Introduction
Check the GnuPG web page for documentation on the GnuPG package:
Public Key Cryptography
If GNUPG is not installed, on Ubuntu, you can simply do:
Now that GnuPG is installed you can use the
Be sure to set an expiry date when prompted.
Your PGP information will be stored in your user's account home directory under the ".gnupg" directory.
Extracting your Public Key
To extract your public key as text do:
To see what public keys you have installed, you can always type
Generating your Public Key's Fingerprint
You calculate the fingerprint for a local copy of a public key like
this:
Once you have obtained a public key, you can import it to your local
keyring so that you can use it like this:
Signing a Public Key
If you have a copy of someone else's public key on your keyring and
you have decided that you trust it (e.g. by verifying the fingerprint
with the key's owner) and you have also decided that you trust the
identity of the key's owner (e.g. by checking a passport) you can
sign it. This does two things:
To sign a key:
(Sample Only)
In thunderbird you can install Enigmail which will give you access to PGP and allow you to encrypt emails that you send to other parties and to unencrypt emails sent to you using your public key. This is done a much nicer, automated fashion with Enigmail allow you to use encrypted email in a reasonable fashion.
To get Enigmail go to:
Once installed you will, most likely, need to restart Thunderbid. Once you do this, then you will have a new menu in Thunderbird called "OpenPGP" - this is what you can use to encrypt messages to other users, add users to your gnupg keychain, sign your messages, etc...
Enjoy!
More Information
There are many more things you can do with GnuPG than those described
in these notes. For more information, see:
http://www.gnupg.org/
In particular, look at the documentation, and the "Mini HOWTO" for
lots of good information:
$ sudo apt-get install gnupg
Creating a Public/Private Key Pair
gpg command
to use the Gnu version of PGP. In these steps you should do this as your user on your system (i.e. admin), not as the root user!:
You will be asked quite a few questions. Picking the defaults for key type and size should be fine.
$ gpg --gen-key
Note: "your key id" is probably your email address in this case.
$ gpg -a --export <your key id>
To place your newly generated public key on the MIT
(Massachussetts Institute of Technology in Boston, Massachussetts,
United States) PGP server do the following:
$ gpg --list-keys
Look for the line that says "pub" - the second set of numbers after the "/" is your key-id. A sample such line is:
$ gpg --list-keys yourUserid
The string "E947C3B4" is the key-id in this case. So, to send your newly created public key to a keyserver you would do:
pub 1024D/E947C3B4 2007-11-28 [expires: 2008-11-27]
That's it! Your public key is now available to anyone who goes to the MIT PGP server and searches on your name, email address, etc. Your key information will propagate to all the pgp key-servers worldwide within a few hours.
$ gpg --keyserver pgp.mit.edu --send-keys key-id
Importing Someone Else's Public Key
$ gpg --fingerprint <key id>
Note, you can, also, import public keys via email plugins. We'll be doing this later on in these exercises.
$ gpg --import <filename>
$ gpg --sign-key <key id>
PGP with Thunderbird and Enigmail
https://addons.mozilla.org/en-US/thunderbird/addon/71
and download the Enigmail add-on for Thunderbird. Once it is downloaded you can open Thunderbird and then in the Tools menu choose "Add-ons...", click the "Install..." button, find the downloaded Enigmail add-on file and choose to install this.
http://www.gnupg.org/