Zurück

Email Security using Public Key Cryptography

Introduction

Anyone using Email that is concerned about the security of the data being transferred should use Public Key Encryption. There are several open source software tools like GnuPG and WinPt to accomplish these tasks.

The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely. The need for sender and receiver to share secret keys via some secure channel is eliminated; all communications involve only public keys, and no private key is ever transmitted or shared.

This Tip describes the installation and use of GnuPG and WinPt

If you want to send an encrypted mail to somebody, you encrypt it using the public key. Only the addressee himself will be able to decrypt it using his private key.

  • GnuPG (http://www.gnupg.org)

GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application.

Installation

- Get the latest GnuPG distribution from http://www.gnupg.org.
- Open the zipped file with an unzip utility.
- Extract the files to a directory on your PC, e.g. D:\GnuPG.

  • WinPt

WinPT (Windoze Privacy Tray) is a taskbar utility for doing data en- or decryption. This program is free software under the terms of the GNU GPL. For this WinPT uses the GNU Privacy Guard, because it's a widlely and free utility for this purposes. WinPT is a so called "Frontend" for the GnuPG. The program acts very similar to another program from the PGP(r) scene. It supports all common commands for en- and decryption, key transport with the clipboard and of course to create and the verification of signatures.

Installation

- Get the latest WinPt distribution
- Open the zipped file with an unzip utility.
- Extract the files to a directory on your PC, e.g. D:\WinPT.

Configuration of GnuPG / WinPt

Setup Windows Registry for GnuPG

Create the following entries in your registry (regedit) under the path:

HKEY_CURRENT_USER\Software\GNU\GnuPG:

Key

Value

gpgProgram

D:/GnuPG/gpg.exe
( or wherever you installed GnuPG to - use slashes, not backslashes! )

HomeDir

C:/Users/Zahn/PGP
( where you want to keep your key files, key rings and so on )

WinPT Keygeneration

  • Run WinPT by double-clicking the executable.
  • A new icon should appear in your system tray.
  • Right-click the icon and choose GnuPG->Key Generation.

Enter the required fields. Recommended Settings:

 

Prompt

Value

Subkey length

1024

User name

Your full name (e.g. Martin Zahn).

Comment

Not required, but you can place a hint that you can remember the passphrase. Remember that this is stored with your public key and visible to everybody.

Email address

The email address you want to use the key for
(e.g. martin dot zahn at akadia dot ch).

Passphrase

A complicated phrase or word with at least 6 characters that you can easily remember.

Repeat Passphrase

The same again (can you remember it? ;-).

Press Start to generate your key. System activity will influence the random number generator - move your mouse! When the key generation is finished, a small pop-up window with the message "Keygeneration finished" will appear. Choose OK. End the Key generation.

Usage

Public Key Cryptography

If you want to send an encrypted mail to somebody, you encrypt it using the addressees public key. Only the addressee himself will be able to decrypt it using his private key.

It is very important to keep your private key PRIVATE.

Please inform yourself about these concepts in detail using the following PDF document 

Import other users public key into your keyring

Get the addressees public key from a trusted source. Put it into your clipboard (CTRL-A, CTRL-Z) and import it into your keyring by right-clicking the WinPT icon and choosing Keys->Import from clipboard. You can always see the imported keys by choosing GnuPG->Key management.

Encrypt an Email Message

  • Type your message in your favorite email client or any Editor
  • Select the Text and copy it to the Clipboard (CTRL-A, CTRL-C)
  • Choose "Encrypt Clipboard" from the WinPT menu (Right Click the Task Bar)
  • Choose the addressee from the key pop-up window and click OK
  • Copy the content of the encrypted text in the clipboard to the email client (CTRL-V)

Decrypt an Email Message

  • Either copy the encrypted message to the clipboard ( CTRL-A, CTRL-C) and choose "Decrypt clipboard" from the WinPT menu or make sure the message is editable in the mail client and choose "Current window"->Decrypt in the WinPT menu.
     
  • You will be prompted for your passphrase. The comment of the key is displayed in brackets, this could hint you for the correct one... If you can remember it, the message will get decrypted (in the clipboard or the current window).

  • Open the editor of your choice (not the Email Tool, which is usually read only) and paste the current content of the clipboard to the editor using CTRL-V