Views
Personal tools
Toolbox
GPG
GPG, or GnuPG, is a free implementation of PGP for signing & encrypting emails.
[edit] Setting up GnuPG (PGP signing & encryption for email)
Ok, for the basic set up I shall assume the following:
You are using either MacOS, Windows 2000 or XP, or a modern (kernel 2.6) linux distribution with either Gnome or KDE GUI. I will also assume that you are using the Firefox browser & a web based email (such as gmail or yahoo). I may cover setting up other email clients at a later date.
OK, First off install the GnuPG software & a keyring manager:
Linux: Open your package manager of choice and install Seahorse (for gnome) OR KGPG (for KDE) (if you are using the latest Ubuntu - you dont need this step - it is already installed be default)
Windows: Download & install Gpg4Win
Mac: Download & install both GNU Privacy Guard & GPG Keychain Access from here
Once the applications are installed run the keychain application (they will have different names for different operating systems Keychain Access for mac, keyring manager for linux, & GPG4Win for windows - i think)
Now - most will applications will ask you to create a key now - do it. If it does not ask you, select 'new key' or 'generate key pair' to start this off. The process should be fairly self explanitory. Make sure you select encryption of at least 2048bit - just to be safe. Also use a passphrase - NOT a passWORD, type in a sentence from your fav. book - or a fav. quote or something LONG (but that you will remember).
Once you have generated your keys - select the backup option - and save them to a file - burn them to a cd or usb stick - DO NOT LOSE THEM!!!! Your key also can act as your identity online. BE CAREFUL WITH YOUR BACKUP - You can generate a revocation certificate using your private key, which will render your GPG key useless & un-trustworthy.You should generate one yourself if you thing that someone else has got access to your key.
Now, select the option to export your public key - give this to everybody - it will be used by others to encrypt email & files for you to open.
[edit] Generate GPG Keys in Ubuntu Linux
Some step-by-step instructions.
- Open a Terminal (Applications > Accessories > Terminal)
- Run the following command in the terminal to generate an encryption key:
gpg --gen-key
- This selection option will appear. Hit "1", and then enter.
Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only)
- The next thing that comes up will be a question about keysize. 2048 is sufficient. Higher than that will take longer to generate, and will take longer to decrypt/encrypt emails. To select the default 2048, just hit enter (you don't need to type the numbers out)
- Next, you need to select how long the key is valid for. Depending on what you're using this key for, depends on your options, but if you're using it to act as your encryption signature, infinity is a good choice. (That way, you don't have to re-send your public key to everyone when it expires.). Hit enter again.
- Hit "y" and then enter.
- Enter your real name, or if you wish, the pseudonym you want to be on your key. Note: If you use a pseudonym, the key should not be used to confirm your identity online. (You can't use it to prove that you are who you say you are online, but thats not too much of a problem here...)
- Enter the email address you wish to bind this key to. You can use the key on other email addresses, but it is not recommended.
- Enter a comment. You can link your pseudonym to your real name here, or define the purpose of the key.
- Hit "o" to continue, if everythings ok.
- You will be asked for a passphrase. Use phrase that is memorable to you, hard to guess, and NOT IN THE DICTIONARY! It could be a line of poetry, your favoured saying. It MUST be longer than 8 characters, preferably a lot longer.
- Enter your passphrase again. (Makes sure you typed it in right!)
- Confirm that your details are correct.
- Your key will be generated. You may be asked to generate "more entropy" by using your computer. Just browse a few websites, check your email, update your computer. You'll have your key shortly.
[edit] Firefox Integration
Install the fireGPG firefox extention.
This gives you a 'right click' menu for firefox which allows you to import other peoples public keys, encrypt & sign emails directly from your browser.
