Using PGP to Encrypt Messages

One of the easiest and most effective ways to ensure your privacy is through encryption. If you wish to hide top-secret documents on your laptop, or even if you wish to send a private e-mail--encryption is a versatile tool which allows you to do either of these things, and more.

PGP stands for "Pretty Good Privacy". PGP isn't absolutely unbreakable (it is however, "Pretty Good"). It uses a 2 key cryptosystem (public and private keys). PGP uses these keys with some math formulas to distort your file. It's kind of like solving a cryptograph in the newspaper. When you try to solve one, you inevitably make a key which will tell you which letters correspond to which other letters. If a certain encrypted letter appears, you can look at your key to tell you what the real letter is. As a simple method, consider the following scheme for changing from actual letters to encrypted letters: 


encrypted letter:  A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
   actual letter:  C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
In this scheme to "unscramble" (or more technically, decrypt) a message, every time you see the letter A in the encryption, you'll replace it with the letter C. Every time you see the letter B, you'll replace it with the letter D, and so on. So the message 

A-M-K-N-S-R-C-P-Q  P-M-A-I
translates to 

C-O-M-P-U-T-E-R-S  R-O-C-K
To scramble a message (called "encrypting" a message), just convert letters the other way around. Computer encryption algorithms are much more complicated, but the basic idea is the same.

PGP is a public-key/private-key cyryptosystem. The idea behind it is this: if someone else has encrypted a file with YOUR public key, the only way that you can view that file is by unlocking(decrypting) it with YOUR private key. On the other hand, if you have encrypted a file with your private key, the only way your friends can read this file is by unlocking it with your public key. This second scenario seems redundant at first--everyone already has your public key, so you wouldn't be hiding information from anyone. Instead, you use your private key to sign, or authenticate the message you send with a digital signature.

It's actually a little more complicated than that, but we don't need to go into that here.

It usually works like this--you and a friend each create a public and private key. You exchange public keys (and keep the private keys to yourself). If you want to send a message, you write it (in pico, maybe), and then you encrypt it using your friend's public key and sign it using your private key. To unlock this file, your friend must therefore have your public key (which presumably everyone has), as well as his own private key.

Generating a Public and Private Key-Set

  1. Log into your Grove account.
  2. In order to use encryption, pgp requires us to have a directory called .pgp. To do this, type

    mkdir .pgp

  3. Next, type

    pgp -kg

    All pgp encryption commands are preceded by pgp. The text -kg is a command line option. An option is always preceded by a minus sign; it provides the PGP program with additional instructions. The option -kg tells PGP that we want to create a public and private keyset. You can think of -kg as standing for key generation. Upon typing this command, you should be given some information about PGP, and prompted for the RSA toolsize. It's basically asking how strong an encryption we want to use.

  4. Type 2 and press return.
  5. PGP will now ask you for a user ID. Type in your full name followed by your e-mail address enclosed in angle brackets. For example,

    Joe Schmoe <c3063jjj@grove.ufl.edu>

  6. Now, you'll be asked to enter and verify a pass phrase. As usual, choose this phrase wisely, and be sure to remember it (you'll need it to decrypt your messages).
  7. Next, PGP will ask you to type randomly. The intervals between your keystrokes will be measured, and used to generate your keys. When you have typed enough, the computer will beep. After a bit of work, PGP should tell you that your keys have been generated successfully.
To look at your keyring (that's a list of all the keys you have), type in the command

pgp -kv

You can think of the -kv as standing for keyring view.

Sending a Friend Your Public Key

You'll first want to extract your public key to a file.

pgp -kxa "userID" filename

Here, "userID" and filename are command line parameters. The above line contains both these command line parameters, and the command line options, -kxa.

UserID should be replaced with the user name that you specified when you created the keyring. Actually, you only need to specify a small part of the name (PGP is pretty smart--it'll choose the correct key for you). For example, if your user ID was "Joe Schmoe ", then the command

pgp -kxa "Schmoe" Schmoekey

is exactly the same as the command

pgp -kxa "Joe Schmoe <c3063jjj@grove.ufl.edu>" Schmoekey

Both of these will extract Mr. Schmoe's public key to a file called Schmoekey.asc (PGP automatically adds the "asc" extension to specify that this is an ascii text file). You can think of the -kxa as standing for keyring extract to an ascii-file.

Once you have a your public-key file, you will need to supply it to people (they will use your public key to encrypt any files or e-mails that they wish to send to you). Some people place their public key on their homepage. Some people register their public key to a PGP Public Key Server. If you are interested in doing this, go to http://www-swiss.ai.mit.edu/~bal/pks-commands.html. It's a pretty easy process.

On the other hand, you could simply e-mail your public key to your friend. One way is to ftp your public key file to your home computer, and then send it as an attachment to an e-mail. Or if you'd like, you could use pine (the ^R option allows you to read a file into the body of the document). An even simpler method is to mail it from the command line:

mail billybob@hotmail.com < Schmoekey.asc

See our e-mail tutorial if you'd like more information on using Unix mail.

Adding Your Friend's Public Key to Your Keyring

Okay, so you've sent your friend your public key via e-mail, or through some other method. Your friend should send you his or her public key. You've got to get that key (alone, in a file by itself) to your grove account. One simple way to do this is to copy and paste. For example, lets say you receive an e-mail which contains the following text: 

Joe,

Just wanted to say hello and give you my public key.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBtAzqX4hgAAAEDAL6w94EU8+cCrnMse1y1H5PQbdGZwvlJ9hzZOK3v4S8ahrnO
SwzWj6a9D+XWGhAgS5NTvzquQu9olujrCTLfjwrDDgsx7c2UlSnVU1OBuXDvVdFR
88dupVXIzBQg03PLnQAFE7QHbm92YWxpZA==
=nK1F
-----END PGP PUBLIC KEY BLOCK-----

Say hello to the wife.  Say hello to the kids.  Work is fine. 
blah, blah, blah, blah
See you soon.

--Bill

You'll want to highlight and copy the public key block--this part: 



-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBtAzqX4hgAAAEDAL6w94EU8+cCrnMse1y1H5PQbdGZwvlJ9hzZOK3v4S8ahrnO
SwzWj6a9D+XWGhAgS5NTvzquQu9olujrCTLfjwrDDgsx7c2UlSnVU1OBuXDvVdFR
88dupVXIzBQg03PLnQAFE7QHbm92YWxpZA==
=nK1F
-----END PGP PUBLIC KEY BLOCK-----

Paste this into a textfile, and save it to your grove account. If you check your e-mail using pine, you would simply highlight and copy the public key block, quit pine, and type

pico file.asc

to open the pico text editor. To paste into pico, press the right or middle mouse button (depending on what operating system you are using). Press ^X to save, and press return.

If your friend sent his key to one of your non-grove e-mail accounts, the process is similar. In this case, highlight and copy the public key block. Open Notepad (in the accessories submenu). Paste the text, and save the file to your desktop as file.asc (be sure to remember the asc extension). Then you'll want to ftp file.asc to your grove account.

Once you have transferred the key-file to your grove account, type the command

pgp -ka file.asc

This command tells PGP to add the public key contained in file.asc to your public key ring. PGP will do some work--it might ask you if you wish to certify a key. Don't worry about this--just type N and press return. You can think of the -ka as standing for keyring add.

To see that the new key has been added to your keyring, you could again type

pgp -kv

Encrypting a Message

Finally, the good part. Using the pico text editor, type a quick message of your choosing. Press ^X to save the message and exit pico. The name new_file is a good enough name.

pico new_file

Now for the encryption: from the command line, type

pgp -sea new_file "Schmoe"

The extension -sea tells PGP that you wish to encrypt (or sign) this file with your secret key, that you wish to encrypt this file with your friend's public key, and that you wish for it to produce an ascii file. You can think of -sea as meaning sign and encrypt to an ascii file.

PGP will print some text to the screen, and then prompt you for your secret password. Go ahead and enter it. Again, if PGP asks you to certify a key, just press n.

The final line that PGP should print to the screen should say

Transport armor file: new_file.asc

That's it! You're done! Just e-mail this encrypted message to the same friend you mailed your public key to.

Decrypting a Message

Alright--so you've sent your friend your public key, and you've sent your friend an e-mail encrypted with your private key, and with his public key. What if your friend sends you an e-mail which contains an encrypted message?

First, you'll want to copy the encrypted part of the message, and paste it into a file. This won't be anything new--if you receive a file that has this text: 

Here's that sensitive information that you asked for:

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

hGwDDut/qQKWMx0BAwCGgTJTeiT+3sqq9Hd6D6Jw81IveoMSO/89t5sLyQS284YI
nTWNoHvo4v3vLEcNkjFk2k4vjm7k28GWLeyR5u/g4Qwxob4TLcLH8m4Jyw3pyj9I
G+ztP/OwgbuPBFiSDkumAAABjBNK41Wx1s24QR4sUQKYr3Znv0+rL5xmNaqDZ9QU
fNNMO8B0nCGQCp7fo4hAcNDxfh66QRXeSjSg0dhpATu8jdDpQZIVZDGK4pYkxx66
ZkYhXlzGO/Hy3njkmFtfrx8zKu3zOXruGiJNLkFyQ+k9U2Qfpl7Nm0naPZUrA57C
8akkTlRZKeymp4Iv6tJ0BsSeKOgkNDYCKwHjg6mGE0YqfT5Uo9X/U5S1vN+bloeV
nLH8xUsNeZfcBPyQvIWSOUBjT1bhEaiAt11w37MRcL5GB6PIbwMteJeK09KMwUGe
qyuWDhG+K0nrIYkKSj3V+NE0FkTQb+IMpUBxeCkJiwPghfzKqT5A2SnsEBkZXsBx
SwqgpgNyUIpdFdLi+1MPj/U2fkGCGoDhvkDX3b43EinfeTCU/qiEqPW4rwzRFZvR
F+QO+ox+4VtnS+wVKKsVWV6u3+lEVpwx/r3he3ORU9XnKBp3Ixp+vfF5R7m4ab6C
2cFjJl/FW26QG4mKYt7jlRDgMzBeDty3CU0DKXRPPA==
=1YBq
-----END PGP MESSAGE-----

Take care,

Joe

Just copy the PGP Message portion the same way that you copied your friend's public key. Paste the text into a file, and save that file using an asc extension (for example, filename.asc). Make sure that this file is in your grove account.

At the grove command prompt, just type

pgp filename.asc

PGP will prompt you for your secret password. Enter it, and press return. The final line of the PGP output should read

Plaintext filename: filename

To view this file, simply type

pico filename

and press return.

For more information about security (specifically about Netscape) see Introduction to Public-Key Cryptography. If you have Adobe Acrobat, you can download an easy-to-read pdf manual--click on IntrotoCrypto.pdf on the PGP Documentation webpage. You can also download a Windows version of PGP from the PGP Freeware page. It's much easier to use, and has ample documentation. The Windows version makes some low-level changes to your operating system, however. We suggest you download it only if your extremely serious about PGP.



Please send comments to CGS3063 STAFF