Wed 24 Sep 2008
Installing and Using PGP or HOW TO DO THE STUFF I TALKED ABOUT IN THE LAST POST
Posted by admin under Crypto, Tips
No Comments
Installing and Using PGP or
HOW TO DO THE STUFF I TALKED ABOUT IN THE LAST POST
This should be no more than a 15-minute process but as the disembodied voice says, your experience may vary. It looks long but it’s not really that bad.
Part 1) Install PGP
1) The basic functionality of PGP (encryption/decryption/signing…) is available for free in perpetuity as part of PGP Corporation’s PGP Desktop software license. Go to www.pgp.com and click on the “Evaluation” link towards the bottom of the page.
2) Select “PGP Desktop Trial Software (Desktop Client Only)”.
3) Read the text and the license agreement at the bottom of the page. Check the box to accept the license and click “Accept”.
4) Fill out the required information and submit it. PGP Corp will email you a download link to the software. Open the link and click the white “Download” button on the left side of the page.
5) Unzip the downloaded package. There are two files inside and unzip the larger one. The small file is a signature package to verify that the files are legitimate.
6) Follow the install instructions. Reboot as necessary.
Part 2) Creating Your Keys
1) Open up the PGP Desktop and click on “File -> New PGP Key”
2) Follow the instructions and type in your name and email, etc. This will be one of the ways for people to find you. Don’t use aliases unless people can link you to your alias!
3) Enter your passphrase. You can type anything you want in here. Go ahead and use numbers and spaces and wierd symbols. Make it 1) long enough and varied enough to be secure (look at the little bar at the bottom) and 2) short and easy enough that you can type it all the time.
4) Click, click, click and finish.
5) Congratulations! You made a keypair! That’s right, in that little icon is a private key for you and a public key for the world. Don’t give out your private key. Give your public key to *everybody.*
Part 3) Upload your keys and Download others’ keys
1) Go to “Tools -> Edit Keyservers”
2) Add any servers you’d like. I recommend looking at this page (http://www.rossde.com/PGP/pgp_keyserv.html#pubserv) and adding the servers in bold. Be sure to select whether the server is LDAP or HTTP and enter the correct port number. For example, I would select Type:” PGP Keyserver HTTP”, Address: “cryptonomicon.mit.edu”, port: “11371″ and click “OK”.
3) Click on the “All Keys” tab at the top left of the window, find your key and right click to select “Send to -> cryptonomicon.mit.edu”. This will upload your key to the server so that others can find encrypt messages that only you can read.
4) Then click on “Search for keys” and from the dropdown box at the top of the screen select “Everywhere”. This will search all the servers for the key you want. You can also select particular servers if you know which one you want.
5) In the search box, type “xinophobia” and click search. Right click on the most likely-looking result and add it to “All keys”.
5a) My key is on my Contacts page.
Part 4) Excitement! Sending encrypted email
1) Log into your gmail. (The process is mostly the same for desktop email programs)
2) Write a message to someone (ex. xinophobia)
3) Place the cursor in the main body of the text. Find the PGP lock icon on the system tray (lower right side of the screen) and right click on it. Select “Current window -> Encrypt and Sign”
4) Select the recipient of the message and drag it to the “Recipients” box. Click “Ok” and then enter your passphrase to sign it with your key.
5) The plaintext message is automatically replaced with the a strange looking cyphertext block. If not, try pasting the cyphertext from the clipboard.
6) Send it!
Part 5) What to do when you get encrypted email
1) Place your cursor in the body of the cyphertext.
2) Right click on the PGP icon and select “Current Window -> Decrypt and Verify”
3) Enter your key and a box will pop up with the message. If you like, the message can be copied to the clipboard and pasted somewhere else.
4) Read your friend’s encrypted message about this weekend’s BBQ!
Part 6) Sharing your keys
1) Tell your friends where you uploaded your key.
2) Select your key in PGP desktop and click “email this key”.
—The End—
—Epilogue—
Please don’t forget your passphrase. Don’t write it down anywhere! Just don’t forget it. If you use your key everyday, you’ll be pretty safe. It is rumored that “The Government” (which one???) can crack PGP but it’s unlikely “The Government” will help you if you forget your key.
As case law stands now, you are not required to divulge your passphrase. There is still a great deal of controversy as to whether or not encryption is really protected under the 5th Amendment. Try to stay out of trouble.
Any tool which can be used for good can be used for evil and vice versa. (Generally speaking this is true. I’m struggling to come up with a “good” use for Puppy-kicking Boots. Whoever invented that needs to be shot.) Use PGP for good!