by November 1, 2004 0 comments

When you download mail, how do you ensure that the sender is indeed who he claims to be, and that his e-mail ID is not forged? Or when you send a confidential document, how do you ensure that only the intended recipient reads it? The mail that you send and receive everyday over the Internet travels unencrypted, so anyone with malicious intent can easily get hold of it. 

Safety lies in encrypting confidential mail you’re sending, so that only those who it is intended for read it. So if somebody manages to catch
the mail enroute, it will appear as a bunch of junk characters. In this article we explain how to
encrypt all outgoing mail using a free tool called GnuPg.

Install and configure
GnuPg is an encryption tool, which is compatible with OpenPGP (an open-source PGP initiative).
To keep the software completely open source, proprietary algorithms such as RSA are removed from
the package. You can use it to encrypt any kind of data, such as normal files, e-mail and IM conversations. It works on the concept of public/private keys. Any 
message encrypted by GnuPg has two keys, public and private.

Direct Hit!
Applies to: Linux desktop users
USP: Use GnuPg from the command line and a mail client
On PCQ Essential CD: systems\labs\gdata.exe

The private key is used to encrypt the data and, as the name suggests, it is to be kept private.
Anyone using GnuPg should have his own distinct private key. On the other hand, the public key is derived from the private key and you have to distribute it to all users whom you want to send confidential
e-mail. These recipients can use this public key to decrypt your messages and get the actual data. All Linux distributions including PCQLinux 2004 ship with GnuPg as a standard encryption tool. So you do not need anything extra to install it, but a Linux
machine. Still if you want to check whether you have GnuPg installed on your machine or not, just run the command.

#rpm -qa gnupg

An output like ‘gnupg-version_no’ means it is installed. Next comes the key generation part. Creating a key is not a problem, but choosing which algorithm you want to use and deciding the length of your key are two things that matter. 

As far as algorithms are concerned, you can go for the default algorithm called
DSA/EIGamal, which is a widely used open-source algorithm. For the key length, you can choose anything between
768 to 2048-bit. The higher the bit, the stronger 
is the encryption. Higher bit-encryption also means more processing power and more time to
encrypt the document. So you should choose encryption bits depending upon the level of
confidentiality of the mail. 

To create the key, run the command.

#gpg –gen-key

It will ask you to first select the encryption type and then the key length. Select the appropriate values and hit Enter. You will be asked to set the expiration time for the key since the default setting is set to no expiration. It will ask you to enter your User ID in the following format.

Name (comment) (email@address

For example, it could look like Anindya (My first key) After this it will ask you to provide a passkey for the key database it is going to create for you. Enter a long enough passkey, containing alphanumerical and special characters. The passkey should be such that others can’t guess it easily. This process will create the key pairs for you and will depend upon your system speed and key length selected. Now take a backup of your public key in plain text to distribute it to others. For this, run the following command.

#gpg -a -o /key.txt –export 

This will export all your keys to a file called key.txt. One more command that you need to know is the one to import someone’s public key to your key database so that you can decrypt his messages. To do so run the following command and replace the
/received_key.txt with the file which contains the actual received key. 

#gpg –import /recived_key.txt. 

Encrypt and decrypt
There are two options for encrypting and decrypting messages. One is the standard command-line approach from where you can encrypt/decrypt any file with simple commands. 

And the other is by using the plug-in, which comes for mail clients, messengers etc. Most of the standard e-mail clients in
Linux such as Evolution and Mozilla mail have in-built options for GnuPg. In Windows, GnuPg has a plug-in
for Outlook. This month’s Essential CD-ROM carries the Outlook plug-in.We’ll now show how to use GnuPg from the command line as well as from Evolution. 

Command line 
For encrypting any file run the following command.

#gpg –encrypt filename

This will create a new file with the same name but an extra extension .gpg as filename.gpg. This is the encrypted file that you should send over the Internet. 

To decrypt any .gpg file you have to run the following command.

#gpg –decrypt filename.gpg -o filename

This re-directs decrypted data to the file ‘filename’.

Using Evolution for encrypted mail
Using GPG through Evolution is much easier. Just start Evolution and click on New. Now, select
the security menu and check the ‘PGP Encryption’ button and send the mail. Just ensure that the intended recipient has imported your public key (if you’re using one) into his keys database. Otherwise,
he won’t be able to decrypt the message. Next month we will see how you can digitally sign your
keys and messages.

Anindya Roy

GnuPg plug-ins

GnuPg plug-ins are also available for MS Outlook. We have carried a plug-in called GDATA on our this month’s PCQ Essential CD. This package contains the GnuPg binary commands and the plug-in for Outlook. Its installation is very simple. You need to just run the setup program and follow the instructions. At one point it will ask you if you want to install only the plug-in or the GnuPg binaries as well. Select as your requirement and a new option called GnuPg Key Managment will be added in the Tool menu. From here you can create, manage and delete your key pairs.

To use GNUPg with Eudora, you have to first download the zipped package from zip and unzip them. You will then get some dll files in the extracted folder. Copy the file called EudoraGPG-en.dll to the plug-in folder where your Eudora is installed. By default, the location is C:\ProgramFiles\Qualcomm\Eudora\plug-in. Now restart Eudora and you will find a new sub-menu called Message Plug-in in the Edit menu. Here you will find all the tools for using GPG with Eudora.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.