From 8766babbf9c9684f926a9d20597263cfdb999154 Mon Sep 17 00:00:00 2001 From: Olivier Gayot Date: Sat, 17 Jan 2015 17:52:33 +0100 Subject: added content about the PGP practical Signed-off-by: Olivier Gayot --- pgp.adoci | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 pgp.adoci (limited to 'pgp.adoci') diff --git a/pgp.adoci b/pgp.adoci new file mode 100644 index 0000000..b48322b --- /dev/null +++ b/pgp.adoci @@ -0,0 +1,68 @@ +== PGPv8 Practical, Week 11 == + +=== Problem 1: generating enough entropy === + +Because entropy is mainly generated by hardware components, it is quite +difficult to generate it quickly on a virtual machine which lacks hardware +access. + +To generate our key quickly, we generate it (using 'gpg --gen-key') on a +dedicated machine. But then we have to find a way to export it to our VM (using +a trusted channel). + +==== Resolution ==== + +A quick look at the manpage 'gpg (1)' gives us the following commands +('D417B848' being our key ID). 'gpg' will prompt us our passphrase. + + $ gpg --export-secret-keys D417B348 > key.asc + +Then, using 'rsync', we can upload our 'key.asc' file. + +Last but not least, back to our virtual machine, we can import the key using: + + $ gpg --import key.asc + +=== Problem 2: testing the key to sign an email === + +We will know try to sign an email with our private key and see if a client can +verify our signature depending if he possesses our public key or not. + +==== Resolution ==== + +Using 'mutt', we send en email signed with our private key. On another machine, +we use it again to fetch the new emails. 'mutt' gives us the following warning: + + > gpg: Signature made Sat 17 Jan 2015 14:45:31 GMT using RSA key ID D417B348 + > gpg: Can't check signature: public key not found + +That output confirms us that this client cannot verify our signature because he +does not possess our public key. We will know install it on his machine using: + + $ gpg --recv-keys --keyserver keyserver.ubuntu.com D417B348 + +This time, 'mutt' gives us the following information: + + > PGP signature successfully verified. + +=== Problem 3: testing the key to encrypt an email === + +This time, we want to encrypt an email with someone's public key so that only +the ones possessing the associated private key will be able to decrypt it. + +==== Resolution ==== + +Using, 'mutt', we encrypt the following email using the public key 'D417B348' +and send it to an account accessible from our virtual machine. + + > Can you see this content ? + +On the virtual machine, 'mutt' prompts us our passphrase. After entering it, we +obtain the following decrypted output which confirms that we just succeeded. + + > [-- The following data is PGP/MIME encrypted --] + > + > Can you see this content? + > + > [-- End of PGP/MIME encrypted data --] + -- cgit v1.2.3