/opt/local/bin
To check which PGP version is the default one for you on our Unix system, log into tanner
and type in the shell command
which pgpIf the result is different from the one above (/opt/local/bin/pgp), please use the entire command path
/opt/local/bin/pgpinstead of pgp, or modify your ~/.profile to match the version from directory /opt/local/bin.
pgp -h
mkdir ~/.pgpNote that, if the directory .pgp does not exist in your home directory, PGP will abort execution. Check that the directory has been successfully created by typing in
ls -aThe option -a stands for "all", so that all files (including the hidden files) get listed. Your directory .pgp should appear in the list.
pgp -kgPGP will display a menu of recommended key sizes (low commercial grade, high commercial grade, or "military" grade) and prompt you for what size key you want, up to over a thousand bits. The bigger the key, the more security you get, but you pay a price in speed.
It also asks for a user ID, which means your name. It is a good idea to use your full
name as your user ID, because then there is less risk of other people using the
wrong public key to encrypt messages to you. It would also help if you put your email
address in The public/secret key pair is derived from large truly random numbers derived
mainly from measuring the intervals between your keystrokes with a fast timer.
PGP will ask you to enter some random text to help it accumulate some random
bits for the keys. When asked, you should provide some keystrokes that are
reasonably random in their timing, and it wouldn't hurt to make the actual
characters that you type irregular in content as well.
It may take a few seconds for your keys to be generated. The generated key pair
will be placed on your public (pubring.pgp) and secret
(secring.pgp) rings that have been created in your .pgp directory.
Check the contents of your .pgp directory:
This command creates a signed message answer.asc comprised of the original text
and your digital signature, ready to send through an email system.
Your secret key to create the signature is automatically looked up in
your secret key ring via yourid. You will be
asked for your pass phrase to unlock your private key - this is the same
as the passcode you used to generate your keys.
This step is used to AUTHENTICATE you as the writer of the message, and to
guarantee INTEGRITY of your message (it does not provide PRIVACY).
To verify the authenticity of your message, the recepient will need a
copy of your public key, so let's append one to your message.
This command copies the key specified by yourid from your public ring
to the specified keyname (pick any name you wish) file.
This is particularly useful if you want to give a copy of your public key to someone else (as we do here).
Your public key will be extracted in the file keyname.asc.
Append (copy and paste) this key at the end of your signed report (answer.asc).
The result is answer.asc (encrypted signed answer, overwrites the signed answer). Check out the contents of this file:
To verify the correctness of your work, the instructor will decrypt
your message with her secret key, extract your public key from the message, and check
your signature using your public key.
Mirela Damian <mdamian@xyzuniv.edu>
PGP also asks for a "pass phrase" to protect your secret key in case it falls into
the wrong hands. Nobody can use your secret key file without this pass phrase.
The pass phrase is like a password, except that it can be a whole phrase or
sentence with many words, spaces, punctuation, or anything else you want in it.
Don't lose this pass phrase! You will need it later every time you use your secret key.
The pass phrase is case-sensitive, and should not be too short or easy to guess.
It is never displayed on the screen. Don't leave it written down anywhere where
someone else can see it, and don't store it on your computer. If you don't want
a pass phrase (BAD idea), just hit Enter at the pass phrase prompt.
ls ~/.pgp
You should see the two key rings and the random seed used in generating the keys.
To view the contents of a ring (pubring.pgp, for instance)
type in
pgp -kv yourid ~/.pgp/pubring
Here yourid is the user identifier (or part of the user
identifier) you used when creating your keys.
Make sure you remember both this identifier and the pass phrase associated
with your keys. Alternately, you could simply try
pgp -kv
This command displays all public keys available to you.
pgp -ka damian.asc
PGP will complain the key has not been certified (digitally signed
by a Certification Authority), and it will give you a chance to certify it yourself.
You will need your pass phrase for this.
Go ahead and answer yes to all the questions that follow.
pgp -kr userid
Here userid is the user ID associated with the key you wish to remove (you can find
it out by displaying the key info with pgp -kv).
pgp question.asc -o question
Recall that the signature is a digest (hash) of the message, encrypted with the
sender's private key. PGP verifies it by decrypting it with the
sender's public key, and recomputing the message digest. If the two match,
the signature must be valid.
pgp -sta answer -u yourid
Note the use of the following options: -s to sign the file;
-t to have the output include the original text in
readable (unencrypted) format;
and -a to create an output answer file.
pgp -kxa yourid keyname ~/.pgp/pubring
pgp -ea answer.asc mdamian
less answer.asc
You should see something similar to
-----BEGIN PGP MESSAGE-----
Version: 2.6.2
hEwDgjoe5kMia9kBAf9luAct/8aIaajRlW1BbRcQaVx/pHpwCRAu85oRwd3/uUkp
gZRkhkDxT0Lzf4tOmpH8paD2EDydf2ENKACLe7Y+pgAAAN9leiLoR0j+mUx/OCx1
EGu0tMqQMfNvHvhA4I0dgupVLYjaMOocXqwu5w96z0sGI2jz29mzdzOa56XR2ve7
MCOyhCJ66dHUJmZAt3m6d9BOe9hlTQmWdOL/bNEW5VKmsRorpvP3VGXx1RS8CSLF
Vd34BX9ubJghhJt7X7q+ZzqkRoNKwiOcadJsfFJFCqfEXA5w7TtZ3E0nzkQarlC3
GYhuSRb1zi4hvw6KL97in+GbA9pNXBJRN5fBiVi4QTWH441mhOdH/rwEndMf6DnK
K1ktRPWaiQ5yZmtg8l5Jx6Qo
=uLj2
-----END PGP MESSAGE-----
Notice that the message is unreadable; only the instructor
will be able to decrypt your message using her secret key.