 | PGP - Pretty Good Privacy [Why, What and How] |
In this blog, I will be discussing about a common technique used for encryption and decryption.
First of all, we will discuss on the importance of encryption and decryption. Encryption is the method of disguising plain text in such a way as to hide its substance from everyone and just provide the key/code/algorithm for people who need the access to the content. Decryption is the opposite of Encryption. The process of reverting the encrypted cypher text to read the original contents is known as Decryption.
There are many different ways of encrypting/decrypting content. Some of them are given below.
- Using different cryptographic algorithms to encrypt the content and then decrypt the content using the reverse algorithm. For example, RSA is one of the most commonly used algorithm.
- Using secret-key or symmetric key algorithm for encrypting/decrypting the content. Here in this case, we use the same key for both encryption and decryption. For example, DES is one of the most commonly used symmetric key algorithm.
- Using secure hash algorithms to hash an arbitrary length bytestring in to a 128 bit value. For example, MD5 is an example of one such algorithm.
For our demonstration, I will be downloading the version [PGP v6.5.8] which is part of the PGPi project. The PGPi project is a non-profit initiative, whose purpose is to make PGP freely and legally available worldwide. The project is largely based on unpaid, voluntary effort by security and privacy minded individuals.
To install the PGP, we have to first unzip the downloaded distribution into a directory. The next step is to run the setup.exe under the distribution <pgp_directory>. This will install PGP. To check if it got installed correctly, just type in the following command in the command line as shown below.
There are 3 major commands line arguments for PGP.
- pgp -h: This is used for getting the usage summary and help on how to use the commands for getting the right results. If you type in this command in the command prompt, you will see as shown below.
- pgp -k: This is used for getting the key management functions. This can be used to create/generate our own public/private key pair, or to extract a copy from the public or secret key pair, or to sign someone else's public key on our public key ring. If you type in this command in the command prompt, you will see as shown below.
- pgp -g: This is used for using the group management functions. This command can be used for adding keys to a group, view the contents of a group. If you type in this command in the command prompt, you will see as shown below.
As a next step, we will see on how to generate a private/public key pair and then use that for encrypting a file and later decrypt it to see if it is actually working. Also we will see how to extract the public key from the key ring for distribution to outside vendors so that they can use it for encrypting the file and send it to us for decrypting it using our private key.
Type the following command in the command for starting the process to generate a public/private key pair.
cmd> pgp -kg
The next step is to select one of the public key algorithms. Here we have the following options:
1) DSS/DH (a.k.a. DSA/ElGamal) (default)
2) RSA
Choose 1 or 2: I will be selecting option 2 to select the RSA public key algorithm.
2) RSA
Choose 1 or 2: I will be selecting option 2 to select the RSA public key algorithm.
The next step required to pick the RSA key size. Here we have the following options:
1) 1024 bits- High commercial grade, secure for many years
2) 2048 bits- "Military" grade, secure for forseeable future
Choose 1, 2, or enter desired number of bits: I will be selecting option 1 to select 1024 bits.
2) 2048 bits- "Military" grade, secure for forseeable future
Choose 1, 2, or enter desired number of bits: I will be selecting option 1 to select 1024 bits.
The next step is to provide a user id for our public key. This key is important because this key is what we use for encryption and also to extract the public key for distribution.
You need a user ID for your public key. The desired form for this user ID is your name, followed by your E-mail address enclosed in <angle brackets>, if you have an E-mail address.
For example: John Q. Smith <jqsmith@nai.com>
Enter a user ID for your public key: I will be providing a user id as 'javaclickonline.blogspot.com'.
For example: John Q. Smith <jqsmith@nai.com>
Enter a user ID for your public key: I will be providing a user id as 'javaclickonline.blogspot.com'.
The next step is to enter the validity period of your signing key.
Enter the validity period of your signing key in days from 0 - 10950
0 is forever (the default is 0): 0
0 is forever (the default is 0): 0
The next step is add a pass phrase to protect our RSA secret key. A passphrase is a longer version of a password, and in theory, a more secure one. Typically composed of multiple words, a passphrase is more secure against standard dictionary attacks, wherein the attacker tries all the words in the dictionary in an attempt to determine your password. The best passphrases are relatively long and complex and contain a combination of upper and lowercase letters, numeric and punctuation characters.
You need a pass phrase to protect your RSA secret key.
Your pass phrase can be any sentence or phrase and may have many words, spaces, punctuation, or any other printable characters.
Your pass phrase can be any sentence or phrase and may have many words, spaces, punctuation, or any other printable characters.
Enter pass phrase: I will be providing a pass phrase as 'pgp-javaclickonline secret key'.
Enter same pass phrase: Re-enter the same pass phrase entered above.
The next step is make this key the default signing key or not. Here in our scenario, I am selecting 'Y' to make it the default signing key.
With this the key generation is completed. See the below screenshot to demonstrate all the steps dicussed above for generating the public/private key pair.
The next step is to extract the public key from the key ring and then send it to any outside public. This key can be used for encrypting a file. For extracting the public key, we need to type the following command.
cmd>pgp -kx <user id>
We have to type the same user id we used while generating the key pair. If it finds any key in the key ring for the specified user id, we have to provide a file path for exporting the key. Here in our case, I have given the file path as 'C:\pgp\pgpjavaclickonline'.
See below screenshot for the above mentioned steps.
The next step is to encrypt a file from one machine [to show that it is a different vendor] using the public key and then decrypt the file from another machine using our private key.
To encrypt the file, we need to import the public key file [pgpjavaclickonline.pgp] on the vendor machine.
For importing the public key, type the following command in the command prompt and select 'Y' to add the key to the key ring.
cmd>pgp +force -ka <path to exported public key>
See below for the screenshot showing how to import the public key. The user id for the public key will be displayed as an output. This user id is required while performing encryption.
PS: See the ipconfig I have included on the top of the picture. This was done to show that it is running in a different machine.
The next step is to encrypt the file. For encrypting a file we need to create a simple plain text file as shown below.
Now in order to encrypt the file, type the following command onto the command prompt.
cmd>pgp +force -ea <file to encrypt> <user id> -o <file path to encrypted output file>
The contents of the encrypted file is a cypher text and is gibberish. It looks as shown below.
Now that we have encrypted the file. We can go to the other machine and see if we can decrypt the file.
For decrypting the file, we need to type the following command on to the command prompt.
cmd>pgp +force <pgp encrypted file> -z <user id> -o <file path to decrypted output file>
PS: See the ipconfig I have included on the top of the picture. This was done to show that it is running in a different machine.
The contents of the decrypted file is a plain text as shown below.
To summarize, we learned how to generate a public/private key pair. We also learned on how to extract the public key and then import it on a different machine. And finally we learned how to encrypt and decrypt a file using PGP.
If you want to read more on PGP, you can go to the following web site. This is the International PGP Home page - http://www.pgpi.org/doc
cmd>pgp -kx <user id>
We have to type the same user id we used while generating the key pair. If it finds any key in the key ring for the specified user id, we have to provide a file path for exporting the key. Here in our case, I have given the file path as 'C:\pgp\pgpjavaclickonline'.
See below screenshot for the above mentioned steps.
The next step is to encrypt a file from one machine [to show that it is a different vendor] using the public key and then decrypt the file from another machine using our private key.
To encrypt the file, we need to import the public key file [pgpjavaclickonline.pgp] on the vendor machine.
For importing the public key, type the following command in the command prompt and select 'Y' to add the key to the key ring.
cmd>pgp +force -ka <path to exported public key>
See below for the screenshot showing how to import the public key. The user id for the public key will be displayed as an output. This user id is required while performing encryption.
The next step is to encrypt the file. For encrypting a file we need to create a simple plain text file as shown below.
Now in order to encrypt the file, type the following command onto the command prompt.
cmd>pgp +force -ea <file to encrypt> <user id> -o <file path to encrypted output file>
The contents of the encrypted file is a cypher text and is gibberish. It looks as shown below.
Now that we have encrypted the file. We can go to the other machine and see if we can decrypt the file.
For decrypting the file, we need to type the following command on to the command prompt.
cmd>pgp +force <pgp encrypted file> -z <user id> -o <file path to decrypted output file>
The contents of the decrypted file is a plain text as shown below.
To summarize, we learned how to generate a public/private key pair. We also learned on how to extract the public key and then import it on a different machine. And finally we learned how to encrypt and decrypt a file using PGP.
If you want to read more on PGP, you can go to the following web site. This is the International PGP Home page - http://www.pgpi.org/doc
No comments:
Post a Comment