LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-13-2007, 05:42 AM   #1
depam
Member
 
Registered: Sep 2005
Posts: 824

Rep: Reputation: 30
PGP for Linux


Hi!

I've just listened to Steve Gibsons' Security Now. On the podcast, he mentioned about end to end encryption on emails. I am curious how am I going to implement it. On my previous company, we are using PGP and even though I don't know much about it they told me it is secured. Can someone briefly explain to me how this works and how I can implement it? For example on emails, do I need to configured it on top of the MTA? Or can I just install it on the application layer such as the mail browser (Mozilla Thunderbird, Outlook, KMail, Evolution)? Thanks.
 
Old 02-13-2007, 06:57 AM   #2
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,782
Blog Entries: 1

Rep: Reputation: 413Reputation: 413Reputation: 413Reputation: 413Reputation: 413
I'm far from an expert on this, but my experience is that it is easy to administer at the application level, at least on Thunderbird. In Linux the "statndard" I'm aware of is and openPGP and GPG is a widely-used implementation. In Thunderbird, I've found the Enigmail extension to be an easy way of using encryption on emails.
 
Old 02-13-2007, 09:04 PM   #3
depam
Member
 
Registered: Sep 2005
Posts: 824

Original Poster
Rep: Reputation: 30
So, how is it possible to decrypt from one client to another? I mean, for example if two email account users have different mail client. For instance, I am using Microsoft Outlook and I would want to encrypt my email using PGP and the receiver would have a Thunderbird mail client. Should it be implemented on the servers' end or the clients' end?
 
Old 02-13-2007, 10:16 PM   #4
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 70
Quote:
Originally Posted by depam
So, how is it possible to decrypt from one client to another? I mean, for example if two email account users have different mail client. For instance, I am using Microsoft Outlook and I would want to encrypt my email using PGP and the receiver would have a Thunderbird mail client. Should it be implemented on the servers' end or the clients' end?
If both implementations follow the standard, it shouldn’t matter which you use on either end.
 
Old 02-13-2007, 10:42 PM   #5
Electro
Guru
 
Registered: Jan 2002
Posts: 6,042

Rep: Reputation: Disabled
How PGP or openPGP (Pretty Good Protection) works is it creates a key from random data. It stores the key as your private key. To share your key, you make a public key which is different from your private key. You will have to provide your public key to people that you acknowledge as trustworthy. I suggest putting your public key on a disk instead sending it through emails. Though the government might spy on you and probably state you as a terrorist is one of the consequence of encrypting emails. I suggest using it to encrypt your valuable data on your system, so thieves can not retrieve your personal information even when they steal your disks.

If you want a secure connection to share your information, setup VPN.
 
Old 02-13-2007, 10:57 PM   #6
Penguin of Wonder
Senior Member
 
Registered: Sep 2005
Location: West Virginia
Distribution: Gentoo
Posts: 1,249

Rep: Reputation: 45
I don't know what distribution your using or what mail client your using either but I'm using Gentoo and Evolution. Gentoo has a setup guide on how to create your key and such. And then setting up Evolution to use your key to sign and encrypt email is as simple as checking the boxes in your preferences.
http://www.gentoo.org/doc/en/gnupg-user.xml
Although that guide is specifically for Gentoo, other than the installing part, everything else should be the same.
Good luck!
 
Old 02-20-2007, 09:33 AM   #7
depam
Member
 
Registered: Sep 2005
Posts: 824

Original Poster
Rep: Reputation: 30
How about the other end? How will they be able to decrypt the message? Do I have to send out my key to the receiver?
 
Old 02-20-2007, 09:40 AM   #8
Penguin of Wonder
Senior Member
 
Registered: Sep 2005
Location: West Virginia
Distribution: Gentoo
Posts: 1,249

Rep: Reputation: 45
Well if they have a decent mail client like Thunderbird, Evolution, etc. it will check the key server automatically and decrypt for you. You don't send your key to receiver (though you can) you instead send it to the key server, the receiver looks for your key on the server, and then saves it to his keyring of trusted keys.
 
Old 02-20-2007, 09:55 AM   #9
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,231
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
PGP, GPG uses a Public Key and a Private Key as stated earlier to encrypt and decrypt messages.

You PUBLISH your public key on a Key server. I use pgp.mit.edu to publish mine. the key is then replicated to other PGP key servers automatically.

When you encrypt an email you use your Private key to encrypt or sign the message, the other end would retrieve your public key from the key server in order to verify the signature or decrypt the message..

Wait a minute you say.. what good does it do to encrypt a message in that fashion if ANYONE can retrieve my public key from the servers ? You are absolutely correct.. This method is best used for just Signing a message to verify the content has not been changed. if you wish to Send an encrypted message securely to another party you should:

Retrieve the receiving parties Public key from the key server. Use their Public key to encrypt the message you are sending to them. Only their matching private key will be able to decrypt the message that has been encrypted using their public key.

Now on to other important matters when dealing with PGP/GPG
GPG Key Signing Party HOW-TO This document covers how to create your keys, Public/Private/REVOCATION CERTIFICATE. It then goes into detail on how to verify other peoples identities, and how to retrieve their keys from the key server and how to sign them and then how to send the signed key back to the server.. All of this is greatly simplified using the Enigmail plugin with Thunderbird..

NEVER under ANY Circumstances should you let anyone have access to your Private key. If you feel your private key has been compromised, it's time to put your revocation certificate to work to tell the key servers that the old key is invalid. Once you have done that you should generate a new set of keys and a new revocation certificate. Store the Revocation certificate in a safe place.. maybe several because without it you cannot revoke your old keys..

Last edited by farslayer; 02-20-2007 at 09:57 AM.
 
Old 03-01-2007, 08:57 AM   #10
depam
Member
 
Registered: Sep 2005
Posts: 824

Original Poster
Rep: Reputation: 30
Thanks...Very well said.. I'll try to experiment on this one once I have the time.
 
Old 03-01-2007, 05:47 PM   #11
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,231
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
Since this GPG post popped back up today I'll mention the Debian Package of the Day from Feb 18th.. it was called signing-party.

Signing-party provides a little application that will take your public key and format a Page creating a PostScript file you can print out with your email address and Public key signature to hand out at a key signing party.. very handy !!

apt-get install signing-party ghostscript

Code:
default@debian:/~$ gpg --list-public-key
/home/default/.gnupg/pubring.gpg
--------------------------------
pub   1024D/E4FFFFFF 2004-09-30
uid                  My Name (Work Email account) <mynamer@somedomain.com>
sub   1024g/21012345 2004-09-30


pub   1024D/ABCDEF01 2006-12-30 [expires: 2011-12-29]
uid                  myhomeaccount@gmail <myhomeaccount@gmail.com>
sub   2048g/12345ABC 2006-12-30 [expires: 2011-12-29]


default@debian:~$ gpg-key2ps --paper letter ABCDEF01 > mykey.ps && ps2pdf mykey.ps

default@debian:~$ ls mykey*
mykey.pdf  mykey.ps
Now you have a nice PS or pdf file you can print that you can cut up little slips of paper for the Key signing party.. Each slip has your key information nicely formatted..

Really slick !!
 
Old 03-06-2007, 04:53 AM   #12
depam
Member
 
Registered: Sep 2005
Posts: 824

Original Poster
Rep: Reputation: 30
Thanks man...This is very cool!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Which is easier to install on Linux PGP, x.509/PKCS, SAML, or SSO Web Services sdonohue Linux - Software 2 09-26-2006 04:12 PM
Pgp Gins Linux - General 13 08-08-2006 03:29 PM
PGP installation for Mandriva Linux 64 bit program Gins Linux - General 2 05-22-2006 02:08 AM
Pgp Ruishanko Linux - Newbie 13 10-07-2004 03:59 PM
mutt, pgp, mdk linux forand Linux - Software 0 05-23-2003 11:32 AM


All times are GMT -5. The time now is 01:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration