Difference between revisions of "Privacy:PGP"

From Technologia Incognita
Jump to: navigation, search
(Level of safety)
(How to add another person's key from the file)
 
(16 intermediate revisions by 3 users not shown)
Line 3: Line 3:
  
 
PGP section in cryptoparty handbook - [http://mirror-de.cryptoparty.is/handbook/chapter_06_email_encryption/chapter_06_email_encryption.html Chapter 6 Email Encryption]
 
PGP section in cryptoparty handbook - [http://mirror-de.cryptoparty.is/handbook/chapter_06_email_encryption/chapter_06_email_encryption.html Chapter 6 Email Encryption]
 +
 +
LifeHacker: http://lifehacker.com/how-to-encrypt-your-email-and-keep-your-conversations-p-1133495744
 +
 +
More education: tips, video & podcast: http://brakeingsecurity.com/video-using-gpg-and-pgp // http://traffic.libsyn.com/brakeingsecurity/GPG-PGP-video.mp4
 +
  
 
=== Clients ===
 
=== Clients ===
Line 22: Line 27:
 
** Pro: build a web of trust
 
** Pro: build a web of trust
 
** Con: everyone can see your network
 
** Con: everyone can see your network
 +
 +
=== Experiences ===
 +
 +
* phicoh
 +
** gpg1.4 and nmh. Nmh is a command line mail clinet. Some script integrating nmh and gpg can be found at http://faculty.cs.niu.edu/~rickert/mh/
 +
*** it lacks the possibility to reply on a pgp encrypted mail
  
 
[[Category:Privacy]]
 
[[Category:Privacy]]
 +
 +
=== How to replace your current key with a stronger one ===
 +
Narya: this was something I couldn't find easily, so therefore I post it here.
 +
 +
I had generated a new stronger key with Thunderbird/enigmail. Choosing which key to use from the commandline is easy (flag -u YOURPGPID). My Thunderbird client, however, had switched completely to the new key. I actually wanted to send around an e-mail with my new key first, signed by my old key. Couldn't find the right option in Thunderbird anywhere. This is how it was solved (quite easy, but you need to know where to look):
 +
* Close Thunderbird
 +
* Make a backup of ~/.thunderbird/some-code-here/prefs.js
 +
* Search in the prefs.js file for "pgpkeyId" and change the identifier into the identifier of the key you want to use
 +
* Start Thunderbird, et voila
 +
* Sign your new key with your old key
 +
* Now you can send a signed e-mail (signed with your old key) to your friends with your new public key, do the above again, fill in your new identifier... and live happily ever after
 +
 +
==More command line tips==
 +
 +
http://www.laurencegellert.com/2011/04/gnupg-howto-tutorial-notes/
 +
 +
===How to add second email address to your key ===
 +
 +
http://superuser.com/questions/293184/one-gnupg-pgp-key-pair-two-emails
 +
 +
===How to export your key to key-servers===
 +
 +
to push your keyring changes to the key server.
 +
 +
$ gpg --keyserver pool.sks-keyservers.net --send-key xyxyxyxy
 +
 +
To test if it's there: https://sks-keyservers.net/i/
 +
 +
===How to add another person's key from the server if i trust them===
 +
 +
* to make it easier, search for their key from one of the key servers : pool.sks-keyservers.net or ''http://pgp.mit.edu''
 +
 +
gpg --keyserver pgp.mit.edu --search $USER
 +
 +
===How to add another person's key from the file===
 +
 +
gpg --import public.key
 +
 +
===Encrypt & send from the terminal===
 +
 +
gpg --recipient johndoe@server.com --encrypt testfile.txt
 +
(makes testfile.txt.gpg)
 +
 +
===Decrypt on the terminal===
 +
 +
gpg -d $FILENAME
 +
 +
==Related TechInc content==
 +
 +
[[Privacy_Software_Workshop_Series]]
 +
 +
{{#ask: [[Category:Events]] [[Category:Privacy]]| ? Date=|format=ul}}

Latest revision as of 14:47, 8 July 2016

Start using PGP

Why do you need PGP? - by Phil Zimmerman (dutch version)

PGP section in cryptoparty handbook - Chapter 6 Email Encryption

LifeHacker: http://lifehacker.com/how-to-encrypt-your-email-and-keep-your-conversations-p-1133495744

More education: tips, video & podcast: http://brakeingsecurity.com/video-using-gpg-and-pgp // http://traffic.libsyn.com/brakeingsecurity/GPG-PGP-video.mp4


Clients

  • Thunderbird with enigmail - graphical use interface, easy to use
  • GPG command line client - easy to use if you prefer commandline stuff
  • Kleopatra - slowwwww, deinstalled it
  • ...

Level of safety

  • The encrypted message/file is considered safe
    • if your private key isn't compromised (duh)
    • and given that your key is strong enough
  • PGP is not anonymous
    • Sender and receiver IDs are known. Including names if the keys are uploaded to key servers
  • Signing keys of your friends
    • Pro: build a web of trust
    • Con: everyone can see your network

Experiences

  • phicoh
    • gpg1.4 and nmh. Nmh is a command line mail clinet. Some script integrating nmh and gpg can be found at http://faculty.cs.niu.edu/~rickert/mh/
      • it lacks the possibility to reply on a pgp encrypted mail

How to replace your current key with a stronger one

Narya: this was something I couldn't find easily, so therefore I post it here.

I had generated a new stronger key with Thunderbird/enigmail. Choosing which key to use from the commandline is easy (flag -u YOURPGPID). My Thunderbird client, however, had switched completely to the new key. I actually wanted to send around an e-mail with my new key first, signed by my old key. Couldn't find the right option in Thunderbird anywhere. This is how it was solved (quite easy, but you need to know where to look):

  • Close Thunderbird
  • Make a backup of ~/.thunderbird/some-code-here/prefs.js
  • Search in the prefs.js file for "pgpkeyId" and change the identifier into the identifier of the key you want to use
  • Start Thunderbird, et voila
  • Sign your new key with your old key
  • Now you can send a signed e-mail (signed with your old key) to your friends with your new public key, do the above again, fill in your new identifier... and live happily ever after

More command line tips

http://www.laurencegellert.com/2011/04/gnupg-howto-tutorial-notes/

How to add second email address to your key

http://superuser.com/questions/293184/one-gnupg-pgp-key-pair-two-emails

How to export your key to key-servers

to push your keyring changes to the key server.

$ gpg --keyserver pool.sks-keyservers.net --send-key xyxyxyxy

To test if it's there: https://sks-keyservers.net/i/

How to add another person's key from the server if i trust them

  • to make it easier, search for their key from one of the key servers : pool.sks-keyservers.net or http://pgp.mit.edu
gpg --keyserver pgp.mit.edu --search $USER

How to add another person's key from the file

gpg --import public.key

Encrypt & send from the terminal

gpg --recipient johndoe@server.com --encrypt testfile.txt 
(makes testfile.txt.gpg)

Decrypt on the terminal

gpg -d $FILENAME

Related TechInc content

Privacy_Software_Workshop_Series