Introduction

Overview:

Do Hack #56.
Create gpg keys for yourself
Send me an Encrypted Emal
Install GPG on Windows

Steps

First, we must download and install GnuPG
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.8.tar.bz2
will do fine.

Note: to extract this file, you must read the tar manpage, and determine what you have to do differently, because this is a .tar.bz2 (BZip2'd tar file), not a .tar.gz (GZip'd tar file).

Compiling GnuPG works the same as most other unix applications. If you get stuck, the 'INSTALL' file has detailed instructions.

Warning:

Be sure to synchronize your clocks before you attempt to create or use any type of key or certificate. Most keys and certificates have 'not good before' and expirey dates, and if your clock is wrong this can cause problems.

The Next thing we want to do, is create a key pair.
A Key pair consists of both a Private Key, and a Public Key

Commands:

    gpg --gen-key
            Please select what kind of key you want: 1
            What keysize do you want? 2048
            Key is valid for? 0
            Is this correct? Y
            Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

You now have a key pair.
Now, to send me an encrypted email, you will need my public key (it can be found on ozone).
And to verify your identity, I will need your public key

Commands:

    gpg --import < allan.jude.txt
    gpg --export --armor > your.name.txt

Write a summary of the pros and cons of using the sappnd flag on /var/log.
Store this message in msg.txt

Commands:

    gpg --encrypt --sign --armor -r allan.jude@mohawkcollege.ca < msg.txt > encrypted.txt

You can now paste encrypted.txt as the content of an email, and attach your public key to that message

Only my personal private key (and passphrase) will be able to decrypt it

As well, you will note that you were asked for your passphrase when signing the email, you might think it is odd that you are prompted for the password to sign the email, but not if you only want to encrypt it. This is because encrypting the email does not use your key at all, only my public key. However, signing the message, requires you to use your private key, to generate a hash, to prove you are the one that sent this message. I require your public key, to verify that signature. Once the message is encrypted, not even the sender can decrypt it, unless they also encrypt it to them selves, because the only key that can be used to decrypt the message, is the private key, that corrisponds to the public key that was used to encrypt the message.

Questions:

Where did the binary install?

What is the command to set the system immutable bit on this directory.

Last updated: 2008-01-13
Updated by: Allan Jude

Written by: Allan Jude (2007)