|
|
| Linux news | Newbie's Linux manual | Linux links | Link us | ||
| The Linux columns | Book reviews | ||
| DistroWatch + TuxReports | October 22, 2002 | |
by , 11 November, 2001
For those that don't know, encryption is when you take something, like this sentence, and turn it into:
qANQR1DBwk0DkeMERhdYIiYQDACktpHIn4hOzLs0tgTjB8q9cDeVCOhbRx56gi7
PGP (Pretty Good Privacy) is a piece of free software that allows you to encrypt files and more importantly, emails, with some pretty damn powerful encyrption. So powerful in fact, that Big Brother would prefer you be good little subjects and refrain from doing so, because no longer can they read your mail.
Because they do you know. All the time in fact. And have been for many years. Even though most of us just want to say hi to a friend, or send an important business document to a colleague, with the assurity that others can't read our personal and confidential mail.
Also, and more commonly, it allows you to digitally sign an email, so that if John called me a big fat swine; he really did call me a big fat swine! (Signatures can't be faked, or manipulated and neither can the content of the email, and a signature also guarantees the entire email was received.)
Unfortunately for many, PGP is alien to initially get to grips with. Here I'll show you how easy it can be.
If you're unfamiliar with the basics of using the Linux command-line, you'll need to swot-up with the help of my Newbie's Linux Manual.
Click here and download PGP. For this column, I downloaded the latest compressed tarball, "PGP 6.5.8 for Linux" (3Mb), and the latest RPM, "PGP 6.5.8 for RedHat Linux (.rpm)" (2.8Mb).
Open a terminal window, or at the console, and in your normal everyday user account (with knowledge of the root password to install software), cd to the directory you downloaded PGP to.
If you downloaded the RPM, enter:
tar xvfz PGPcmdln_6.5.8.Lnx_FW.rpm.tar
su -c 'rpm -Uvh PGPcmdln_6.5.8.Lnx_FW.rpm'
...replacing 6.5.8 with your version.
Note:
If ever you want to uninstall the PGP RPM, enter: su -c 'rpm -e pgp'
If you downloaded the compressed tarball, to install, enter:
tar xvfz PGPcmdln_6.5.8.Lnx_FW.tar.gz
tar xvfz PGPcmdln_6.5.8_Lnx_FW.tar.gz
cd pgp-6.5.8
su -p
mv pgp /usr/bin
mv man/man1/pgp.1 /usr/share/man/man1
mv docs /usr/doc/pgp-6.5.8
exit (or Ctrl+d)
Note:
If ever you want to uninstall PGP, enter:
su
rm /usr/bin/pgp
rm /usr/share/man/man1/pgp.1
rm -r /usr/doc/pgp-6.5.8
exit (or Ctrl+d)
PGP uses public key cryptography. This means a pair of keys are used for encryption. A public key encrypts the data, whilst a corresponding private, or secret key decrypts the data. Anyone can be given your public key, but you keep your private key to yourself. Anyone with a copy of your public key can then encrypt data, that only you can read.
To create (generate) your own unique public/secret key pair, enter:
pgp -kg
...and when prompted, enter as follows in blue (changing the User ID):
Many email clients support PGP and on many platforms, but to make things simple, I'll be using the popular KDE 2 email client, KMail (which I shamelessly presume you know how to set-up to send and receive email).
Open KMail, and select the 'Settings' > 'Configure KMail...' menu option.
In the 'PGP User Identity' text box, enter your public key user ID, you entered during key generation:
Now select the 'Composer' page from the sidebar, and tick the 'Automatically sign messages using PGP' option:
Now select the 'Security' page from the sidebar, then the 'PGP' tab, and select the 'PGP Version 6.x' radio button:
You'll likely want to tick the 'Keep passphrase in memory' option to save you typing your private key password every time you send an email or read an encrypted e-mail. The 'Always encrypt to self' option should be left selected, since without it you can't read an encrypted email once you've sent it. The 'Show ciphered/signed text after composing' option should also be left ticked to always be sure your email is being signed and encrypted.
Finish by pressing the 'OK' button.
Now each time you create an email you can sign and/or encrypt it with the 'Sign message' and 'Encrypt message' toolbar buttons:
To sign your first email, simply send an email to yourself (with the 'Sign message' toolbar button selected), entering your private key passphrase when prompted:
Now so long as you ticked the 'Show ciphered/signed text after composing' option, a reassuring dialogue box will appear confirming a successful signature:
Now collect your email, to view your signed by PGP email:
If you don't have the sender's public key, you'll receive something like:
Start a new email, and select the 'Attach' > 'Attach My Public Key' menu option. Now send the email to a friend or colleague.
When you receive a public key you attach it to your public key ring (~/.pgp/pubring.pkr). To do this, save the attached public key (likely the file 'public_key.asc' but can just be a block of text as part of the email), and in that directory, enter:
pgp -ka public_key.asc
Now sign and certify that person's public key, with:
pgp -ks 'Bill Turner <>'
Note that you don't have to enter the entire user ID, enough to identify the public key will suffice, e.g.:
pgp -ks Bill
Before answering yes to certifying a public key you can phone and ask that person to read out their 'Key fingerprint'. This they (and you prior to entering: pgp -ks userid ) can retrieve with:
pgp -kvc Bill
If ever you want to remove a public key from your public keyring, enter:
pgp -kr Bill
To view your public keyring, enter:
pgp -kv
And to include all certifying signatures in the above, enter:
pgp -kvv
With someone's public key in your public keyring, you can now use their public key to encrypt emails that only that person can decrypt. Simply write an email and select the 'Encrypt message' toolbar button.
Bill a life-long fugitive, and America's 1,001st most-wanted ("It wasn't me, it was the one-armed penguin.") sent me this email:
Email attachments are not ordinarilly encrypted. To encrypt for example the file, secret.txt to Bill's public key, enter:
pgp -e secret.txt Bill
...which will created the encrypted file secret.txt.pgp.
Now attach secret.txt.pgp to an email and send.
Bill then saves the attachment, and enters:
pgp -d secret.txt.pgp
...to decrypt the file and save it as secret.txt.
A quick cat secret.txt then reveals to Bill, the secret of the Ancients!
For more on PGP, enter: man pgp, and also take a look at the PDF and PostScript documentation installed in the the /usr/doc directory.
| About us | |
| Latest stable kernel: 2.4.19 | Latest development kernel: 2.5.44 Copyright © 1998-2002 Linuxdot.org. Linux ® is a registered trademark of Linus Torvalds. |
|