Implementation of PGP (Pretty Good Privacy) for
securely
exchanging secure email messages
Basic User Guide
Content :
What is PGP?
Installation of PGP freeware
Creating your PGP keys
Adding
the class key server to the PGP client software
Distributing your public
key
Retrieving public keys
from the key server
Sending and
receiving
secure encrypted emails
Encrypting and
decrypting files
PGP stands for Pretty Good Privacy and it is a program created with the intention of offering privacy to email communications and to secure files and digital information. Our emails messages usually flow around the Internet without any kind of protection and with private information that should not be accessed by unwanted persons. People with the knowledge (hackers) or just physical capacity (Persons with access to email servers) can accessed or intercept them, and read our private documents. PGP is a digital data encryption program that will make sure that our messages are going to stay confidential.
It was created by Phil Zimmermann, a constant promoter of the awareness of the digital privacy; and quickly spread all around the world when he made it public as freeware in 1991. For this reason the US government held a criminal investigation against him because of violations on US export restrictions for cryptographic software. In 1996, when the US government dropped the case, Zimmermann founded PGP Inc., company that Network Associates Inc acquired a year later.
PGP uses public key cryptography, a concept introduced by Whitfield Diffie and Martin Hellman (Diffie-Hellman) in 1975. This cryptographic scheme uses a pair of keys, a public key, which encrypts the data; and a private key, which decrypts the data. Any message encrypted with a public key can only be decrypted by the corresponding private key.
PGP works the following way: Each user creates a pair of keys, public and private, the private key is personal and private, no one else should know or have this key. On the other hand the public key must be distribute among all the users with whom he wishes to maintain a secure and private email communication. When a user wants to send a secure email message he will encrypt it with the public key of the destination user, after doing so, the only one that is going to be able to read the encrypted message is that user, because he is the only one that can decrypt the message with his private key.
The keys are basically a really big number. The public key and the
private
key are mathematically related but with the selection of a very big pair
of keys, it will be very difficult, to not say impossible, to be able to
get the private key from a public key. PGP freeware creates keys from 1024
to 3072 bits, the lager the key the less chance someone will be able to
get your private key from your public key, in the same way, the larger
the key the slower the encryption and decryption process. But unless you
are sending some very, extreme, important material, a 1024 bit pair of
keys would be more than enough.
In order to download the PGP Freeware software you can go to either:
http://web.mit.edu/network/pgp.html
(For the PGP Freeware v6.5.8 version)
or to:
http://www.pgp.com/products/freeware/ (For the PGP Freeware v7.0.3 version)
There, you will be able to download the software that matches your Operating System.
After downloading the software you must unzipped the file and then
double
click on the setup file. You then be presented to a PGP Freeware Setup
Wizard. Follow the windows typing the required information leaving the
default values whenever you don’t know what to type.
1. Open the PGPkeys windonw from your PGP software by selecting “Start/Programs/PGP/PGPkeys” or by clicking on the PGPtray icon in the lower right corner of your screen and selecting PGPkeys in the pop up menu.
2. The PGPkeys window will show a list of the registered Public Keys. The software comes with public keys from some people from Network Associates; feel free to delete them by selecting them and hitting the delete key. All the Public Keys that you will register will be shown here and your own public key, which you will create later also..
3. In the PGPkeys menu bar, click on the Generate New Keypair icon, or go to “Keys” on the menu and then use the “New Key”option, to bring up the PGP Key Generation Wizard. Read the introductory dialog and click Next.
4. Enter your name and email address. By entering your email address the software will be able to look up your correct key later automatically while using some email applications on. click Next when you're done.
5. Now the PGP Key Generation Wizard asks you to select a key type. Accept the default “Diffie-Hellman/DSS”. RSA stands for “Rivest, Shamir, and Adelman”, the inventors of this public key encryption technology, an older technology that was used in PGP versions below 5.0. These two technologies are not compatible with each other. click Next.
6. The PGP Key Generation Wizard then asks you to specify the size for your new keys. Accept the default 2048 bits and click Next.
7. For the expiration date, accept the default “Key pair never expires” and click Next; unless you want to be changing your pair of keys often, be aware that you will have to then to spread out your new public key every time you get a new one, and the people you exchange messages with will have to get your new public key every time.
8. The PGP Key Generation Wizard now asks you to enter a passphrase. The passphrase will let you maintain exclusive access to your private key; and it is just a set of words or characters that you will select to let now the software that you are the user of the corresponding private key. A minimum of 8 characters is required and they can be a mix of letters and other characters in lower or upper case. As any password, the longer and more complicated your passphrase is, the harder someone will be able to crack it. After deciding a good passphrase type it and re-enter it for confirmation. Click Next.
Warning: A forgotten passphrase can not be recovered.
Note: You can later change your passphrase by going to the PGPkeys window, selecting your public key from the list, and then going into “Keys” on the menu and selecting the option “Properties”. There you will find a “Change Passphrase” button.
9. The PGP Key Generation Wizard will now generate your key pair. You may be prompted to move your mouse around or hit random keys on the keyboard to help the Wizard create a more secure key. Click Next when the Wizard has finished generating your key.
10. You may now be asked if you want to send your new Public Key to
the root key server where other users can find it and use it to encrypt
data that they only wish you to read. Do not do this right now cause the
actual “root server” is not the one that we are going to use.
Adding the class key server to the PGP client software
A PGP Key server is a software that let PGP users store and retrieve public data encryption keys in order to distribute them, so a user, after creating the pair of PGP keys, can make its public key available thru the server so other users will go and get it.
We have installed a PGP Key server in order to use it for this class. The following are the steps that need to be done in order to make this key server the root key server of your PGP software.
1. Open the PGPKeys window. (As it was done on the first step of “Creating your PGP keys”).
2. Select “Edit” from the menu and go to “Options”.
3. Go to the “Servers” label on the PGP Options window. There you will find the list of PGP server registered in your software. The PGP freeware software comes with some Network Associates key servers by default, feel free to remove them.
4. In order to include the class Key server hit the “New” button.
5. The “Add New Server” window will pop up.
6. Select the “LDAP” protocol. LDAP stands for Lightweight Directory Access Protocol and our server is based on it. It provides a standard method to manage the storage and retrieval of keys on a centralized database.
7. Type: csc2.list.ufl.edu on the Server Name, which is the Domain Name System name of the key server.
8. Type: 489, which is the port number from where the server is listening for requests.
9. Hit the “OK” button leaving the rest of the configuration options as they are.
10. The new Key server will then show on the Servers window, select this server and hit the “Set as Root” button in order to mark it as the root server.
11. Hit the OK button on the “PGP Option” windows.
Direct distribution of the public key:
We can obtain our public key the same way as we copy and paste any stream of characters on a word processor. On this case our public key will look like a bunch of not understandable characters marked by a “BEGIN PGP PUBLIC KEY BLOCK” sentence at the start and “END PGP PUBLIC KEY BLOCK” at the end. In order to obtain your public key you must do the following:
1. Go to the PGPkeys window.
2. Select your public key from the list of public keys.
3. Go to “Edit” on the menu and select the “Copy” option (You can do this also by hitting the right button on your mouse or by pressing Control C).
4. Then open a text editor (Notepad in Windows, for example), or you may want to do this directly into an email message for the person that you want to have your public key.
5. And paste the content.
After doing this you will see something like this:
-----BEGIN PGP PUBLIC KEY BLOCK-----Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>mQGiBDx25CQRBADQWob9Bn3xZa3gyx77YjwxytBGnsSABiVRTGk4BaM1/E8MwavH p4IKXDuq87HZP/NQRxi/HuSQTICgWuJUKFycBYrxdeLjR8Z5DH7EGha2D8lJIcZC uBZfFKtH3rSZf5Y1yX83ygroSX3W8h4Ue/JCgE/ZWGWov3fAy9zcJ7rUYwCg/w0I R8LU2Pxp43YJ3hiZ4goUm1sD/RleKjyBGBcLYKKItAq4O4RRtRyeyaJdH0DDHhir vEa0FfSchFdIaE4o8uiZr9k0jjMptuz/XHklz7Y7azS6xYQy5CR3qq7FHzCEHv04 Fv37ktBKHmxgK15P1qJSkup5PYJdYVD5DzbACvn2KvVOzprVhGhCY8q/6deqtiqu JfYjBACC4Tl5EaxnUXrs5sK/omcVIwvcilqf/Jea9mrqjOJHd7UdY7HHyT5HjZ6y KQFYKHw7Yo+9QaQ27QAHvbc2SPfq1GHPXmhcqJlsURCsY3/lVtSLyEN72nIBgbUC Wh8Q0WARHJFUF3WOV8wKRM2ragtfOqDnZJ+njG7FGZjzDOgKwLQhTHVpcyBBLiBD aGF2ZXogPGNoYXZlemxhQHVmbC5lZHU+iQBOBBARAgAOBQI8duQkBAsDAgECGQEA CgkQP//0YMhKwC/02QCfWHRyqttFxHIJer+BNaFnu06uv5EAoJNr2IszJVGmUJW0 ySxvPeoQotVOtC9MdWlzIENoYXZleiAoSUZBUykgPGxhY2hhdmV6QG1haWwuaWZh cy51ZmwuZWR1PokASwQQEQIACwUCPIURcgQLAwIBAAoJED//9GDISsAvNR0An3/L l97znNLMKWWa2DvWcK+8nN6UAKDsdeGBe/WWZOD3E5YQGbU9x6XAyLkCDQQ8duQk EAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV89AhxstD qZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50T8X8dryD xUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknbzSC0neSR BzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGze MyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbTCD1mpF1B n5x8vYlLIhkmuquiXsNV6TILOwACAggAxisY7XxNva8j5nVHY8djT9SkvxBdFDLG X3r4S/qVd3lmDFk8JUvto2TQrDj2XwDIkceSzBpCYw572MsU6p9w3YPMZEYLP6Fw oGyDvHZoo6yL3MVZROBesyYJUDqP1SnCMz8CAwozpTo/BcEhK6Rio7gTZnkaB2fC gG0fAVRRxA0WcCCcgEFcceYZ4Rjxz4/vKAUiEgjjpfBUQrUKLsn9UwD3Q6MTPH+7 6UN37lcobdgmNb7U0pGwHSPQLUJnpwSvIO9OhHDOeuBGDhVBniRimoKgv4PGAaYE xwAWJLyhhhCPy7uO0dViXPBXNvsiIrJdewd0MwQQScsPoEUyvRREBIkARgQYEQIA BgUCPHbkJAAKCRA///RgyErAL8kBAJ9DKkgPL7m3cYvbWOtcGxIwmghW0QCfRGzx XCdjSq9QsbvZPmd7hduo9Iw= =/V8G-----END PGP PUBLIC KEY BLOCK-----
6. If you pasted the public key on an email, now you can send that
email to your friend and he will be able to have your public key. You can
also paste the public key into a text file, copy the file on a disk and
then give the disk to the person you want to share your public key with.
The person to whom you send the email or give the disk with your public key will do the reverse operation in order to copy your public key into his public key list of his PGP software.
1. The user will open the email or the file that contains your public key.
2. Will select the complete block of your public key (just like the one on the example above) and will copy it into the clipboard by going to Edit on the menu and the option Copy (or by hitting Control C).
3. Then, will open the PGPkeys window from the PGP freeware software.
4. And finally will go to “Edit” on the menu and “Paste”. A new window
will pop up with the description of the public key of the person, and by
selecting the key and hitting the “Import” button the key will be added
to the public key list.
There is also the possibility of exporting your public key. This option
will create a “.asc” file that then can be send as an email or save to
disk with the information of your public key. The person you want to share
your key with can later import this file. The “Export” and “Import”
options
can be found on “Keys” at the menu bar of the PGPkeys window.
Distribution of the public key using the PGP key server:
User’s can also make available their public keys by sending them to PGP key servers, where other users can later go and search for the public keys and encrypt messages with them that can only be decrypted by the users with the respective private key.
In order to send your public key to the key server created for the people in class (csc2.list.ufl.edu), you must do the following steps:
1. Open the PGPkeys window.
2. Select from the list of public keys your own public key.
3. Go to “Server” on the menu and to the option “Send to”.
4. Finally, select the class server: idap://csc2.list.ufl.edu:489. If this option is not showing on the “Send to” option you must go back to Adding the class key server in order to add the server to the software.
5. You will see a message window that will tell you if your key was send successfully.
Now any person that wants to have your public key can access the server
in order to retrieve it.
Retrieving public keys from the server
In order to retrieve a public key from the key server you must do the following:
1. Open the PGPkeys window.
2. Go to “Server” on the menu and to the option “Search”.
3. A PGPkeys Search Window will come up where you can specify different characteristics from the user and public key that you are looking for. By hitting the “More Choices” button more specifications can be added.
4. When you finish typing all the specification of the search hit the “Search” button.
5. Locate the public key, from the person you are searching for, on the search window; select it and in order to add it to your public key list your may have many options:
- Copy it to the clipboard (By going to “Edit” on the menu and then “Copy”, or hitting Control C), and then go to the PGPkeys window and “Paste” it.
- You can also drag the selected key into the PGPkeys window.
Now you can use the retrieve public key in order to encrypt email
messages
to the owner of the key pair.
Sending and receiving secure encrypted emails
After exchanging public keys, two users can start sending and receiving private encrypted messages right away. In order to send an encrypted message you must:
1. Compose the email you want to send as you have always done.
2. After finishing, leave the cursor on the window where you composed the message and go to the PGPtray icon in the lower right corner of your screen, hit the left button on your mouse and on the pop-up menu go to the “Current Window” option.
3. Select “Encrypt” or “Encrypt and Sign”:
The option “Encrypt” will pop up a window called “PGPtray – Key
Selection
Dialog” that will let you select the public key from the person or persons
you want to send the message to, you can double click on every wanted
public
key or select them and then drag them down.
You also have two encryption options: With Secure Viewer the
decrypted data will be display in a special TEMPEST attack prevention font
that is unreadable to radiation capturing equipment. This type of
equipments
can be placed near your computer and send to a remote computer all your
keystrokes and information displayed. The Conventional Encrypt
option
will used just a common passphrase in order to encrypt the message. The
decryption process is done by typing the same passphrase.
After doing all that hit the “OK” button.
The option “Encypt and Sign” will run the same steps from above but
after hitting the OK button the “PGPtray – Enter Passphrase” window will
pop up requesting your passphrase in order to sign the email.
By signing the email PGP provides authentication; the recipient user
will be sure that your were the one that send that email, and some extra
information about the sender will show up after the decryption process,
this information consist on: PGP Signature Status that will specify if
the data was modified after the encryption, the name of the Signer with
its email address and the Date and Time when the message was signed. This
will provide the certainty that the message is authentic and has not been
altered.
4. The message will then be converted into ciphertext, an
unintelligible
set of character that will look like this:
-----BEGIN PGP MESSAGE-----Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>qANQR1DBwU4D3y0pfeW6V5AQCADhxll92DlzHbLvQQrEPPmD7lPLPadbki4dwz4B H7nhL0aAXYYgQl7z17wN6UM0u4TaJI8cUYaOEwWHa6kEjhAwBKqLtQBJBu9l8qOG YbepSd2bq1QtjbmX8WhC7/RauGFDI5K1n4KWsmURxoB/rkSZb57fLvnth/iQi8+B Hh1VBe7mMRcMGGPlhXel1DX8fVOyGq4mIz8nmjUXeiUI6qJR3mbLUJ9dtMLHJz9W bRzg1zEYRD9V8Srk0OxJ68h6r7C4jxEXXag5X+BOpa6UjnzZC2RZJBOuB40yr0PH n6HjrZJSruZaBl3McpDi3xZyKSnCZQxkT+lOMPqTjha8x0FkCADPN9Ht3oqSQEWh 50cAxneOmrN7+A9CIFhhI1Aioe1dV4C/KZ4gQRFcVfw09fzc9osWb6U2A7TFoFKt j4po8eQha68yXMqhi0neL11XaTyoSXzUzkbd7tjuIZhoppfM/CjoCc/HkQJ7i8oM trmF7IK2rUWCvroOEAIEdgNCijF+z97YeA/A3SrQETkn9E22FeJfDyEC28tlX0NF PvUjorWggn83/gj68AWIKVJ89kX3G25lncfCcPcgH+U3xRxS4QhgyjqgWc9+p3w1 Xk9JyLlfQNzmEH1VsK3XHxXtdSLsxUESatT6eDrKUX/BEe6MiEaUMPKWp+N2zkmc 09FpAZRZyWlaEqptC5Y/kTXJPUB4S6o/VFDBm5nFyM0T3GrTPx8xSiMK9NgBAHRY 2aJKI7rzcYR+12S4Dk3bCRJ+N8YZWMA+2OFAIwpFhinHbjXnHYI7MOBFHYyF2NN8 o/2kUD8ieMFhAyhwKeckyBs= =YMjW-----END PGP MESSAGE-----
The original form of the message can only be obtained now by the
owner or owners of the public keys that you selected on step 3.
5. Now you can send the message like you always have.
After receiving an encrypted message the decryption process is done in the following way:
1. Open the email as always. All you will see is the ciphertext.
2. Select the complete block of cipher text.
3. Go to the PGPtray icon in the lower right corner of your screen, hit the left button on your mouse and on the pop-up menu go to the “Current Window” option and select “Decrypt and Verify”.
4. You will be asked to type your passphrase in order to decrypt the
message. The original message will come up in a new window for you to
read.
Encrypting, decrypting and signing files
PGP freeware let you encrypt files so you can securely store them in
your computer; no one else will be able to see their content or have
access
to them. You can also encrypt a file with other user public key, making
this person the only one able to decrypt it. This option is useful in
order
to send secure attachments on emails; which will only be available for
the owner of the respective private key.
Files can be encrypted with the use of the public key or just with
the conventional encryption method. The conventional encryption relies
on a common password or passphrase in order to create a unique session
key that encrypts and decrypts the archive. The passphrase is used for
both purposes.
Another file encryption option is to create self-decrypting archives;
which will used the conventional encryption and that will allow you to
exchange information securely even with those users who do not have PGP
freeware.
By signing a file or message a user can guarantee if someone has
altered
it and authenticate itself as the sender. The signature is based partly
on the signer’s private key and on the content of the message or file;
changing one character on the message or file will make the signature
invalid.
By verifying the sign, a receiver of a file or message may know for sure
who was the sender and if someone has altered it.
To encrypt and sign files:
1. In windows explorer select the file or files you want to work with and right click on them.
2. Go to the PGP option and select:
- “Sign” for only signing the file or files. This option will pop up a window asking you to type the passphrase of the private key you want to sign the file with. After typing the correct passphrase a new file, with the name of the original file with extension “.sig”, will be created on the same directory. By double clicking on the latter you may check the signer and verify the content of the original file.
- “Encrypt” for only encrypting the file or files or “Encrypt and Sign” for performing both actions. This options will pop up a “PGPshell – Key Selection Dialog” that will allow you to select the public keys that you want to use for the encryption process. After finishing with this window the “Encrypt and Sign” option will pop up a window to enter the passphrase in order to sign the file.
“Text Output”: Will make the output file (the encrypted or the signed) an ASCII text file. This is necessary for some older email applications. The size of the encrypted file is about 30% greater.
“Wipe Original”: This option will wipe out the original version after the encryption process.
“Secure Viewer”: The encrypted data will be later decrypted and display in a special TEMPEST attack prevention font that is unreadable to radiation capturing equipment. This type of equipments can be placed near your computer and send to a remote computer all your keystrokes and information displayed.
“Conventional Encryption”, or “Self Decrypting Archive”: Both
options used conventional encryption and will pop up a window requesting
the passphrase that will be used to encrypt and decrypt the file. The
second
option will create a self decrypting archive for persons that don’t
have the PGP freeware software.