== PGPv8 Practical, Week 11 == === Problem 1: generating enough entropy === Because entropy is mainly generated by hardware components, it is quite difficult to generate it quickly on a virtual machine which lacks hardware access. To generate our key quickly, we generate it (using 'gpg --gen-key') on a dedicated machine. But then we have to find a way to export it to our VM (using a trusted channel). ==== Resolution ==== A quick look at the manpage 'gpg (1)' gives us the following commands ('D417B848' being our key ID). 'gpg' will prompt us our passphrase. $ gpg --export-secret-keys D417B348 > key.asc Then, using 'rsync', we can upload our 'key.asc' file. Last but not least, back to our virtual machine, we can import the key using: $ gpg --import key.asc === Problem 2: testing the key to sign an email === We will know try to sign an email with our private key and see if a client can verify our signature depending if he possesses our public key or not. ==== Resolution ==== Using 'mutt', we send en email signed with our private key. On another machine, we use it again to fetch the new emails. 'mutt' gives us the following warning: > gpg: Signature made Sat 17 Jan 2015 14:45:31 GMT using RSA key ID D417B348 > gpg: Can't check signature: public key not found That output confirms us that this client cannot verify our signature because he does not possess our public key. We will know install it on his machine using: $ gpg --recv-keys --keyserver keyserver.ubuntu.com D417B348 This time, 'mutt' gives us the following information: > PGP signature successfully verified. === Problem 3: testing the key to encrypt an email === This time, we want to encrypt an email with someone's public key so that only the ones possessing the associated private key will be able to decrypt it. ==== Resolution ==== Using, 'mutt', we encrypt the following email using the public key 'D417B348' and send it to an account accessible from our virtual machine. > Can you see this content ? On the virtual machine, 'mutt' prompts us our passphrase. After entering it, we obtain the following decrypted output which confirms that we just succeeded. > [-- The following data is PGP/MIME encrypted --] > > Can you see this content? > > [-- End of PGP/MIME encrypted data --]