Lab 6 - Encryption Using OpenPGP Completed
Lab 6 - Encryption Using OpenPGP Completed
OpenPGP
Danish Khan
Feb 2020
Encryption using OpenPGP
Table of Contents
OBJECTIVES .......................................................................................................................................................... 2
BACKGROUND...................................................................................................................................................... 2
PREREQUISITES .................................................................................................................................................... 2
REQUIRED RESOURCES ......................................................................................................................................... 2
REFLECTION ......................................................................................................................................................... 8
BIBLIOGRAPHY ..................................................................................................................................................... 9
Page 1 of 9
Encryption using OpenPGP
Objectives
Using OpenPGP to encrypt data
Background
GPG, or GNU Privacy Guard is a free implementation of OpenPGP standard as defined by
RFC4880. OpenPGP was originally derived from PGP software created by Phil Zimmermann.
OpenPGP is mainly used to provide end-to-end email encryption using public key cryptography
however it is also being used to encrypt data and symmetric keys. OpenPGP was standardized
in 1997 and has become the standard for almost all of the world’s encrypted email and the
implementation of OpenPGP is free and no license is required. At the time of writing this book,
none of the intelligence organizations are able to break it.
This lab is done in a group (two members per group). Each member will generate a pair of keys
(private and public). The keys will be signed and the public key can be shared with the other
members of the group either via email, upload in a public key server, in a cloud, in a usb, etc.
Prerequisites
• I would expect readers to know basic Linux, understanding of how public key cryptography
and digital signature works.
Required resources
• Linux OS (Debian-based OS). This lab is written using Kali Linux.
• Linux virtual machine or an installed Linux on a host machine
Page 2 of 9
Encryption using OpenPGP
gpg --gen-key
Write your details such as real name and email address and press O to confirm.
3. Type passphrase. I would recommend using a strong passphrase. However, for the
simplicity reason I am using hello class. I will get the warning message that the
passphrase is not safe enough. Confirm the message.
4. The output of the key generation will look similar to the Figure 1
The pair of keys will be generated using random numbers. The random numbers will be
generated based on the activity you do on the computer such as using a keyboard/ mouse,
install/uninstall some software, creating telnet sessions, etc. The more active you make your
system, the faster your keys will be generated.
One of the difficulties generating random numbers is to generate a high-quality random number.
The pseudo random number generator in Linux generates high quality random numbers by use
of hardware interrupts such as keyboard and mouse usage, disk/network usage, etc. In
situations where system is idle or not enough interrupts are generated, there is a possibility that
random numbers may not be truly random, and some patterns may exist. In such circumstances
additional entropy can be achieved by installing external packages such as haveged which
generates entropy to generate pair of keys.
Page 3 of 9
Encryption using OpenPGP
Before sharing keys, it is a good practise that the sender and the receiver sign their public keys
so that both sender and receiver can trust the sender who s/he claims to be. The key can be
signed using the following command:
Replace <your email address> with the email address you have given at the time of
generating a pair of keys. The keys may already be signed at the time of generating a pair of
keys. The output of the command is shown in Figure 2
5. Export your public key so that you can share with the other member. Type the following
command.
<your_email_address> Replace <your email address> with the email address you have
given at the time of generating a pair of keys.
Page 4 of 9
Encryption using OpenPGP
> is a redirection output, saving output in a pub_key.txt file which is saved in the current
location where you executed gpg command.
You can share this file with other members in the group.
Page 5 of 9
Encryption using OpenPGP
replace <absolute path of a public key> with the absolute path of a public key.
gpg --list-keys
You should able to see receiver’s public key which you imported previously.
Encryption
6. Create a bogus data using an editor. Make sure you know where you are saving a file.
7. Use the following command to encrypt the file.
-- sign switch will be signed sender’s message with sender’s private key so that it confirms
that the file is coming from the sender. The receiver should have sender’s public key in order to
verify the signature
--armor switch converts binary to ASCII format so that the output of the encrypted file can be
pasted in emails as oppose to conventional way of attaching with the email. The file extension will
change into .asc. If armor switch is not used, the format of the file will be in binary format with
Page 6 of 9
Encryption using OpenPGP
the extension .gpg. For example, the message “This is a secret message” is written in the file.
The output of the encrypted file with an extension .asc looks like:
<receiver’s public key email address> receiver’s public key email address. You can
also find the email address using gen --list-keys command.
<bogus data filename with extension> bogus data filename with an absolute path.
If the above command is correct, then you need to input passphrase which you have setup at the
start of the lab. The passphrase is hello class. See Figure 4. Remember this passphrase is
not shared between members. This is only used to make sure that an authorized user is using
the gpg system in your machine.
Figure 4 Passphrase
8. You should able to see the file extension with .asc. The file is saved in the current location
where you executed a gpg command. You can attach the file and send it to the receiver.
Alternatively, you can copy and paste the output of file using cat command. Make sure
you copy only the entire file; not any extra whitespace.
Decryption
The receiver will use its own private key to decrypt the file. The following command is used to
decrypt the file.
The filename with a .txt will be created since the original file was sent earlier in .txt format.
Page 7 of 9
Encryption using OpenPGP
gpg --list-secret-keys
3. Copy the private key into a USB or external storage. You must not send this key or store
in a cloud.
4. Import the key into gpg.
Page 8 of 9
Encryption using OpenPGP
Reflection
1. Discuss which format is better to send an encrypted file (ASCII or binary)?
as ASCII a biniary to printable text , they can be easy sent in a standard message
forma b email or other network while its a bit difficult to do transmiision with binary
, so ASCII the better way
2. Download a video or use a file size of approximately 1GiB, encrypt using PGP. Time the
encryption command using the command time to check how long does it take to encrypt
and decrypt the file.
Bibliography
There are no sources in the current document.
End of document
Page 9 of 9