|
|||||||
|
|
|
|||||
|
|
|||||||
|
|||||||
|
|
|
|||||
|
|
|||||||
An Unauthorised Guide to PGP Cryptography
Introduction
Pretty Good Privacy by PGP Corporation is the industry standard in public-key cryptography. Public-key cryptography uses a pair of keys: a public key, which encrypts data, and a corresponding private key, for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt data that only you can read. Conversely you can send anyone an encrypted message with their public key which only they can read.
Which Version?
PGP Desktop 9 can only be used for a limited period before online registration is required. Some earlier versions of PGP are available at The International PGP Home Page. PGP Desktop 803 is available on peer to peer networks with a license that gives unlimited use. GNU Privacy Guard, or GPG is the premiere open source implementation of OpenPGP encryption. GnuPG for Windows can be downloaded free from gpg4win.
Installing PGP 8.0.3
When installing PGP 8.0.3 untick all the boxes in the Select
Components dialog. Microsoft Outlook Express 6 will not allow integrated PGP use unless you also have a Digital Signature, which you have to pay for.
This is not a problem as we will be sending PGP messages as text. Use the
following information for PGP 8.0.3 License:
LicenseName: r0r_ROR
LicenseCompany: TEAM ROR 2003
LicenseNumber: CUZ66-HX0PL-1ACX6-D2ZG9-F2Y3J-VEA
LicenseAuthorization:
-----BEGIN PGP LICENSE AUTHORIZATION-----
ADIAAaYAAKDwnSiyT5rfXUss42GavMstVtJVGgCfRCvCM5TN0noKOXgd1Ssacej8W78=
-----END PGP LICENSE AUTHORIZATION-----
Installing GnuPG for Windows
When installing GnuPG for Windows tick WinPT and GPG in the Choose Components dialog (GPA is an alternative to the WinPT management tool). Sometimes the GPGee extensions don't work when right clicking and the computer has to be rebooted.
Using PGP
Once installed, registered and restarted, run PGPkeys. (With GnuPG for Windows, run WinPT and double click the key icon in the System Tray to open Key Manager.)
Click the top left hand icon (Generate new keypair) and follow the instructions. This creates your PGP key pair.
To send someone your public key, click on your name in PGPkeys and copy (Ctrl + C). (With Key Manager in GnuPG use Copy from the Edit menu as Ctrl + C copies all the keys)
Open a new message in Outlook Express and paste in the text (Ctrl+P). Your public key will appear as below.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 8.0.3
mQGiBERPrTwRBAD/Qis06ieCzhfwgHDpQDvRZAj7qhDkya6xjJe5CJkTUx3k34gp
3yFQf13id99o3IR6G3aIpxfRHA2HW8u0FAh3Tt7kMcDdkxmjYdK65ZyZNfSJY1cD
zinGuiBqDxsIbiGYm/GkRuHdmA2Ou7pwBSrVDITNyFMd8DKtumR7yjr4UQCg/yc5
96EBzgFGxq5LBaAFH+cbKJsEAPLpbUo1TdcsxUd0or1engQ4u9BttpYOaHwalDLR
ByKo8BVVqsn6KBpxRLThwyf4YmrkWyBzHpJzMfIyp/U/ZnR+DNIvGVwbwNnoDbQC
cj2M3pizoWUxBOm/veNDSoBMtv86rUgqkGakSOHiM0n9w7SjZel3tqJu3Bt5GWRz
VFOLA/9vi0GAYDVH9IzR9uVqWM1TsWA8QLP0U0/AKuJL/nfDj3ZSyLrj1y2FPweU
j5cDETlEraUEdKufq6grCqRLrqHWmnohvUqcnG16WHQ4DHV19LDmX7hxvxDgEjhw
bOJqnyF3WUCn76T0q/VE2DXnu0i//15EEOnsoEYh+FeKEjveprQVQW55Ym9keSA8
YW55QGFueS5jb20+iQBXBBARAgAXBQJET608BwsJCAcDAgoCGQEFGwMAAAAACgkQ
b5kOcpwGHTwmkACg6Gj/Plr5rODp4CMx7g1EbFu1JoUAn1bto1hbvtgkpp85IS95
O6Wr/ACeuQINBERPrTwQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoB
p1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnh
V5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr
5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4
XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zaf
q9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICB/9yCowUslGgYx0H
syUNDAyBmSLAmABCClQrjr8ENwZBqx0XDJFyeR0ENgA2k/pSXwdPEvqpTAA4LF/F
LNhxZ+2Dv+Yu6Nw5fzAYwoEMx5KJn58BfhLcb+8gQdyX0JoJfgGCqk/nEthdfKdH
xdqIS0p2boLMF06SQ/Dp+IivOfp4bRdByhKSqwn6xs4ElFfVTxwqluO8FyGJ9XNd
FZx7GCCCxm71ZJnUpirD80p5gBuw6j/D7wZgRuKKPHGMmbElaM6kd7kFlnuCLsbA
8ZHnGfk/POUfjyGfrdSdxi03Un/pNyE8v9nUWIO5PcGR6OjYOCond4wIXr3gLHJZ
ZFLl5oq0iQBMBBgRAgAMBQJET608BRsMAAAAAAoJEG+ZDnKcBh084okAn0DRnm39
ojrD1NofRKjGPzbnnhEIAJ4kyB8j+SvO/pPQm9EmijUqWpD3qg==
=y/NE
-----END PGP PUBLIC KEY BLOCK-----
To import a public key, highlight the entire message including the dashes and copy (Ctrl + C). Open PGPkeys, paste (Ctrl + P) and click Import. (With Key Manager in GnuPG use Paste from the Edit menu as Ctrl + P does nothing.)
To send an encrypted message, first write your message in notepad and save as a text file (.txt). Right click on the file and select PGP, Encrypt. PGP Shell - Key Selection Dialog will open. Drag the user you require from the user window above to the recipient window below and remove any recipients that you don't want included with the Delete key. Tick Text Output and click OK. (With GnuPG right click on the file and select GPGee, Encrypt (PK). Sign/Encrypt Files Dialog will open. Tick the recipient(s) required, select Text Output from Misc. Options and click OK.)
This creates a .txt.asc file. Open this file in Notepad (right click, Open With, Notepad), highlight the entire message including dashes (Ctrl + A) and copy (Ctrl + C). Open a new message in Outlook Express and paste in the text (Ctrl+P). Your message will appear as below. (Enter None as the message subject to maintain confidentiality.)
-----BEGIN PGP MESSAGE-----
Version: PGP 8.0.3
qANQR1DBwU4DsFbjvbN4i0gQB/0U2gmc6Mnj53Ihm6pPCubPFaAtyn/b+6uudma4
oM0aCWbIlBRyhuJWV4DZmxkdjsVFIiXJVFVYFjAXJgT/a+N6GfAdyLFlzGoSZRDz
ikOirOWfQPRwpZHVahcgJif52HWUHqCv3j5XtPFTlOEpDSdyqZ78iJL1MqXbLXvc
qqkhCxvLxfQpigzUTE0R/Vy34lSgKFQ92ZhnSS+t7Fktb3hM5kwNiVSGZdgwddXR
XtIig2hyHwVlEbAVF10qYz4h9Fx2eVr1K1OKlJqu7Qgpb9M1rwAoeU4GkX3vQmWy
wIPhTDpiFQmC9rWeh+jJ8rU1X9SmBXahK2mAPYh4ZXlKgbfZCADqH8Bq/J/ydnib
/F7gzftfqGupDfN6z+UDMvuxf6UDDAdjxT2ElosdXVP7aEb6Ao3KIggMk+JQCAuV
oburDCnMvzHfxi9Wk8vNO0DgPs5Bkv422BhjDlcobQLi07PlYc23IeTCUz068XR4
qg/DsDixa6jgMNob7UAO8XZdbMeyk5x5sJpKGlwBcfluFeI7piHW3mCQsw2muQC2
YZgffVGtIvqHMU/t7A1O+XQKOAij0ykZglzPE3OgNQGpBow+5somf6FxDm/FWcTL
2ipz9u0raz9ACfcN39Cl2SwnMyn7RsJSuSzbdT4dY7NICipAEUr0cGSQykCRwsp5
t6rd8mx/0kcBJxgMlbnsQ1tmzTLaOq/vcI09xUaTQvxa/C4JzWzAjyYQvIfLjuoW
EAM5zjiMahMyk00a0g1vDS+K2VKeuD37N60eQuuzOA==
=kBpK
-----END PGP MESSAGE-----
To read an encrypted message, highlight the entire message including dashes and copy (Ctrl + C). Open Notepad, paste (Ctrl + P) and save as Message.txt.asc in the File name box. Right click on the file and select PGP, Decrypt & Verify (with GnuPG, right click on the file and select GPGee, Verify/Decrypt). Enter the passphrase for your private key and click OK. The decrypted message will be saved as a text file.
Problems with File Attachments
If you do not select text output when encrypting, the file created will have a pgp, gpg or other encryption extension. If the person receiving the message is not using the same application (PGP, GPG or whatever), they may not be able to open the file. Likewise, if the message is written in a Word Processor and the message receiver does not have the same one installed, they may not be able to read it. So writing messages in a text file and sending them as text is more reliable.
That's about it.