save the encryted message to some ﬁle. 1. Get the public key of the person to whom you are sending the message. returns the user id of the key in your key ring that matches the key used for the signature. 2. Sending the encrypted message via your traditional electronic mail program. Ecrypt the message using the person’s public key. Running pgp with a signed messageﬁle as the argument. both very important to the security of your communication: – – Integrity: A digital signature tells you whether a ﬁle or a message has been modiﬁed. $ pgp -sa messagefile digitally signs with your keys. and decrypt it using $ pgp messagefile 1.
.option. you can encrypt the ﬁle before signing it.