After a moment you should have a file 'privatekey.pgp.asc' created. It might look similar to your ASCII armored file.
![]()
By Radu Raicea How Pretty Good Privacy works, and how you can use it for secure communication Image credit:Sending sensitive information through the internet is always nerve-racking. What if somebody else sees the bank information I’m sending? Or even those dank memes that should not be spoken of?Fortunately, there’s a pretty good solution to this problem: Pretty Good Privacy (PGP).A software engineer named created PGP back in 1991. He was an anti-nuclear activist, and wanted a way to transfer information securely over the Internet.Zimmermann got into trouble with the US government in 1993 because PGP travelled international waters and reached a vast number of countries around the globe, violating US export restrictions for cryptographic software.Today, PGP is “owned” by, but OpenPGP, an e-mail encryption standard, is implemented by.You might also hear a lot about. It is another software tool that implements the OpenPGP standard.
How does PGP actually work?PGP is very easy to understand, on the surface. Imagine you want to send your credit card information to a friend and you write it on a piece of paper.
You then put the paper in a box and send it by mail.A thief can easily steal the box and look at the paper that contains your credit card information. What could you do instead?You decide to put a key lock on the box, but you realize that you have to send the key along with the box. That’s no good.What if you meet your friend in person to share the key beforehand? That could work, right? It could, but then both of you have a key that allows to unlock the box. You, as the sender, will never need to open the box again after closing it. By keeping a copy of a key that can unlock the box, you are creating a vulnerability.Finally, you found just the right solution: you’ll have two keys.
The first key will only be able to lock the box. The second key will only be able to open the box. That way, only the person who needs to get the content of the box has the key that allows them to unlock it.This is how PGP works. You have a public key (to lock/encrypt the message) and a private key (to unlock/decrypt the message). You would send the public key to all your friends so that they can encrypt sensitive messages that they want to send to you. Once you receive an encrypted message, you use your private key to decrypt it.
Image credit: A Brief ExampleThere are plenty of that implement the OpenPGP standard. They all have different ways of setting up PGP encryption. One particular tool that works very well is Apple Mail.If you are using a Mac computer, you can download the. This application will generate and manage your public and private keys. It also integrates automatically with Apple Mail.Once the keys are generated, you will see a lock icon in the subject line, when composing a new message in Apple Mail. This means that the message will be encrypted with the public key you’ve generated.
Composing a PGP encrypted e-mail using Apple MailAfter sending the e-mail to someone, it will look like this. They will not be able to see the content of the e-mail until they decrypt it using the private key.Note that PGP encryption does not encrypt the subject line of an e-mail. Never put any sensitive information in the subject line. FreeCodeCamp is a donor-supported tax-exempt 501(c)(3) nonprofit organization (United States FederalTax Identification Number: )Our mission: to help people learn to code for free. We accomplish this by creating thousands ofvideos, articles, and interactive coding lessons - all freely available to the public. We also havethousands of freeCodeCamp study groups around the world.Donations to freeCodeCamp go toward our education initiatives, and help pay for servers, services,and staff.You can.
When I decided to set up my Mac with PGP encrypted communications, I could not believe how hard it was -- not just to set up the software, but to understand how to use PGP properly. There was no 'PGP for Dummies' tutorial for OS X on the internet. So I decided to write one. This is my über simple, nerd-free tutorial for anyone on Mac. In it, I will:
Why this tutorial is the best (ever)
I looked into dozens of ways to set up PGP on my Mac. A lot of them suck for a plurality of reasons. Across the board, this is the best way for 95% of use cases.
Step 1: Install the GPGTools GPG Suite for OS X
This step is simple. Visit the GPGTools website and download the GPG Suite for OS X. Once downloaded, mount the DMG and run the 'Install'.
Inside the installer, you can stick with all default parameters save one exception. On the 'Installation Type' screen, press 'Customize'...
And uncheck the GPGMail package:
Then press 'Install.'
Step 2: Creating your very own PGP key
When the installer completes, a new app called 'GPG Keychain Access' will launch. A small window will pop up immediately and say: 'GPG Keychain Access would like to access your contacts.' Press 'OK.'
As soon as you press 'OK,' a second window will pop up that says 'Generate a new key pair.' Type in your name and your email address. Also, check the box that says 'Upload public key after generation.' Your window should look like this:
Expand the 'Advanced options' section. Incrase the key length to 4096 for extra NSA-proof'edness. Reduce the 'Expiration date' to 1 year from today. Your window should look like this:
Press 'Generate key.'
As soon as you press 'Generate key,' the 'Enter passphrase' window will pop up. Okay, now this is important...
A brief word about your passphrase
The entire PGP encryption will rest on your passphrase. So, first and foremost... don't use a passphrase that other people know! Pick something only you will know, and others can't guess. And once you have a passphrase selected, don't give it to other people.
Second, do not use a password, but rather a passphrase -- a sentence. For example, 'Pennstate55' is less preferable than 'I graduated from Penn State in 1955, ya heard?!' The longer your passphrase, the more secure your key.
![]()
Lastly, make sure your passphrase is something you can remember. Since it is long, there is a tendancy you might forget it. Don't. The consequences to that will be dire. Make sure you can remember your passphrase.
Back to Step 2...
Once you decide on your passphrase, type it in the 'Enter passphrase' window. Turn on the 'Show typing' option, so you can be 100% sure that you've typed in your passphrase without any spelling errors. When everything looks good, press 'OK:'
Will be asked to reenter the passphrase. Do it, and press 'OK:'
You will then see a message saying, 'We need to generate a lot of random bytes...' Wait for it to complete:
Et voilà! Your PGP key is ready to use:
Step 3: Set PGP keyboard shortcuts
Next, you will set up four global keyboard shortcuts in OS X.
Open System Preferences, select the 'Keyboard' pane, and go to the 'Shortucts' tab. On the left hand side, select 'Services.' Then, on the right, scroll down to the subsection 'Text' and look for a bunch of entries that start with 'OpenPGP:'
Go through each OpenPGP entry, unchecking each one and deleting the keyboard shortcut:
Next, you will enable and set four shortcuts:
Your keyboard shortcuts should now look like this:
That's it! You're done setting up PGP with OpenGPG on OS X! Now, we will discuss how to use what we set up.
Step 4: How to send a secure email
You can encrypt anything with PGP, but most people will want to encrypt email. So, I will now take a few minutes to explain that. These steps can be transposed for any kind of encryption, from any app on your computer.
To secure an email in PGP, you will sign and encrypt the body of the message. You can just sign or just encrypt, but combining both operations will result in optimum security. Conversely, when you receive a PGP-secured email, you will decrypt and verify it. This is the 'opposite' of signing and encrypting.
Start off by writing your email:
Then, select the entire body of the email and press ⌃⌥⌘[ to sign it:
Next, open the GPG Keychain Access app. Press Command-F and type in the email address of the person you are sending your message to. This will search the public keyserver for your friend's PGP key:
If your friend has more than one key, select his most recent one:
You will receive a confirmation that your friend's key was successfully downloaded. You can press 'Close:'
You will now see your friend's public key in your keychain:
You can now quit GPG Keychain Access and return to writing the email.
Select the entire body of the email (everything, not just the part you wrote) and press ⌃⌥⌘= to encrypt it. A window will pop up, asking you who the recipient is. Select the friend's public key you just downloaded, and press 'OK:'
Your entire message is now encrypted! You can press 'Send' safely.
N.B. You will only need to download your friend's public key once. After that, it will always be available in your keychain until the key expires.
Step 4: How to receive a secure email
With our secure message sent, the recipient will now want to unscramble it. For the sake of this step, I will pretend I am the recipient.
I have recieved the message:
Copy the entire body, from, and including, '-----BEGIN PGP MESSAGE---', to, and including, '-----END PGP MESSAGE---'. Open your favorite text editor, and paste it:
Now select the entire text, and press ⌃⌥⌘- to decrypt the message. You will immediately be prompted for your PGP passphrase. Type it in and press 'OK:'
You will now see the decrypted message!
Next, you can verify the signature. Highlight the entire text, and press ⌃⌥⌘]. You will see a message confirming the verification:
You can press 'OK.'
What does encrypt, decrypt, sign, and verify mean?
Now that you know how to sign and encrypt outgoing messages, and decrypt and verify incoming ones, let us discuss what these terms mean.
Encrypt takes your secret key and the recipient's public key, and scrambles a message. The scrambled text is secure from prying eyes. The sender always encrypts.
Decrypt takes an encrypted message, combined with the your secret key and the sender's public key, and descrambles it. The recipient always decrypts.
Encrypt and decrypt can be thought of as opposites.
![]()
Signing a message lets the recipient know that you (the person with your email address and public key) acutally authored the message. Signing also provides additional cryptographic integrity: it ensures that no one has tampered with the encryption. The sender always signs a message.
Verifying a message is the process of analyzing a signed message, to determine if the signing is true.
Signing and verifying can be thought of as opposites.
When should I sign? When should I encrypt?
It is unnecessary to sign and encrypt every outgoing email. Well, then: when should you sign? And when should you encrypt? And when should you do nothing?
You have three rational choices when you are sending a message:
I do nothing for 90% of emails I send; security is just not necessary. The remaining 10% of the time, I sign and encrypt. Whenever there is confidential information -- business plans, credit card numbers, bank numbers, social security numbers, corporate strategies, etc. -- I sign and encrypt. I define confidential information loosely, because I'd rather sign and encrypt unnecessarily than do nothing and leak sensitive information. As for the third option, I rarely sign, but do not encrypt. Your profession may warrant radically different usage of PGP.
Why don't you use PGP MIME attachments? Why don't you use the Mail.app PGP plugin?
Some PGP nerds prefer sending PGP with attachments (a.k.a.,
PGP MIME type), instead of using plain text (a.k.a., PGP INLINE ).
Conversely, some PGP
n00bs want to know why I don't recommend using a PGP plugin for their email client (i.e., the Mail.app PGP plugin).
Here's why:
Try it out! Email me.
My email address is [email protected]. Try sending me an encrypted, signed email. I'll reply.
If my tutorial was helpful, please send me a small donation through PayPal!
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |