Pretty Good Privacy (PGP)


Check the GnuPG web page for documentation on the GnuPG package:
In particular, look at the documentation, and the "Mini HOWTO" for lots of good information:

Public Key Cryptography

If GNUPG is not installed, on Ubuntu, you can simply do:

$ sudo apt-get install gnupg Creating a Public/Private Key Pair

Now that GnuPG is installed you can use the gpg command to use the Gnu version of PGP. In these steps you should do this as your user on your system (i.e. admin), not as the root user!:

$ gpg --gen-key
You will be asked quite a few questions. Picking the defaults for key type and size should be fine.

Be sure to set an expiry date when prompted.

Your PGP information will be stored in your user's account home directory under the ".gnupg" directory.

Extracting your Public Key

To extract your public key as text do:

$ gpg -a --export <your key id>
Note: "your key id" is probably your email address in this case.

To see what public keys you have installed, you can always type

$ gpg --list-keys
To place your newly generated public key on the MIT (Massachussetts Institute of Technology in Boston, Massachussetts, United States) PGP server do the following:
$ gpg --list-keys yourUserid
Look for the line that says "pub" - the second set of numbers after the "/" is your key-id. A sample such line is:
pub 1024D/E947C3B4 2007-11-28 [expires: 2008-11-27]
The string "E947C3B4" is the key-id in this case. So, to send your newly created public key to a keyserver you would do:
$ gpg --keyserver --send-keys key-id
That's it! Your public key is now available to anyone who goes to the MIT PGP server and searches on your name, email address, etc. Your key information will propagate to all the pgp key-servers worldwide within a few hours.

Generating your Public Key's Fingerprint

You calculate the fingerprint for a local copy of a public key like this:

$ gpg --fingerprint <key id>
Importing Someone Else's Public Key

Once you have obtained a public key, you can import it to your local keyring so that you can use it like this:

$ gpg --import <filename>
Note, you can, also, import public keys via email plugins. We'll be doing this later on in these exercises.

Signing a Public Key

If you have a copy of someone else's public key on your keyring and you have decided that you trust it (e.g. by verifying the fingerprint with the key's owner) and you have also decided that you trust the identity of the key's owner (e.g. by checking a passport) you can sign it. This does two things:

To sign a key:

$ gpg --sign-key <key id>

PGP with Thunderbird and Enigmail

(Sample Only)

In thunderbird you can install Enigmail which will give you access to PGP and allow you to encrypt emails that you send to other parties and to unencrypt emails sent to you using your public key. This is done a much nicer, automated fashion with Enigmail allow you to use encrypted email in a reasonable fashion.

To get Enigmail go to:
and download the Enigmail add-on for Thunderbird. Once it is downloaded you can open Thunderbird and then in the Tools menu choose "Add-ons...", click the "Install..." button, find the downloaded Enigmail add-on file and choose to install this.

Once installed you will, most likely, need to restart Thunderbid. Once you do this, then you will have a new menu in Thunderbird called "OpenPGP" - this is what you can use to encrypt messages to other users, add users to your gnupg keychain, sign your messages, etc...

Enjoy! More Information

There are many more things you can do with GnuPG than those described in these notes. For more information, see: