A Simple Guide to Encryption

PGP for Email
PGP is a computer program that uses asymmetric and symmetric key encryption in tandem to encrypt the content of emails, files, instant messages, and even entire storage disks such as harddrives. PGP stands for Pretty Good Privacy and was originally written by Phil Zimmerman. Many other programs have been written to help PGP work more easily with other programs. For this tutorial, we will use GnuPG (GNU Privacy Guard) [1].

PGP for Linux
  1. Download and Install GnuPG. Go to http://www.gnupg.org/(en)/download/index.html and download the latest version of GnuPG. Untar the file by executing one of the following commands on commandline, depending on the extension of the file you downloaded.

    [user@localhost ~]$ tar zxvpf gnupg-1.4.5.tar.gz
    [user@localhost ~]$ tar jxvpf gnupg-1.4.5.tar.bz2


    Change directory into the folder containing the files that were extracted from the archive. This directory will be called "gnupg-X.X.X," where X.X.X is the version number. Execute the following command on commandline to configure, compile, and install the program.

    [user@localhost ~]$ ./configure; make; make install

  2. WARNING: Be sure to write down or remember your password. This password cannot be retrieved.

    Configure GnuPG. Unless you have used GnuPG before on your computer, you will first need to create a public and private key. This is done by executing the following command on commandline, where you replace user@server.com with your actual email address.

    [user@localhost ~]$ gpg --gen-key; gpg --armor --export user@server.com > publickey.txt

    The program will ask you several questions. For most of them, you can just hit the enter key to accept the default answer, but if you choose an expiration time of infinite, you must confirm by typing "y." You must also enter your name, email address, and a password. The program will then ask you to move the mouse or type random letters on your keyboard. This helps the computer generate good random numbers for the key. When the program exits, your public key will be located in the file "publickey.txt." If you are still in the gnupg-X.X.X directory, move the file to your home directory. You can place your public key on your website, email signature, or a public key server, such as the one maintained by MIT [2].

  3. Obtain public keys. In order to send encrypted email, you must possess the recipient's public key. You can obtain a person's public key by simply asking them for it. They may send it by email, instant message, or digital media such as a CD or USB thumb drive. You can also search for public keys by email address on a public key server such as the one maintained by MIT [2]. The following is an example of a public key.

    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: GnuPG v1.0.5 (MingW32) - WinPT 0.2.1
    Comment: For info see http://www.gnupg.org

    mQGiBDcopz0RBADAcbHfQ4cHWyQVZLmzQFHb1uleLBMoIqTUWQ/M+jgKJWuIS4Bt
    oxa5SOrAkyRCcIplhcwK3dzmyJdS1IODGT/opa2KPgMSAxGf+OI4ewfl9/weK8ew
    +vfJ0reJ7GBktf9VU45jx4OYLVg310c2Io1XF1AsOW+r/yewH4HFznjRbQCg/12s
    S9ueAgzt16T3laWhCxA/BL8D/iWLrUAo2AEInZ1t9PxCuXq1+QAsfjb6I93m4DJl
    HDpRnn5RTRWsPf5mBSBOlT05PzjC0l2RU6Yf90J+cOHElxDlGv0n6XnC3GYvaMNn
    O+xRS6y9s7w9ZN9v7XWeUWiQRSXnfT6BsvRnTM1KHkBR1Iw5ydWYSK/92rWTE5qG
    +ekBA/9IPhfX82t6D42t60q9ntHX8VDbdNk/5c0GzzC2yhA/1unupRpcpL3tIeBc
    id/95x9vq9ssR2b8LK0XrAm5vbeD30Yj0P6x0kZUUi7tVP/RB6WwMekPtF5xfShN
    2FNBofxbsGnAR2cnu8HQ5YqqS2oId0lxcaaInCXR6vptmvaOXLQiVGltbyBTY2h1
    bHogPHR3b2FkYXlAZnJlYWttYWlsLmRlPohGBBARAgAGBQI6TGVEAAoJEF3iSZZb
    A1iiZT0AoI2lh1p9eseJbzJF/CLEkYGTUecyAKCcpxIc+UBqtDV+qwrZJE63mwvr
    HYhGBBARAgAGBQI60f1RAAoJEJg0ZdshQ5QiOCIAoIdPJFgZt9VBxNxHnl8c5MNM
    FxDSAKCe9Ppm4yUrntZ4QzcNof2aiDo0AohWBBMRAgAWBQI5c3foBAsKBAMDFQMC
    AxYCAQIXgAAKCRDtRoHJvz35tOC9AKDIPPEFnPMPabShlr5ETpUGCK3wmgCgkjec
    eXfIZZrYBQ5dGzoqeC9qQBg==ZBvT
    -----END PGP PUBLIC KEY BLOCK-----


  4. Import public keys from a keyserver. When you search for a person on a key server, you will be given a key ID for their public key along with their public key. The key ID will be a short sequence of numbers and letters, like "699908CD." To import a key into GnuPG, create a text file with only the public key inside. Then execute the following command on commandline, where you replace "filename.txt" with the actual name of the file that contains the public key you want to import.

    [user@localhost ~]$ gpg --import filename.txt

    Then sign the new public key with your private key by executing the following command on commandline, where you replace "keyID" with the actual key ID of the key you have just imported. You will need to type "y" to confirm that you want to sign the key and the enter the password to your private key.

    gpg --lsign-key keyID

  5. Encrypt an email. Encrypting an email will be a little different for each mail client. Thunderbird, Evolution, and KMail all provide excellent support for PGP encryption, but some others do not. In Evolution, compose an email, and in the "Security" menu, click "PGP Encrypt." In Thunderbird, under the "Enigmail" menu, click "Encrypt Message." With these mail clients, you won't need to choose a key. These programs will automatically choose the public key that matches the recipient of the email.

  6. Decrypt an email. When you use one of the mail clients listed above as your mail client, it will automatically detect an encrypted message and prompt you for your private key password. When you enter your password, the program will decrypt the message.





1. GnuPG is located at gnupg.org.
2. MIT's public key server is located at pgp.mit.edu.




SSL for the Web Next - Hashes for Small Data