1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
== PGPv8 Practical, Week 11 ==
The purpose of this practical is to learn how to use PGP for encrypting and
decrypting data.
At the end of the practical, we should be able to verify the authenticity of
emails using digital signatures. Moreover, we should be able to encrypt emails
so that only the desired people can decrypt them.
=== Problem 1: generating enough entropy ===
Because entropy is mainly generated by hardware components, it is quite
difficult to generate it quickly on a virtual machine which lacks hardware
access.
To generate our key quickly, we generate it (using 'gpg --gen-key') on a
dedicated machine. But then we have to find a way to export it to our VM (using
a trusted channel).
==== Resolution ====
A quick look at the manpage 'gpg (1)' gives us the following commands
('D417B848' being our key ID). 'gpg' will prompt us our passphrase.
$ gpg --export-secret-keys D417B348 > key.asc
Then, using 'rsync', we can upload our 'key.asc' file.
Last but not least, back to our virtual machine, we can import the key using:
$ gpg --import key.asc
=== Problem 2: testing the key to sign an email ===
We will now try to sign an email with our private key and see if a client can
verify our signature depending if he possesses our public key or not.
==== Resolution ====
Using 'mutt', we send en email signed with our private key. On another machine,
we use it again to fetch the new emails. 'mutt' gives us the following warning:
> gpg: Signature made Sat 17 Jan 2015 14:45:31 GMT using RSA key ID D417B348
> gpg: Can't check signature: public key not found
That output confirms us that this client cannot verify our signature because he
does not possess our public key. We will now install it on his machine using:
$ gpg --recv-keys --keyserver keyserver.ubuntu.com D417B348
This time, 'mutt' gives us the following information:
> PGP signature successfully verified.
=== Problem 3: testing the key to encrypt an email ===
This time, we want to encrypt an email with someone's public key so that only
the ones possessing the associated private key will be able to decrypt it.
==== Resolution ====
Using, 'mutt', we encrypt the following email using the public key 'D417B348'
and send it to an account accessible from our virtual machine.
> Can you see this content ?
On the virtual machine, 'mutt' prompts us our passphrase. After entering it, we
obtain the following decrypted output which confirms that we just succeeded.
> [-- The following data is PGP/MIME encrypted --]
>
> Can you see this content?
>
> [-- End of PGP/MIME encrypted data --]
|