In our article on PGP (see ‘Pretty Good Privacy’, page
146, PC Quest, December 2000) last month we spoke about what PGP is and what you
can do with it. This time, we’ll talk about how you can encrypt and decrypt
your e-mail using PGP, and thereby communicate securely. We did it by using
Outlook Express as our mail client.
Installing PGP
PGP 6.5.1i, the latest international version of the software,
is a part of this month’s CD. You can select the components that you want to
install, which include PGP key management and plug-ins for different mail
applications that PGP will integrate with. These mail applications are Eudora,
Microsoft Outlook, Microsoft Exchange and Outlook Express.
Generating a key pair
Before you can send encrypted e-mail, you have to create a
key pair consisting of a public key and a private key. To do this, click on the
PGPtray (an icon that will appear in your system tray when you restart your
computer after installing PGP) and select PGPkeys. This will bring up the key
generation wizard.
In the first screen, you have to specify your full name and
e-mail address that you want to associate with this key pair. The next screen
will ask you to choose between a Diffie-Hellman/DSS key pair and an RSA key
pair, or generate a pair for each. The Diffie-Hellman/DSS key pair is stronger
and is recommended over the RSA. The RSA is included to maintain backward
compatibility with earlier versions of PGP.
You now have to choose the size of your key. Although larger
keys are more secure, they slow down your system. 2,048 bits is sufficient for
most needs.
The next screen allows you to set an expiry time for your key
pair after which you will not be able to use it. Finally, you have to choose a
passphrase that will protect your private key. This means that even if someone
has access to your machine, he won’t be able to read your encrypted mails
without the passphrase. Click on ‘Next’ and your key will be generated. You
can also send your public key to a key server on the Internet, from where anyone
who wants to send you an encrypted mail can download it. You can put it on the
server either soon after you’ve created the key pair or later.
Your key pair is now added to your key ring, which is shown
in a window called PGPkeys. You will also see a lot of other names, e-mail and
public keys in the list, which are added by default.
Distributing public keys
Before you can send anyone an encrypted mail, you need copies
of their public keys and vice-versa. To send your public key to someone, just
open your default mail client and send an e-mail with your public key as an
attachment. For this, you can either click on the PGPtray and select PGPkeys or
simply press the PGPkeys icon, which gets added on the Outlook Express toolbar.
This will open up the PGPkeys window from where you simply have to drag and drop
the desired key into the e-mail and send it.
Now, let’s look at it from the other point of view. You
have received an e-mail, which contains a person’s public key and you want to
add it to your key ring. For this, just open the mail and double click on the
attachment. Your computer will ask you what you want to do with this file.
Select Open and a window will open up which will allow you to import that key
into your key ring. You simply have to select the key and click Import.
Sending encrypted e-mail
Once you’ve got someone’s public key, you can send
encrypted e-mail to that person. To do this in Outlook Express, simply click the
Encrypt (PGP) button from your toolbar after composing the message. When you
press Send, a window will pop up asking you to verify the recipient.
You can also send an encrypted e-mail from a Web-based e-mail
account or any other mail client that you may be using. For this, compose your
message as you normally do and then select all the text. Now from your PGPtray,
select Current window and then choose Encrypt. A screen will pop up where you
will select which public key to use for encryption. You will then see your
message change into lots of jumbled text indicating that it has been encrypted.
Just click on the ‘Send’ button to send your message.
Receiving encrypted mail
In
Outlook Express encrypted mail is delivered just like all other mail. You will,
however, not be able to read these messages without decrypting them with your
private key. For this, just open the mail and click on the ‘Decrypt PGP
message’ icon on your toolbar. You will now be prompted for your passphrase,
on entering which you will see the decrypted mail. If you don’t want to do
this manually each time, you can choose to automatically decrypt e-mail while
opening it. For this choose PGP from the ‘Tools’ menu and under the e-mail
tab tick ‘Automatically decrypt/verify when opening messages’.
As soon as you open a message you’ll be prompted for your
passphrase, after which you will see the decrypted message.
If you receive an encrypted message in your Web mail account
or any other account, just select the text and from your PGPtray select current
window and then choose decrypt and verify.
The mail will be decrypted after you enter your passphrase.
Sachin Makhija