Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Using PGP

advertisement 
Electronic Commerce : Using PGP
Cryptography: Using PGP
I. Generating and managing keys
• Listing, extracting and sending keys
• Adding, and removing keys
• Key signing and the web of trust
II. Encrypting files
• Encrypting with signature
III. Decrypting files
IV. PGP options
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Cryptography: Using PGP
I. Generating and managing keys
Note: To use PGP while using “pine”
you may begin at the <pine> menu and
then type:
"!"
This will put you at in the UNIX shell
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Generating a Key
1. To create your PGP directory, at the UNIX prompt
type:
mkdir .pgp
2. To start up the PGP software, at the UNIX prompt,
type:
pgp -kg [Key generation]
3. Choose a key size. For faster operation, choose
"1" (512 bits)
For more secure operation, choose
“3" (1024 bits)
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
4. Enter a user ID that your key will be known by - use
Firstname Lastname
<yourID@study.haifa.ac.il>
(You should use your name and username)
5. Your private key will be encrypted so that if it is lost,
someone else cannot use it
You must type in a passphrase that will be used to
encrypt your password
The passphrase can be as long as you want, and can
include punctuation
6. The computer will generate some random number to
use to create the keys
Wait until the system responds that the keys have
been generated
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
You see:
I won’t repeat
this again
ezmail% mkdir pgp
Type 'exit' to return to Pine.
ezmail% pgp -kg
Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the
masses (c) 1990-1994 Philip Zimmermann,
Phil's Pretty Good Software. 11 Oct 94
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data
Security, Inc Distributed by the Massachusetts Institute of
Technology. Export of this software may be restricted by the
U.S. government.
Current time: 1998/02/03 21:59 GMT
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
And:
Pick your RSA key size:
1)
512 bits- Low commercial grade, fast but less secure
2)
768 bits- High commercial grade, medium speed, good
security
3)
1024 bits- "Military" grade, slow, highest security
Choose 1, 2, or 3, or enter desired number of bits: 1
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
You see:
Choose 1, 2, or 3, or enter desired number of bits: 1
Generating an RSA key with a 512-bit modulus.
You need a user ID for your public key. The desired form for
this user ID is your name, followed by your E-mail address
enclosed in <angle brackets>, if you have an E-mail address.
For example:
John Q. Smith <!2345.6789@compuserve.com>
Enter a user ID for your public key:
Rafaeli <sheizaf@gsb.haifa.ac.il>
Electronic Commerce
Prof. Sheizaf Rafaeli
Sheizaf
Electronic Commerce : Using PGP
You see:
You need a pass phrase to protect your RSA secret key.
Your pass phrase can be any sentence or phrase and may have
many words, spaces, punctuation, or any other printable
characters.
Enter pass phrase: XXXXXXXXXXXX
Enter same pass phrase again: XXXXXXXXXXXX
Note that key generation is a lengthy process.
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Then you see:
We need to generate 240 random bits. This is done by
measuring the time intervals between your keystrokes. Please
enter some random text on your keyboard until you hear the
beep:
0 * -Enough, thank you.
....**** ........****
Key generation completed.
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Listing the keys in your keyring
To list the keys in your (public) keyring, type:
pgp -kv [Key view]
To list the keys in your public keyring with just
signatures, type:
pgp -kvv [Key view verbose]
To list the keys in your public keyring with
signatures and levels of trust displayed, type:
pgp -kc [Key check]
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
You see (-kv)
ezmail% pgp -kv
Pretty Good Privacy(tm) 2.6.2 - ...the U.S. government.
Current time: 1998/02/09 18:55 GMT
Key ring: '/home/u3/sheizaf/.pgp/pubring.pgp'
Type bits/keyID
Date
User ID
pub
512/7E3E525D 1998/02/09 infosoc
<infosoc@research.haifa.ac.il>
pub
512/897B0849 1998/02/08 Sheizaf Rafaeli
<sheizaf@gsb.haifa.ac.il>
2 matching keys found.
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
You see (-kvv):
ezmail% pgp -kvv
Pretty Good Privacy(tm) 2.6.2 ...U.S. government.
Current time: 1998/02/10 14:14 GMT
Key ring: '/home/u3/sheizaf/.pgp/pubring.pgp'
Type bits/keyID
Date
This key is
signed by me
User ID
pub 512/7E3E525D 1998/02/09 infosoc
<infosoc@research.haifa.ac.il>
sig
897B0849 Sheizaf Rafaeli <sheizaf@gsb.haifa.ac.il>
pub
512/897B0849 1998/02/08
<sheizaf@gsb.haifa.ac.il>
Sheizaf Rafaeli
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Extracting a key from your keyring
This takes a key from your keyring and puts it in a file,
which you can send to someone via e-mail
1. To extract a key from your keyring, type:
pgp -kxa email@address -or- userID filename
(optional) [Key extract armored]
where email@address or userID is the e-mail address
or userID of the key that you want to extract from your
keyring (usually your own!)
2. The computer will prompt you for a file name you
use to save your public key
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
You’ll see:
ezmail% pgp -kxa Sheizaf
sheizafkey
Pretty Good Privacy(tm) 2.6.2... the U.S. government.
Current time: 1998/02/09 18:42 GMT
Extracting from key ring: '/home/u3/sheizaf/.pgp/pubring.pgp',
userid ”Sheizaf".
Key for user ID: Sheizaf Rafaeli <sheizaf@gsb.haifa.ac.il>
512-bit key, Key ID 897B0849, created 1998/02/08
Transport armor file: sheizafkey.asc
Key extracted to file ’sheizafkey.asc'.
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
You’ll see:
-----BEGIN PGP PUBLIC KEY BLOCK----Version: 2.6.2
mQBNAzTeFVMAAAECAOd0Go+wiJTLZPvfMIgm/dT7KJVzA+o4Neph7Sce58KRS8SD
Y3+MJ9BXs65NgFo2+gpvd4ruQd72bmkyp4l7CEkABRG0J0hvd2FyZCBSb3NlbmJh
dW0gPGhyb3NlbmJhQGluZGlhbmEuZWR1PokAVQMFEDTgZLZuaTKniXsISQEBnUQC
ANF+5c6iRahTuoa5sh8UGKG+RDethVz9C1+2nfsUMvFPLNcq7pZmH43dsSJXWtaW
ws9yRzi7G94pdp7MlIwEKDi0Bmhvd2FyZA==
=bHK8
-----END PGP PUBLIC KEY BLOCK-----.
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Using PINE, you can now send the key (in the form of
the file <filename> to someone else
You format a message and use the <^j> to attach
the file
~or~
You can open the .asc file with pico and then copy
and paste the public key into an email message as
text
~or~
Use Windows cut and paste commands
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
You can use the -f (filter) option to send your public key
directly to another person
The filter option allows PGP to print the public key
directly into the mail program (in our case, <pine>)
To use it, type:
pgp -kxaf your_userID | mail -s “descriptive
text” recipient@email.address
Your public key is printed into an email message and
sent to the specified address without you having to
exit the UNIX shell
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Adding a Key to Your Keyring
For you to be able to encrypt a document to someone
else (or verify a digital signature) you must add their
public key to your keyring
For you to do this, they must first extract their public
key, and send it to you
You must then save it into a file and follow the
instructions to add it to your keyring
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
1. Type:
pgp -ka filename [Key add]
where filename is the file that contains the public key
that you want to add to your keyring
2. If the key is not certified, you have to decide if you
want to want to certify (e.g. trust) it
You need your private key passphrase to do this
3. The selection you make from the menu determines
how much trust you have in the person
This is important because it maintains and extends
the “web of trust” that makes PGP work
You have just added the key in <filename> to your
keyring!
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Removing a key from your keyring
At the UNIX prompt, you type:
pgp -kr userID [Key remove]
where the userID is the name attached to the key
Then, when prompted, type <y> to remove the key
If you don’t recall the names of the keys in your
keyring, you can see them if you type:
pgp -kv [Key view]
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Key signing and the web of trust
Levels of trust
1 = I don’t know: This means that you will be
prompted to certify each new public key added
which has this person’s signature
2 = No: PGP will ignore certification by this person
on new public keys you add
3 = Usually: A key with signatures from two “3”
people is accepted
4 = Always: the key is accepted without question
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
To sign a key, you type
pgp -ks userID [Key sign]
Experts recommend that you sign your own public key
because anyone can create keys with your userID, but
only you can sign yours
To do this, type:
pgp -ks your_userID -u your_userID
A self-signed key means that others know it belongs
to you
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
When you add a public key, you certify its validity by
signing or “certifying” it
This links the userID to the public key
When you extract it and send it along, your signature
goes with it
People who receive the key look at your signature and
use it to trust that the key belongs to who it is
supposed to
You can also manually sign keys
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
It is possible to change the level of trust you have
assigned to a public key
To do this, type:
pgp -ke userID [Key edit]
You reduce trust if you find out that someone signs
and distributes keys without really checking
You might raise levels of trust if you find out that a
person really understands how the web of trust works
and is careful about certifying keys
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Another component of the web of trust is the “fingerprint”
of a key
When a key is generated, it receives a unique identifier
composed of 16 “hexadecimal” numbers
People will often provide the “fingerprint” for their
public keys in their signature files so that others can
make note of it
This fingerprint allows you to verify that the key
belongs to the person who claims to have created it
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
This is an example of a public key fingerprint (it’s mine):
Key fingerprint = DD DB 14 3D 5E 95 FD A0
7B E3 9A AA 91 F0 05 F4
To see the fingerprint of the keys in your public keyring,
type:
pgp -kvc [Key view check]
The “fingerprint” will be listed after each key in your
public keyring
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Cryptography: Using PGP
I. Generating and managing keys
• Listing, extracting and sending keys
• Adding, and removing keys
• Key signing and the web of trust
II. Encrypting files
• Encrypting with signature
III. Decrypting files
IV. PGP options
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Encrypting a file to someone else
To encrypt and sign a file named <filename> to
someone whose email address is <email@address>,
you type:
pgp -eas filename theirID@their_address
-u yourID
The extension “e” encryptq with a specified public
key
The extension “a” applies ASCII armor to the file
(making a binary file readable as text)
The extension “s” uses a secret key to sign the file
The extension “u” tells PGP which secret key to
use
This file appears in encrypted form
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
You will have to enter your passphrase in order to
digitally sign (e.g. encrypt with your private key) the file
The encrypted file is saved as filename.asc (where
filename is the name of the original file)
To view this file, you can type:
pico filename.asc
~or~
more filename.asc (this command will not allow
you to make changes to the file)
You can now use <pine> to mail this document to the
intended recipient as an attachment
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
And, using pico, we see:
-----BEGIN PGP MESSAGE----Version: 2.6.2
hEwDbmkyp4l7CEkBAf4izmZs4LTfWgiyr3t4//efsP8kCrQ7Tx7Cc/djoK4ZytF/
nEIT5CUCx3AQCKUZA+gKcUR5Fp4f8zJfz1aHnyM6pgAAASwp/X0fbk4upFpr5r30
ps+BAgwgCffkuApcoKHnt+R+lFyDYlarQpkXpS/Tw8Zc5rZBA/deuGnekdlIS4o4
huw2BigCWCmiQOZeLLZmmcJIjaNkEV+dEWAJufysZOZXMVq2I4Fd4QvThQFObc3i
PC7KzMbkAEsj7WXb+t8/o3ltQBVSEgDBP+m/GbQe8+s2CJutC3w+EQ5GBNCCcgBU
Z7X/eEdqtN50U+KD/uZNNXSEOQ1BpmzPihV7O9qMTZGCfDt3lh9jMEctfZd5IzpN
Os/Y6y+m357olx1yx7lfq+77rNK3qtBonTBjNCeFk1xhRA09KVwHp0V+gGGpsyPA
tpNu1qUeQ247x0W7Z/FQn3Nwb2LJVmQb7sNsBI2izCRi+LAtfbCc2c4aPr/tzjU=
=VIXw
-----END PGP MESSAGE-----
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Other ways to use PGP in the UNIX shell:
To send mail directly from the UNIX shell, use:
ezmail% mail their_email@address < file.asc
To encrypt and send a message from the UNIX shell,
use:
ezmail% pgp -eatf their_userID < file> |
mail their_email@address
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
6. To compose, encrypt, and send the message from
the UNIX shell, use:
ezmail% pgp -eatf their_userID | mail
their_email@address
Note: you must have the public key belonging to the
person at <email@address> in order to encrypt a
document to that person
You’ll see a blank line - that’s where you begin typing
When you’re done, press:
^D
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Using [ezmail% pgp -eatf their_userID | mail
their_email @address], you see:
ezmail% pgp -eatf infosoc | mail infosoc@research.haifa.ac.il
Pretty Good Privacy(tm) 2.6.2 - ...the U.S. government.
Current time: 1998/02/10 17:50 GMT
Here's another way to send encrypted messages directly from the
UNIX shell. The use of the <-eatf> option combined with the <|>
pipe option makes this possible.
^D
Key for user ID: infosoc <infosoc@research.haifa.ac.il>
512-bit key, Key ID 7E3E525D, created 1998/02/09
How to stop
Electronic Commerce
Prof. Sheizaf Rafaeli
Text that I
typed
Electronic Commerce : Using PGP
To sign a plaintext file with your secret key, type:
pgp -sta filename -u your_userID
The extension “s” is the command to sign with a
secret key
The extension “t” saves the file in a text format
The extension “a” applies ASCII armor to the file
(making a binary file readable as text)
The extension “u” tells PGP which secret key to use
Although the text can be read, the digital signature is
encrypted
PGP must be used to verify the signature
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
And, with pico, you see:
-----BEGIN PGP SIGNED MESSAGE----This is a test message. It will be encrypted with your public key
and you will need your private key to decrypt and read it. This
is a demonstration of the way in which PGP protects the integrity
and authenticity of your files.
-----BEGIN PGP SIGNATURE----Version: 2.6.2
iQBVAwUBNsHjoqiNX5P7lAgZAQGG3QIAh8ZlL4aK/VsdqENFHzTbnYWCWE6bC4E4
u+SwL99Q3AT8wlTlteabXkpNTz4sgIiwpu5XlxW+gj4eJEDaYZ7oDA==
=vYVw
-----END PGP SIGNATURE-----
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Cryptography: Using PGP
I. Generating and managing keys
• Listing, extracting and sending keys
• Adding, and removing keys
• Key signing and the web of trust
II. Encrypting files
• Encrypting with signature
III. Decrypting files
IV. PGP options
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Decrypting a File
When you receive the file, you save it to the UNIX shell,
where you will then decode it
1.To decrypt an encrypted file called “filename” (e.g.
encrypted with your public key), you type:
pgp filename.asc
Or whatever the file extension is
2. You will have to type in the password to your
secret key
3. If you are able to decrypt the file properly, PGP will
tell you the filename of the decrypted file
4. You can then view this file with the UNIX <more>
command or edit it with the <pico> word processor
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
You type “v” to move to the viewer and you see:
1
0 lines
2
~489 bytes
Text/PLAIN
Text/PLAIN, "decrypt this!"
Then you type “s” to save the message to a file in your
<home> directory
1
0 lines
2
~489 bytes
Text/PLAIN
Text/PLAIN, "decrypt this!"
Copy attachment to file in home directory: test.asc
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Then, to decrypt and read the message, you go back to
the main menu and UNIX shell typing “!” from the main
Pine menu
You see:
Type 'exit' to return to Pine.
ezmail% ls
Mail
somefile.txt
test.asc
Text
another.txt
prop.txt
Type 'exit' to return to Pine.
ezmail%
The one
we want!
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Decrypting and checking signatures
After saving the message to your <home> directory,
type:
pgp filename.asc -o filename [Output]
The second <filename> is optional and will name
the file after it is decrypted
Note that the verification of the signature is done
automatically during encryption, and depends on
you having the senders public key in your
pubring.pgp keyring
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Decrypting a message and leaving the signature in it
You type:
pgp -d filename [Decrypt with signature]
You are left with a plaintext message that has the
encrypted signature at the bottom
This can be useful if you want to send the message to a
third party and allow them to also verify the signature
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Cryptography: Using PGP
I. Generating and managing keys
• Listing, extracting and sending keys
• Adding, and removing keys
• Key signing and the web of trust
II. Encrypting files
• Encrypting with signature
III. Decrypting files
IV. PGP options
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
IV. PGP options
-e = Encrypt with a public key
-a = ASCII armor
-s = Sign with your secret key
-t = Converts PGP files into text files
-f = Filter will write the file to standard file
output
-o = Output will specify the name for a
decrypted file
-w = Wipes or erases the original plaintext file
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Here's a quick summary of PGP v2.6 commands.
To encrypt a plaintext file with the recipient's public
key:
pgp -e textfile her_userid
To sign a plaintext file with your secret key and encrypt
it in AC SCII form with her public key:
pgp -eas textfile her_userid [-u
your_userid]
To sign a plaintext file with your secret key and have
the output readable to people without running PGP
first:
pgp -sta textfile [-u your_userid]
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
To sign a plaintext file with your secret key, and then
encrypt it with the recipient's public key:
pgp -es textfile her_userid [-u your_userid]
To decrypt an encrypted file, or to check the signature
integrity of a signed file:
pgp ciphertextfile [-o plaintextfile]
To decrypt a message leaving the signature intact:
pgp -d ciphertextfile
To create a signature certificate that is detached from the
document:
pgp -sb textfile [-u your_userid]
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
To detach a signature certificate from a signed message:
pgp -b ciphertextfile
To view the decrypted plaintext output on your screen
(like the Unix-style "more" command), without writing it
to a file, use the -m (more) option while decrypting:
pgp -m ciphertextfile
To specify that the recipient's decrypted plaintext will be
shown ONLY on her screen and cannot be saved to disk,
add the -m option:
pgp -steam message.txt her_userid
To recover the original plaintext filename while
decrypting, add the -p option:
pgp -p ciphertextfile
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
Key management:
To generate your own unique public/secret key pair:
pgp -kg
To add a public or secret key file's contents to your
public or secret key ring:
pgp -ka keyfile [keyring]
To extract (copy) a key from your public or secret key
ring:
pgp -kx userid keyfile [keyring]
~or~
pgp -kxa userid keyfile [keyring]
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
To view the contents of your public key ring:
pgp -kv[v] [userid] [keyring]
To view the "fingerprint" of a public key, to help verify
it over the telephone with its owner:
pgp -kvc [userid] [keyring]
To view the contents and check the certifying
signatures of your public key ring:
pgp -kc [userid] [keyring]
To edit the userid or pass phrase for your secret key:
pgp -ke userid [keyring]
Electronic Commerce
Prof. Sheizaf Rafaeli
Electronic Commerce : Using PGP
To edit the trust parameters for a public key:
pgp -ke userid[keyring]
To remove a key or just a userid from your public key
ring:
pgp -kr userid [keyring]
To sign and certify someone else's public key on your
public key ring:
pgp -ks her_userid [-u your_userid]
[keyring]
Electronic Commerce
Prof. Sheizaf Rafaeli
Related documents
newfor22 - Virtual School
newfor22 - Virtual School
Minutes of meeting - the Law Society's governance website
Minutes of meeting - the Law Society's governance website
Reflection and PGP
Reflection and PGP
PGP
PGP
Download
advertisement