|
|
An Unauthorised Guide to PGP Cryptography
PDF version
Introduction
Pretty Good Privacy by Phil Zimmermann is the industry standard in public-key
cryptography. Public-key cryptography uses a pair of keys: a public key, which
encrypts data, and a corresponding private key, for decryption. You publish your
public key to the world while keeping your private key secret. Anyone with a
copy of your public key can then encrypt data that only you can read. Conversely
you can send anyone an encrypted message with their public key which only they
can read.
PGP is useful for encrypting messages, files and folders, although Secure Multipurpose Internet Mail Extensions
are becoming more popular, which integrate PGP into email. However not all email clients support
S/MIME and it requires an X.509 Certificate issued by a Certificate Authority (CA).
It is essential that the PGP software is open source to ensure that there is
no hidden "back door key" which might enable state agencies or others to decrypt it.
Which PGP Version?
PGP Desktop 9 and later versions can only be used for a limited period before online registration is required.
Some earlier versions of PGP are available at The International PGP Home Page
PGP Desktop 803 is available
free for unlimited use from PGPDesktop803.zip
Note: PGP Desktop 803 cannot be installed on Vista or Windows 7
See Installing PGP Desktop 8.0.3 on Windows XP
PortablePGP is available in a free USB memory
stick version which can be used anywhere without installation on Windows and some GNU/Linux.
Text messages are encrypted and decrypted simply by copying and pasting.
See Using PortablePGP
GNU Privacy Guard
or GPG is the premiere open source implementation of OpenPGP encryption.
GnuPG is available free from Gpg4win (Windows),
Mac GPG (Mac) and is available in some GNU/Linux flavours.
Note: The right click shell extension (GpgEX) component is not currently available for 64-bit Windows versions,
although the optional GNU Privacy Assistant (GPA) component has the same functionality.
This creates a .txt.asc file. Open this file in Notepad (right click, Open With..., select Notepad),
highlight the entire message including dashes (Ctrl + A) and copy (Ctrl + C). Open a new
message in your e-mail client and paste in the text (Ctrl + V). Your message will
appear as below. (Leave the message subject blank to maintain confidentiality.)
-----BEGIN PGP MESSAGE-----
Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com
qANQR1DBwU4DAcfrj5EABKkQB/4p9aH09qb1JRM3/cEdpgKtC/zF9PLyQL7ceHww
csIhSjqx4RIyeDt3QQWVq2MPSvnJlJBpWC8n5QCqcLqbDQ1WSL/hjA6Dq4+RjrFs
UG+/UzwlrEc5HyM06RtgfDOSc0gPNMfBaLSl8EOinrIz3xJQqtJ0/Q3pFK6UnQNC
akq/Dru8aB4xvZ6Va4NLkN0qnUhXMmPJqoTEmoDhhhZj1Wj/OVmhC/2I8YkaLBV1
ruHsMkcp6fmbZ5DyMm4//VyhXpF7naWLm59w8yxxLqWJbFN8j3KpY0C2lKxi6wzF
w7E46N8n5hhvyX8RacfEN2Y/uk+6sWZetKyS8AKnJEDXnoB3B/sGIZVgOEqMSV+S
s13td/OTRbTZYgm67zgPsV1ghQFQIw35R543BNiMLFzA0MP5xRR4h5hayciHpUpA
eTSfIVu4pKHq9rCovyaArVgtsNWtfzNq35VpNGscWrIMZLXjrJa48rYJF2v5GFKi
RDMFqhRWO5ahYyR8XNYhakKsLN3homjPMyQgM/GDFv1Xu47EIJrs/UVQM//3c9VA
M+BiSMmdu9KVSXkMLuPdXxQsiDiDkE8Jb8DOh0SuhCeGZ/7u6IfYGseqqMqNICYq
7xPXFOpoP8+87SZVoAK+8UZWcYHAL/pddmJrR5Q//6cnbjuxm58iTqiKq1xJoNu9
S3QMI3FK0kcBADMQrk7WQY3wxzNRuGb+XBt08TZ+gI5SS9bSa4A9/2e7uo9bDLrG
B6h/JaAFEmq+BoYDcowJTZVAZTPxvcoMqSKOeyTEMg==
=beEb
-----END PGP MESSAGE-----
To read an encrypted message:
Highlight the entire message including dashes
and copy (Ctrl + C). Open Notepad, paste (Ctrl + V) and save as Message.txt.asc
in the File name box. Then right click on the file and select PGP > Decrypt &
Verify. Enter the passphrase for your private key and click OK. The decrypted message will be saved as a text file.
However, if the message was sent from a different encryption application, the
decrypted message may be saved with an asc extension which can be opened in
Notepad (right click, Open With..., select Notepad).
To delete messages securely:
Right click the message and select PGP > Wipe. The number of passes can be selected in PGPkeys > Edit > Options...
If another encryption application is used without a wipe facility,
files and free disk space can be wiped with File Shredder.
Problems with File Attachments
If you do not select text output when encrypting, the file created will have
a pgp extension which can be sent as an email attachment. However, if the person receiving the message is
not using the same encryption application, they may not be able to
open the file. Similarly, if the message is written with a word processor and encrypted (e.g. doc.pgp), the
message receiver will not be able to read it unless they have the same one installed. So writing messages in
Notepad and sending them as text is more reliable.
Uninstalling PGP Desktop 8.0.3 from Windows XP
Use Add or Remove Programs in Control Panel or launch PGPDesktop.exe to remove PGP 8.0.3.
In addition certain folders and files need to be removed before a clean installation can be made.
To view them open My Computer and select Tools > Folder Options..., click View tab and select Show hidden files and folders.
My Documents: delete PGP folder (save key pairs elsewhere if required)
C:\Documents and Settings\All Users\Application Data: delete PGP Corporation folder
C:\Documents and Settings\%username%\Application Data: delete PGP Corporation folder
C:\Documents and Settings\%username%\Local Settings\Application Data: delete PGP Corporation folder
C:\WINDOWS\Prefetch: delete the following files and any others that begin PGP:
PGPDESKTOP.EXE-2384880D.pf
PGPKEYS.EXE-078E234A.pf
PGPMAIL.EXE-0B4ABE10.pf
Using PortablePGP
We will need to view file extensions which are hidden by default. To view them
in Windows 7 open Windows Explorer and select Organize > Folder and search
options, click View tab and untick Hide extensions for known file types.
Unzip the downloaded file onto a USB drive. This creates a folder entitled
usb_version (single click on the folder or F2 to rename). Double click PortablePGP.exe within the folder to launch:
Insert a name and a passphrase - the longer the better. US export legislation only permits Java
with 128 bit encryption (7 characters), although PortablePGP includes Java with
unlimited strength encryption.
To export your public key:
To export your public key, click Keyring on the PortablePGP menu, highlight
your name under Public Keys and click on the floppy disc symbol to export to a file.
Type in a name.txt and save to the Desktop (it doesn't make a text file by default).
Open the file and select it all including the dashes (Ctrl + A), copy (Ctrl + C) and paste into your e-mail client (Ctrl + V).
Alternatively the text file can be attached to an email.
To import a public key:
Highlight the key including the dashes and copy (Ctrl + C). Open Notepad (All Programs, Accessories),
paste it in (Ctrl + V) and save as a text file on the Desktop. Ensure that there are no spaces or blank
lines before -----BEGIN PGP PUBLIC KEY BLOCK-----. Click Keyring on the PortablePGP menu
and then click the down arrow after Public Keys to import from a file.
To send an encrypted message:
Click Encrypt on the PortablePGP menu and select the Encrypt Text radio button.
Type your message, select the Target recipient and click Encrypt. The Text
Editor will open - click Copy to clipboard and paste into your e-mail client
(Ctrl + V). Alternatively the encrypted message can be saved as a text file
and attached to an email. (Leave the message subject blank to maintain confidentiality.)
To read an encrypted message:
To read a message select Decrypt on the PortablePGP menu and the Decrypt ASCII-Armored
Text radio button. Highlight the message including dashes and copy (Ctrl + C),
then paste it into the box (Ctrl + V) and click Decrypt. You will be prompted to
enter your passphrase and the Text Editor will then open with the message. Alternatively the encrypted message can be
saved as a text file and decrypted using the Decrypt a file radio button.
To delete messages securely:
Since PortablePGP does not include a wipe facility, files and free disk space
can be wiped with File Shredder.
Other sites by the same author:
www.customsrogues.20m.com PDF version
www.difficultyswallowing.20m.com
www.mescaline.20m.com PDF version