GnuPG Gnu Privacy Guard an intro

LogoGnupg.png
http://www.gnupg.org/
 deutsch
deutsch
 LogoGPG4Win.png
http://www.gpg4win.org/

In a time when slaveholders are taking care of theirs slaves lives using search engines or reading their email, cryptography has become essential.

Because gouvernments of former a future third world countries do what they deem profitable - profitable is spying, torturing, disinforming, showing a lot of activity without really doing something - Phil Zimmermann has given us PGP back in 1994. Until now PGP is giving an income to the courts here and overseas.

PGP and the stalking of PGP and programmers all over the world have let to a flood of programmes either utilising PGP or compatible to PGP. GnuPG is one of these programmes. You can find a version of PGP for Linux, for Windows and probably for Archæopterix too.

The GNU sites above do have good introduction and reference manuals. With windows there is no way but download and install. With linux GnuPG may be enabled by tools like synaptic for Debian, Knoppix und Ubuntu.

SynapticT.png
Synaptic Package Manager

And how to feed the keys into GnuPG?

:~$ cat 3C07FE53.txt | gpg --import
gpg: directory `/home/mercur/.gnupg' created
gpg: can't open `/gnupg/options.skel': No such file or directory
gpg: keyring `/home/mercur/.gnupg/secring.gpg' created
gpg: keyring `/home/mercur/.gnupg/pubring.gpg' created
gpg: key 3C07FE53: public key "Karin Dambier (Piratenschluessel) ..." imported
gpg: Total number processed: 1
gpg: ..............imported: 1

s:~$ cat 3C07FE53S.txt | gpg --import
gpg: key 3C07FE53: secret key imported
gpg: key 3C07FE53: "Karin Dambier (Piratenschluessel) ..." not changed
gpg: Total number processed: 1
gpg: .............unchanged: 1
gpg: ......secret keys read: 1
gpg: ..secret keys imported: 1

Karin has donned us a pirate key on her homepage

http://peter-dambier.site.voila.fr/pgp/

Down below her own key "3C07FE53.txt" and against all common sense there are both the Public Key "3C07FE53.txt" and the Private Key "3C07FE53S.txt".

When you start GnuPG for the very first time it creates the files "secring.gpg" for Private Keys und "pubring.gpg" for Public Keys. With at least one key per file you can start experimenting with GnuPG.

"cat 3C07FE53S.txt 3C07FE53.txt" prints both keys and "| gpg --import" feeds them to GnuPG.

Here is the proof:

:~$ gpg --list-keys gpg: /home/mercur/.gnupg/trustdb.
gpg: trustdb created
/home/mercur/.gnupg/pubring.gpg
-------------------------------
pub 1024D/3C07FE53 2007-12-06
uid ...............Karin Dambier (Piratenschluessel) ...
uid ...............[jpeg image of size 18239]
sub 4096g/88D783C8 2007-12-06

:~$ gpg --list-secret-keys
/home/mercur/.gnupg/secring.gpg
-------------------------------
sec 1024D/3C07FE53 2007-12-06
uid ...............Karin Dambier (Piratenschluessel) ...
ssb 4096g/88D783C8 2007-12-06

!!! Danger !!!

GnuPG has created files:

:~/.gnupg$ ls -l
total 28
-rw------- 1 mercur mercur 20082 2007-12-07 23:22 pubring.gpg
-rw------- 1 mercur mercur ....0 2007-12-07 19:12 pubring.gpg~
-rw------- 1 mercur mercur .1801 2007-12-07 23:23 secring.gpg
-rw------- 1 mercur mercur .1200 2007-12-07 23:22 trustdb.gpg

These files hold all our secret and public keys!

email programmes implementing GnuPG

LogoEvolution.png
Evolution.
 EvolutionT.png
Evolution Groupware

Evolution, the universal Gnome tool with ease of use often complains "unknown attachment" when reading emails from Thunderbird or Mozilla. You have to save the attachment as file and decrypt using GnuPG on the commandline. Not so good when having all your emails on an imap server but even worse you now have a plaintext document on your disk.

LogoIceApe.png
Iceape Logo
 IceApeT.png
Iceape

Iceape known as Seamonkey is yet another Mozilla and is supposed to use Enigmail. Mine does not know, but I can use him to show what encrypted emails look like and how you can use GnuPG with any mailer.

LogoIceDove.png
Icedove Logo
 IceDoveT.png
Icedove

Icedove, also known as Thunderbird, not only seamlessly integrates GnuPG but also a manager for your keys.

Enigmail an example with Icedove (Thunderbird)

OpenPGP001.png

Icedove wont send your first encrypted email until you fill out a form for each of your mail accounts telling Icedove wether or to sign or encrypt emails sent from this account and what key to use. Select your keys manually. Dont trust any automaton you haven't outsmarted yourself.

You dont have your own keys yet? That is what the pirates key is meant for. When you later generate your own key never forget to export and save or print your secret private key. There are to many people out there who get emails they cannot read - and they cannot revoke their key either.

OpenPGP002.png

That is not enough yet. Every time Icedove sees a new address you want to send an email to, it asks what key to use. Again do it manually. Never trust the automatic. You need to do it once only.

OpenPGP003.png

Oh, yes, really - I want to send it.

So my unknowing mailer tells me there is an email with an encrypted attachment wait for me. Here is what it looks like:

s:~$ cat encrypted.asc
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

hQQOA6ipr9+I14PIEA//dqrwx/W289ht+648i+0v7Ujh3Rt7sdN+laEm3hiTnJRW
cKkbnngjpu4HJMJUOk3siER3luc5sOeds+NQY+pRZhRDvKlth0UOYNVbKkI/xw9Q
sNpOlFuPcSX2OWBWdymrgDXHDs2jjg2TnimgZJRdZ4YZS3HnXGkBXPbbk8dSYthW
7iGgOlJlzEwcFo/A1df5nGEk6scSKedrxC4dKHXRsHvDH2VaE605v0/dohe5NtMw
ZZ1mcH+BPsuaa0xwDahAJPjTi9zxn7xyIV/xjAOEiMIFYqTm2NDn57XqZbHmhScg
f0nwH4ZSP+3Huny+0crm14MW2jImH9SXQvaEnq3fEo1whgu0FHbgsm9ZRSa/PIRn
wSsAcYRmFiSApfKugmniK7v6SLFuvMQue9Und7bEpR4Fddlqj0oW5BPfSMamOTfC
7BehUkIEWTPn6EHmrqt9OagNG4ZM0URP1EuK8Fun3O6VgTeS418VrKtO00lUZqiy
r3URgmXHlO9eFU3KHj+wdJZrfSJQvT172JwRjlLSMbq7W2GFrGm7xEwfxYG9/GIR
xxSDCBlb/aIiH/thqN09KIaeDI2ePQTtActQpwYg3z9dqqc7wtWA/9jtDT1Lp5Mh
90w8BfdwRXL0ePbQHXHof+LGIc1HX+G1tDNKK1C/tyEx47AwnACpFgN3/t9mOtsP
/i4rmvJ3Zjrsq8yzkPaExJqcZ5my0OndNlwvY8J8IStcelkTLo0gqOEIL2PblDEo
bPg+N7CkLJYyVrlwohRhZX8l3LT++EEqD/jVLL/yeygiLzDm+ex5v44e2bMIqRKT
wwwE7o3sWdyDV8QaeIuLGW1/FGJbXrdJRIuNgHDX7vLsXhV52zbF8F+zfWYb5pex
V4AW0olR+S/3+PlWDDNy/sShO8twRINWXF3EJNM0Gc5H9oEcoxdDo1SBdgxaaBe4
gIb/JS6IYQ0gleQdyRZZAy81itrMMXGSAhcJKXbW5SgsdyD+cSMRj5aiXz/fAl+e
KZfyMVHsbByiBSFJ7trTskaWyOKPoc9QdkCbqT0+6Xyk5CmlTxxizF7r2hPFBjGH
JTJenoVB1HPL9YQI7XLVk7X6VME82ThnAFk8yc8sQe8b2SbrXi7GiDlDkZXEPcTW
435mhUJZu5bYBZAw7nFdXMQy9u3AtWfk6Z7H/AVkCvZZ4jeJ0xYAuQovER3RwdPw
BxCZtFwHCjYkfzBHobpC2SbO9iEHPlukvNVZ8HnaHrbv0BRnr6ehCV+0OrOTyVvm
k2uuzw8mQn1MRdCBkzA8Y68b35piEwXVienbHpQaseF1A0XLEBSOzJJIVsFSsDjJ
EnAqrKaeb3RUzqhrlcjB6Sp1InJG/FgYb0efykW86cnBhQEOA/fKVfNChgClEAQA
g6dNfQbScOvh2rJFg02rVA3Oiuc1wAN6bmdIr21vFlpTvKUdtDy5tC+2livVMqGI
G/eG9luiyUMo4Mj4Lu48Hv90IBG32ly2vCgV/QKdDibX63dB4wyjDrDiIJZucU0c
hFly8c48ixbZOQcgVxKFpxi+chLNMBVtMp/vJEHRkEwD/Rr/2I+apuSWaipVrkdj
VkFp/5CQxUiIdoqzVXu2kzB6SeHCdD7hyPv7YlIi8bNd1tvgfTi3uz/p17YjIrWF
5vI4YRkh6EWJ2S3XUd7zvFdESdYhkHigjnsfQ9vFbticNaV0GO36zPNZ+jEepcNH
TyXiTCPvbjdYZhz8GOmNBHqw0sE9AVxl6y9RDzETKHCeo8BGsJQQ39Z883jdb0Cr
6PiBEu3YWZdGzZOysGSE5O07VrBLWaNMtjbQIlPDs2VFmIEYHOLNIoaMAX8VZnpL
J8aSZUDXgFZwhJLN9CVObSifwSb26UoH7iQFufBkpXNGg3bD0xpZJepiTDjQf3Dj
MnCalfHHr6QT8xCqlAuc4m6bK+FKcmMZOaS4mY/w/YsLmy0IudQ61JrMh7Sw9O9H
P7q2Vt9FbkmzvEBWdEOOq0ZIeMBw5gMoybCptJAFv5AypwROHLXR26xGrvweoWBU
tPqeerlh5aMHAV+w5+5nNAkMT6oKpLxE3eUcTMcfIBjxtGh6tNRP6mTjPgG2VmJW
lLtxLNekbYuQQlLMGiJBxRbGr3I9r7fX5bengt80VIaUiuMjDNaJnOKWyAMB8gqs
4JKxTLT5suim/st/j2p9ZVo2dDTbcgqdiw9TgevEH3SQKCAMCHchMogWvs6sHc/Q
qBLkHwILoUsIsHxJ3FllZSRvmrfs0YflXV1qT1pq+N6zY30tF1DPCQUaJ0EJG6sF
/yo2mD1l45wH1qLPXp5HDTDSuRBEVP7xeux3HprAqN6vlnnWXT36u3rxFE9Uj83O
SITDvWgTY/yGHFd3WwMYu2sDnY3aofGzk2UhpmN1rpia0WCcPXc80RVV5F8tjmac
qK8=
=L9NF
-----END PGP MESSAGE-----

And here is how to uncrypt it:

:~$ cat encrypted.asc | gpg
gpg: encrypted with 1024-bit ELG-E key, ID 428600A5, created 2005-06-07
"Peter Dambier (no password) ..."
gpg: encrypted with 4096-bit ELG-E key, ID 88D783C8, created 2007-12-06
"Karin Dambier (Piratenschluessel) ..."
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: quoted-printable

irgendwas
--=20
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: ...
mail: ...
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/

gpg: Signature made Sat 08 Dec 2007 17:31:24 CET using DSA key ID F70B4E11
gpg: Good signature from "Peter Dambier (no password) ..."

Thanks for the pirates key everybody can try this example for herself.

Of course it is easier to use Icedove in the first place.

Pen.png
signed email
 Key.png
encrypted email

Only those icons for signed or encrypted emails keep telling the difference from the normal emails you are used to. Klick them to learn more.

SecurityInfo.png
Security Info

But what if I dont have the right key?

PenQ.png
doubt
 PenQ1.png
no key

What if the key servers dont find the key either?

Sometimes the signature below the letter tells you where the key can be found and sometimes the mail headder does:

X-Enigmail-Version: 0.94.2.0
OpenPGP: id=EB5CCB28; url=http://peter-dambier.site.voila.fr/pgp/

If that does not help you have to ask the sender. Cut and paste or save the key to a file. Then feed it to GnuPG just like the pirates key.

Some goodies from the Icedove Keymanager:

ShowFoto.png
Show Photo
ShowKey.png
Show Key Properties

GnuPG can save a picture with your key. That may help people verifying your identity. And it does tell you the fingerprint you need when you join a key signing party.