--------------------------------------------- "An Introduction to GnuPG" --------------------------------------------- C/O :: arp of Dynamic Hell Development Team --------------------------------------------- URL :: http://www.dynamichell.org --------------------------------------------- IRC :: irc.dynamichell.org #dhell -------------------------------------------- ============================= An Introduction to GnuPG ============================= Introduction ============ This document is an introduction to GnuPG. Explaining how it works (in abstract form), and how to use it on a UNIX-like system. It is not an in-depth look at cryptographic mathematical theory, nor is it a complete reference for PGP or GnuPG itself, it is a simple tutorial, aimed at bringing the benefits of GnuPG to a wider audience. Background ========== PGP was originally released in 1991, and provided public-key and symmetric key cryptographic functionality to other applications. Essentially it gave any application the ability to encrypt and digitally sign data, for authenticity testing purposes. However, PGP was not and is not open-source. Due to the importance of PGP in the computer industry, the GNU project saw the need for a truly free alternative to PGP and other clones. Thus, GnuPG was born. GnuPG (The GNU Privacy Guard) is a "free replacement for PGP." GnuPG is also free from any patent infringements as it does not use algorithms used by commercial alternatives. Therefore "it can be used without any restrictions", as well as distributed and modified like any other application released under the GNU General Public License. Public Key Encryption ===================== First, a program (such as gpg--the main component in the GnuPG suite of applications) will create a private-key. Using this private-key, a public-key is then created (again using gpg). Once a user has completed these two steps they are ready to start encrypting and signing their data. A user with their private-key and public-key must next distribute their public-key to other users for sending encrypted data back to their computer. Only the user's private-key is capable of decrypting data encrypted with their public key. This is why the private-key must be kept secret--any encrypted data using a user's public-key can be read by use of their private-key. Digital Signatures ================== Another use for GnuPG is digitally signing documents. For example, a user may add a digital signature to their email through the use of GnuPG (they might be concerned that someone may be intercepting and changing their data). This signature will be created by using the user's private-key as well as actual data contained in the email itself (similar to the checksum in an IP header). Once sent, the receiver's email client (using GnuPG) will be able to quickly ascertain whether the data is as originally sent; the signature will be tested against the user's public-key and the data in the email itself. If the checksum created by the client matches the checksum sent with the email (the digital signature), they can be happy that the data user X sent to him has not been tampered with. Verifiability ============= GnuPG provides other applications an interface to check data against existing keys. Therefore, only one set of keys need exist. This simplifies things for the user. They do not need to have many different keys for different applications--all applications just use the keys which gpg maintains. This simplicity has brought secure communications to the masses. Using GnuPG =========== The first thing that you must do is become familiar with the options that can be passed to GnuPG's gpg. susan@magnolia:~$ info gpg Assuming the above command worked, and you now have (at least) a vague familiarity with the types of functions that gpg provides, you are ready for the next stage; generating a private and public-key. This is relatively easy if you are familiar with the command-line environement. susan@magnolia:~$ gpg --gen-key gpg (GnuPG) 1.4.1; Copyright (C) 2005 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. You will then be asked various questions: 1) Please select what kind of key you want: (default is fine for most users). 2) What keysize do you want? (2048 is fine for most users). 3) Please specify how long the key should be valid for: (1 year is fine for most users). 4) Is this correct ('y' unless you made a mistake). 5) Real name: (Enter the user's real name--usually your own). 6) Email address: (Enter the user's email address--usually your own). 7) Comment: (Can be left blank for most users). 8) Enter a passphrase to protect your secret key: (Choose a password). Note: The generation of the private key can take a considerable amount of time on some systems. It often helps to move your mouse around and perform other tasks to increase the entropy pool (random bits), used and required by this process. Once this phase has completed, the key will be generated and placed in $HOME/.gnupg/trustdb.gpg. Do not distribute this file, keep it safe. To generate a public-key (pub_key.asc), which you can distribute to trusted sources, or even the general public, use the following command: susan@magnolia:~$ gpg -a --export Fullname > pub_key.asc Note: You must follow the --export option with the full name or email address you specified when creating your private-key. If you are unsure of what your full name is then use the --list-keys option with gpg. It will list the available keys and their alias. Using GnuPG with other Applications =================================== Now that you have a private-key and are able to generate public keys, you are ready to start signing and encrypting data. To illustrate just how easy this is, an outline of the steps necessary to configure both email signing and encryption using Evolution follows: 1) Open Evolution. 2) Goto Edit->Preferences. 3) Goto Mail Accounts, select your account and press 'Edit'. 4) Select the security tab. 5) Enter the email address, or username you chose when creating your private-key, into the 'PGP/GPG Key ID' text box. 6) Select security options available. Such as 'Always sign outgoing messages when using this account.' 7) Click 'Okay'. GnuPG is now configured to work with Evolution using the security options you selected. Encryption can be enable on an email-to-email basis. Just select the security menu and then 'GnuPG Encrypt'. It's really that simple, and the steps are very similar to those needed by other applications such as Mozilla Thunderbird. Copright (c) 2006. Alastair Poole. Verbatim copying and distribution of this entire article are permitted worldwide, without royalty, in any medium, provided this notice, and the copyright notice, are preserved.