File and email encryption with GnuPG (PGP) part four

    Date12 Mar 2004
    3455
    Posted ByAnthony Pell
    GnuPG and other PGP implementations allow you to encrypt (scramble the data so only intended recipients can read it) and/or sign (provide proof that the data has been unaltered in transit). As you should remember, PGP keys are made up of two parts, a public key and a private key. The public key can (and in most cases should) be available to anyone - there's no harm in allowing it out to the entire world. The private key should be kept somewhere secure, protected with a strong passphrase. . . . GnuPG and other PGP implementations allow you to encrypt (scramble the data so only intended recipients can read it) and/or sign (provide proof that the data has been unaltered in transit). As you should remember, PGP keys are made up of two parts, a public key and a private key. The public key can (and in most cases should) be available to anyone - there's no harm in allowing it out to the entire world. The private key should be kept somewhere secure, protected with a strong passphrase.

    So, in order to communicate with other parties, we'll need to be able to get a copy of their public key. When encrypting a file, you encrypt it to their public key. When verifying an electronic signature, you verify it by decrypting the pgp signature with their public key.[1] Without their public key, you can't encrypt or verify, it's as simple as that.

    In order to be sure you're talking with the correct party, you need to do two things: first, get a copy of their public key, and second, verify the key. This week we'll cover the former.

    The easiest way to get a key is if they've put it up on a PGP key server. For example if you know their keyid is D5D3BDA6, you can retrieve it as follows:

      $ gpg --recv-key D5D3BDA6
    gpg: key D5D3BDA6: public key "John Doe ... This email address is being protected from spambots. You need JavaScript enabled to view it." imported
    gpg: Total number processed: 1
    gpg: imported: 1 (DSA: 1)


    In order for --recv-key to work, you need a line like the following in your ~/.gnupg/gpg.conf or ~/.gnupg/options file:

     # Use the US PGP keyserver
    keyserver wwwkeys.us.pgp.net


    Most PGP keyservers synchronise with each other, so pick one close to you.

    To put your key on a keyserver, use --send-key:

      $ gpg --send-key mykeyid
    gpg: success sending to `wwwkeys.us.pgp.net' (status=200)


    If you've received a signed file or email from someone, then you already have access to their keyid. For example Mutt[2] can be configured to attempt to verify the signatures on every email by default. If you don't have the other party's public key installed, it'll tell you it can't verify it, but will let you know the public key that was used:

    PGP output follows (current time: Wed Feb 25 07:06:06 2004) 
    gpg: Signature made Wed Feb 25 04:30:51 2004 PDT using DSA key ID D5D3BDA6
    gpg: Can't check signature: public key not found

    End of PGP output


    In the above output, you can glean that the user's keyid is D5D3BDA6.
    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"4","type":"x","order":"1","pct":80,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":20,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.