summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pgp.adoci68
-rw-r--r--practicals.adoc1
2 files changed, 69 insertions, 0 deletions
diff --git a/pgp.adoci b/pgp.adoci
new file mode 100644
index 0000000..b48322b
--- /dev/null
+++ b/pgp.adoci
@@ -0,0 +1,68 @@
+== PGPv8 Practical, Week 11 ==
+
+=== Problem 1: generating enough entropy ===
+
+Because entropy is mainly generated by hardware components, it is quite
+difficult to generate it quickly on a virtual machine which lacks hardware
+access.
+
+To generate our key quickly, we generate it (using 'gpg --gen-key') on a
+dedicated machine. But then we have to find a way to export it to our VM (using
+a trusted channel).
+
+==== Resolution ====
+
+A quick look at the manpage 'gpg (1)' gives us the following commands
+('D417B848' being our key ID). 'gpg' will prompt us our passphrase.
+
+ $ gpg --export-secret-keys D417B348 > key.asc
+
+Then, using 'rsync', we can upload our 'key.asc' file.
+
+Last but not least, back to our virtual machine, we can import the key using:
+
+ $ gpg --import key.asc
+
+=== Problem 2: testing the key to sign an email ===
+
+We will know try to sign an email with our private key and see if a client can
+verify our signature depending if he possesses our public key or not.
+
+==== Resolution ====
+
+Using 'mutt', we send en email signed with our private key. On another machine,
+we use it again to fetch the new emails. 'mutt' gives us the following warning:
+
+ > gpg: Signature made Sat 17 Jan 2015 14:45:31 GMT using RSA key ID D417B348
+ > gpg: Can't check signature: public key not found
+
+That output confirms us that this client cannot verify our signature because he
+does not possess our public key. We will know install it on his machine using:
+
+ $ gpg --recv-keys --keyserver keyserver.ubuntu.com D417B348
+
+This time, 'mutt' gives us the following information:
+
+ > PGP signature successfully verified.
+
+=== Problem 3: testing the key to encrypt an email ===
+
+This time, we want to encrypt an email with someone's public key so that only
+the ones possessing the associated private key will be able to decrypt it.
+
+==== Resolution ====
+
+Using, 'mutt', we encrypt the following email using the public key 'D417B348'
+and send it to an account accessible from our virtual machine.
+
+ > Can you see this content ?
+
+On the virtual machine, 'mutt' prompts us our passphrase. After entering it, we
+obtain the following decrypted output which confirms that we just succeeded.
+
+ > [-- The following data is PGP/MIME encrypted --]
+ >
+ > Can you see this content?
+ >
+ > [-- End of PGP/MIME encrypted data --]
+
diff --git a/practicals.adoc b/practicals.adoc
index d09fdd3..84b7bac 100644
--- a/practicals.adoc
+++ b/practicals.adoc
@@ -5,3 +5,4 @@ include::ldap2.adoci[]
include::dns.adoci[]
include::ssl.adoci[]
include::firewall.adoci[]
+include::pgp.adoci[]