What is PGP and how is it used ?

PGP or (“Pretty Good Privacy”) is an encryption technology that was created by Phil Zimmermann PGP can be used to encrypt anything from files to emails. Recently some email providers have adopted the technology as a privacy feature.

PGP logo

 

PGP works on all operating systems and functions similarly to PKI  the user makes their Public Key available to the public when someone wants to send them an encrypted message they encrypt the file with the public key. The receiver who has the private key is able to decrypt the message or decrypt the file. The receiver needs to take care to make sure the private key is stored in a safe place just as you would for SSL certificates private key.

Around the web there are key servers that you can submit your public PGP key to and other users can look up your key

One of these servers, for example, is launchpad.net

this server is operated by Ubuntu and acts as a directory for GPG keys now you don’t have to even reveal your public key to everyone it can be revealed to just people you know. The key servers do make it easier to find the key though. Again you will only be revealing you public key an attacker would take a huge amount of time to crack your keys without the private key PGP can go up to 4096-bit encryption!

I personally use  PGP  and the process to get a key is pretty simple however the use of PGP can be a bit of a pain in the neck for nontech savvy users however there are some plugins for Chrome that you can use to make it easier until PGP gets a bit more user-friendly for everyone.

Below I will show you the process on how you can create a PGP key on an Ubuntu-based computer using the terminal there are also graphical ways you can do this as well. I will also show you the gui methind using the MAILVELOPE plugin for chrome.

 

Linux command line method

gpg –gen-key << This will tell PGP to generate a key
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory `/home/sean/.gnupg’ created
gpg: new configuration file `/home/sean/.gnupg/gpg.conf’ created
gpg: WARNING: options in `/home/sean/.gnupg/gpg.conf’ are not yet active during this run
gpg: keyring `/home/sean/.gnupg/secring.gpg’ created
gpg: keyring `/home/sean/.gnupg/pubring.gpg’ created

In this step, PGP will ask you what algorithm you want to use to create the ket RSA is the default and a good choice

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1

As I said above PGP supports up to 4096-bit encryption make sure to check the laws in your country on encryption

RSA keys may be between 1024 and 4096 bits long.
What keys do you want? (2048)
Requested keysize is 2048 bits

 

You can set a key expiry below

Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter) <[email protected]>”

 

Enter your personal details below along with a strong passphrase

Real name: bob smith
Email address: [email protected]
Comment: 123
You selected this USER-ID:
“bob smith (123) <[email protected]>”

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)it? o
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 136 more bytes)

Now the last step can be a bit tricky if you are not doing this on a desktop computer or you are doing this on a virtual machine I recently posted about entropy and the issues that virtual machine have with not enough randomness the above is an example of that. This PC is a virtual machine and when I am generating a large key there is not enough entropy so you may need to run some commands and move the mouse and keyboard etc to generate the randomness.

After this step is complete you will receive your keyID   something like this ED87xxxxx

once that is done you can upload your newly generated key to the Ubuntu servers as follows

gpg –keyserver keyserver.ubuntu.com –send-keys ED87xxxxx 

You will need to create a launchpad account on ubuntu to see your profile and confirm your key. You will receive an encrypted email from launchpad you will need to decrypt it and follow a link that is sent to you.

If you want to decrypt a message you can copy and paste the message into a file and use gpg –decrypt message.txt.gpg  to decrypt the message as your private key is stored locally the computer will have what it needs to decrypt it.

Here is the GUI method using Mailvelope for Chrome

 

Install the Mailvelop plugin to your chrome browser following the instructions here.

Once install  click options

mailvelope screen

 

Then you will  click Generate keys

mailvelope screen

Fill out the required  info similar to how we did in the command line method

mailvelope screen

 

One complete you will see the below  output

mailvelope screen

 

Now you have created your PGP key  I will say that there are some opinions on using such a plugin to generate a key as some feel that there is no way to guarantee that the plugin itself is not recording plaintext info and sending it to the creator.

I personally don’t use this GUI method to generate my keys I use the command line method so chose the best option that suits you.

There are also  Android apps that you can use to store your keys and use it

I believe PGP has some way to go to be completely user-friendly but I believe that PGP is a step in the proper direction although it has been around for a long while it’s only recently really began to shine thanks to the adoption from the like of Google.

If you are looking for my PGP public key to send me to secure messages or files you can find it on the about me page of my site!

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.