|
List Info
Thread: PGP on Email
|
|
| PGP on Email |
|
2006-10-17 06:14:36 |
|
Hi, please my question preceding [NOEL]
On Mon, 2006-10-16 at 22:38 -0500, Robert J. Hansen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> noell888 wrote:
> > I want my email to have PGP signed, however i am new to this stuff
>; and
> > i need your help.
>;
> Always happy to help. Welcome to the OpenPGP family. 
>
> > I installed gnupg 1.9.19.2 on kubuntu 6.10
>
> This was your first mistake.
>
> GnuPG 1.9 is the experimental branch. It's not for regular users, and
> it's especially not for people who are just beginning. GnuPG 1.4.5 is
> the latest release of the stable branch. Ubuntu should ship with
> either
> that or 1.4.4.
[NOEL] Okay, I am using Version: GnuPG v1.4.2.2 (GNU/Linux) now. thats
the latest I could get on synaptic hope this okay.
>
> > Then I went to my email client evolution, then Accounts > Security
> and
> > I put the GPG Key E1B98766.
>
> I'd recommend you list the GnuPG key as "0xE1B98766";, though. The
> preceding "0x" is shorthand for "this is the hexadecimal key ID". It's
> a further hint to Evolution and GnuPG that it should look for a key
> with
> ID E1B98766, not a user ID with a name of E1B98766.
[NOEL] I already put 0x
>
> > Is it safe to give out or let other people know my PGP key?
>
> Yep. Feel free to take out a full-page ad in the _New York Times_ and
> tell the entire world your public key. The public key is meant to be
> shared. It doesn't even matter if you share it with your enemies or
> people who want to read your mail. That's the magic of asymmetric
> cryptography.
>
> Your private key should be protected with a strong
> passphrase--something
> long and difficult to guess. If you put a strong passphrase on your
> private key, then feel free to put that in the _New York Times_, too.
> But if your passphrase is weak, then you should definitely keep your
> private key a secret.
[NOEL] What is the private key? where can I find it? sorry for this
dumb question, as i am very new to this stuff.
> > Also, what's the use of keyserver?
>
> Keyservers are like web servers for OpenPGP keys.
>;
> With a web server, you connect to a remote machine and you get back a
> web document. With a key server, you connect to a remote machine and
> you can send or retrieve public keys.
>;
> For instance, add the following two lines to your ~/.gnupg/gpg.conf
> file:
>;
> keyserver x-hkp://random.sks.keyserver.penguin.de
> keyserver-options import-clean-sigs import-clean-uids
> export-clean-sigs export-clean-uids
[NOEL] is keyserver x-hkp://random.sks.keyserver.penguin.de is the only
server that I can use or there are others that I can choose from?
>
> (The second line is all meant to be one long line. Put it all on a
> single line, and skip the backslash. When you see UNIX commands
> printed
> out, a backslash at the end of the line means "this command continues
> on the next line". The backslash isn't part of the actual command.)
>
> Once you have those two lines, try:
>
> gpg --recv-key 0xfeaf8109
>
> ... and presto, you'll import my public key to your keyring. It's kind
> of convenient, isn't it?
[NOEL] why is very important for me to download or import your public
key? when I send email to my yahoo with PGP on it, i can view it all
the way.
When I send email with PGP sign and PGP Encrypt I encounter error
"Failed to execute gpg: Broken pipe", you may need to select different
mail options." but if I send without PGP encrypt, no error.
Also, whenever I send email, it asked me "You need a passphrase to
unlock the key for user: "Noel Lee (dh) < noel%40leeph.net">noel leeph.net>"
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iQEcBAEBCgAGBQJFNFAjAAoJELcA9IL+r4EJ0ykIAI7QDnoTBSf9ODPI5jfN1eHq
>; o6BDiI9KXXGKH3l7qkKEl5U4A/4tu3x62d7r1vrmZH4yfpruq�3;nuHXKa+9eNST8E
> NC5ANkWLC3YSsgXKzegeQHgBmxyiNZ97tlQMzKhn37EmSW1aij5yX0pdLSx51dXq
> OS0LNdBxp0iDTyHsyxVWev9MVt8bZne+P6Uq+hdOYnTmlmFOP1qRajGTgBiSGuOs
> kfHsI+Z0TcfS8edgD6dwxyYF5uFgwEckP7E9G6vCe0QK1WNbLpPvRaWlA/x0mi61
>; 8Mp8Q1LIbYt2mkxTK/iNuZEejbKZnh8iQuuTJCyXn1WrsjB4kfiXCxygY/qAOEc=
> =kF2Z
>; -----END PGP SIGNATURE-----
[NOEL] and how can i attached something like this? my was a
attachedment.
__._,_.___
.
__,_._,___
|
| PGP on Email |
|
2006-10-17 06:29:39 |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Noel Lee wrote:
> Okay, I am using Version: GnuPG v1.4.2.2 (GNU/Linux) now. thats the
> latest I could get on synaptic hope this okay.
Sure is.
>; I already put 0x
Good.
> What is the private key? where can I find it? sorry for this dumb
> question, as i am very new to this stuff.
Asymmetric cryptography uses two different keys. These keys are
special: each one can undo the other one, but it can't undo itself.
If you encrypt something using the first key, only the second key can
decrypt it. If you encrypt something using the second key, only the
first key can decrypt it.
What we do is publish one of the keys, and keep the other one just for
ourselves. The one we publish is called the public key. The one we
keep for ourselves is called the private key.
When you created your new key, GnuPG actually created a pair of keys.
One of these keys GnuPG put in the file "~/.gnupg/pubring.gpg";, and the
other one GnuPG put in the file "~/.gnupg/secring.gpg";.
To list all of your public keys, type:
gpg --list-keys
To list all of your private keys, type:
gpg --list-secret-keys
> is keyserver x-hkp://random.sks.keyserver.penguin.de is the only
> server that I can use or there are others that I can choose from?
Most keyservers are equal. They talk to each other often, and make sure
all their keys are kept in sync. As long as you're using a keyserver
that's part of the keyserver network, there's no difference which
keyserver you use.
> why is very important for me to download or import your public key?
Because otherwise, how can you send me encrypted messages?
Otherwise, how can you verify my signatures?
When we talk about 'signing' a document, what we really mean is we're
going to encrypt the message with our private key. Then, the rest of
the world--which has our public key--can decrypt it. If our public key
can decrypt the message, then they know the private key must have
encrypted it; and since we're the only ones who have our private key,
they know the message came from us.
(It gets more complicated than this, but for a simple explanation, it'll
do fine.)
The moral of the story is this: it's very important for other people to
have your public key. It's very important for you to have other
people's public keys. Without public keys, you can't use GnuPG either
to encrypt or sign messages.
> Also, whenever I send email, it asked me "You need a passphrase to
> unlock the key for user: "Noel Lee (dh) < noel%40leeph.net">noelleeph.net>"
Yes. You use the passphrase that you set up when you created your key.
> and how can i attached something like this? my was a attachedment.
You'd have to ask an Evolution user. The last I heard, Evolution's
support for GnuPG was very poor.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJFNHhTAAoJELcA9IL+r4EJAfQIAIiZh3NU9tNwAILO�3;FK0FL�3;R
fgMhQxo6JNEJfINBpYtHkE0xpnmNzASzyvLFGatgNGo1nLsDJ7qmfqsCSsNzgXlW
E3nmkwv90L1AbUsAuIxdEYIEwQTlm3qEEd+xME9+69uxcPAnDyrEWrGTIyfyYH/L
+33b6gab08o59RlfDRjiGEfMSsQzOs1o8p7ax0N2I9p1Hxg8z0hiOS9Fp32p0idb
iVK6eLfI6QfJAR1Cwgpca8veaT13SP20R4dh7gLIoa6V4W8UHntD29d6whWHgZUE
uWOpQuLiGzkVXeDL23Iz4UEx+DES7r2MqFRk1m5NvBaG6ChBpbJbllOvypcuFoQ=
=k2el
-----END PGP SIGNATURE-----
__._,_.___
.
__,_._,___
|
| PGP on Email |
|
2006-10-17 08:29:16 |
|
On Tue, 2006-10-17 at 01:29 -0500, Robert J. Hansen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Noel Lee wrote:
> > Okay, I am using Version: GnuPG v1.4.2.2 (GNU/Linux) now. thats the
> > latest I could get on synaptic hope this okay.
>;
> Sure is.
>
> > I already put 0x
>
> Good.
>
> > What is the private key? where can I find it? sorry for this
> dumb
> > question, as i am very new to this stuff.
>
> Asymmetric cryptography uses two different keys. These keys are
> special: each one can undo the other one, but it can't undo itself.
>
> If you encrypt something using the first key, only the second key can
> decrypt it. If you encrypt something using the second key, only the
> first key can decrypt it.
>
> What we do is publish one of the keys, and keep the other one just for
> ourselves. The one we publish is called the public key. The one we
> keep for ourselves is called the private key.
>
> When you created your new key, GnuPG actually created a pair of keys.
>; One of these keys GnuPG put in the file "~/.gnupg/pubring.gpg";, and
> the
> other one GnuPG put in the file "~/.gnupg/secring.gpg";.
>
> To list all of your public keys, type:
>;
> gpg --list-keys
>
> To list all of your private keys, type:
>;
> gpg --list-secret-keys
[NOEL] I tried to enter those commands, here's the result.
noelnoel-laptop:~$ gpg --list-key
/home/noel/.gnupg/pubring.gpg
-----------------------------
pub 1024D/68CAD6A7 2006-10-17
uid Noel Lee (LeePH) < noel%40leeph.net">noelleeph.net>
sub 1024g/EB763AA8 2006-10-17
noelnoel-laptop:~$ gpg --list-secret-key
/home/noel/.gnupg/secring.gpg
-----------------------------
sec 1024D/68CAD6A7 2006-10-17
uid Noel Lee (LeePH) < noel%40leeph.net">noelleeph.net>
ssb 1024g/EB763AA8 2006-10-17
the pub and secret are the same? i have no pub key of other imported.
>
> > is keyserver x-hkp://random.sks.keyserver.penguin.de is the only
> > server that I can use or there are others that I can choose from?
>;
> Most keyservers are equal. They talk to each other often, and make
> sure
> all their keys are kept in sync. As long as you're using a keyserver
> that's part of the keyserver network, there's no difference which
>; keyserver you use.
>
> > why is very important for me to download or import your public key?
>
> Because otherwise, how can you send me encrypted messages?
>
> Otherwise, how can you verify my signatures?
>
> When we talk about 'signing' a document, what we really mean is we're
>; going to encrypt the message with our private key. Then, the rest of
> the world--which has our public key--can decrypt it. If our public key
> can decrypt the message, then they know the private key must have
> encrypted it; and since we're the only ones who have our private key,
> they know the message came from us.
>
> (It gets more complicated than this, but for a simple explanation,
> it'll
>; do fine.)
>
> The moral of the story is this: it's very important for other people
> to
> have your public key. It's very important for you to have other
>; people's public keys. Without public keys, you can't use GnuPG either
> to encrypt or sign messages.
[Noel] Thanks.. I inderstand it already
>
> > Also, whenever I send email, it asked me "You need a passphrase to
> > unlock the key for user: "Noel Lee (dh) < noel%40leeph.net">noelleeph.net>"
>
> Yes. You use the passphrase that you set up when you created your key.
>
> > and how can i attached something like this? my was a
> attachedment.
>
> You'd have to ask an Evolution user. The last I heard, Evolution's
> support for GnuPG was very poor.
[NOEL] You're right, Evolution support for GnuPG is very poor, I cant
get message to be encrypted, unlike in Thunderbird with enigmail.
__._,_.___
.
__,_._,___
|
| PGP on Email |
|
2006-10-17 09:02:55 |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Noel Lee wrote:
> the pub and secret are the same? i have no pub key of other imported.
They're not the same. However, they do have the same identifier, yes.
When you typed those two commands, you saw four different key listings,
but only two different identifiers for them. That's because the public
and private parts of an asymmetric keypair use the same identifier.
For instance, my key 0xFEAF8109 has a public part and a private part.
Both are labeled 0xFEAF8109.
> You're right, Evolution support for GnuPG is very poor, I cant get
> message to be encrypted, unlike in Thunderbird with enigmail.
Jump in the Wayback Machine to spring of 2000. PGP was still owned by
Network Associates and Evolution was just beginning to have GnuPG support.
One of the PGP/Network Associates engineers--one of the guys responsible
for trying to port PGP 7.x to UNIX--was doing interoperability testing
with Evolution and discovered Evolution was doing a few things wrong.
Namely, it had no support for inline OpenPGP (the way this message here
is signed, for instance), and would only support PGP/MIME.
This was a problem for many reasons. PGP/MIME has never been
well-supported by email clients. Many mailing lists strip off
attachments. The number of inline OpenPGP users outnumbers PGP/MIME
users by at least a factor of ten. For these and many more reasons, it
was important that Evolution support inline OpenPGP.
This engineer popped on IRC and found the guy who was writing--who is
still writing--most of Evolution's crypto support. (In the interests of
not embarrassing him, he'll go nameless.) The engineer explained to the
Evolution geek what the problem was and why it needed to be fixed, and
even ways it could be fixed.
The Evolution geek was adamant there was no problem at all. He said
RFC3156 was the "definitive"; standard for email encryption and for that
reason he wasn't going to waste a minute of time on inline PGP support.
As the engineer explained things in more detail, the Evolution geek got
increasingly angry, finally exploding and saying that whoever the other
guy was, he certainly didn't know anything about cryptography or the
OpenPGP standard and he should try implementing it sometime!
Then he looked up the engineer's IP address and domain and saw it
resolved to PGP.com. Other people noticed it, too, and there was much
laughter directed at the Evolution geek. The Evolution geek's response
was to boot-and-ban the PGP engineer from the IRC channel.
It lasted all of about five minutes, before Ettore Perazzoli--a name I
only mention because (a) he's dead, and (b) he was professional and
courteous the entire time--brought the PGP engineer back and removed the
Evolution geek's channel moderator privileges. The PGP engineer and
Ettore talked at length for a while about how to change Evolution to
support inline PGP.
(If you're wondering how I know all this, I was in the IRC channel while
it was happening. It was half comedy, half tragedy.)
Six years later, Evolution _still_ has no support for inline PGP.
I am not very impressed with the people who have written Evolution's
crypto support, and I am not impressed with the fact that even after six
years a major bug has not been addressed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJFNJw/AAoJELcA9IL+r4EJu9oIAKW/uHBM8BfcLYFLllGfi39B
xrFD04KzXE2�3;NIH76uCRnu0AwkzuvU/arSQ52zAjWru28Qak22TjeUqMHdr4WTt2
1+Fv3aJaWMXkkN6weKfADlrwmUIX7dC2ROz/UsnYH0ad+2uEWeZ5xi4oC6X1RL8n
T0JVm0vg5Od7Z/vJYFWKCv4JRIEyzL/AX4fcIGGevsf0EWXT+7MLjeGPIysswrHo
VOrS7DHiaMJCQE8O6gmTBY4p9exnD1Xw2iwVoq+r5HpooTSYD5eZXE8Wxl8kyzEe
KmjvOOr24tIUX9+OpuKWVYyxv/dngJEoMY9ehsW9TkoZbDrtTxopBAg77ogqZrw=
=zg4C
-----END PGP SIGNATURE-----
__._,_.___
.
__,_._,___
|
[1-4]
|
|