Encryption using

OpenPGP
Danish Khan

Feb 2020
Encryption using OpenPGP

Table of Contents

OBJECTIVES .......................................................................................................................................................... 2
BACKGROUND...................................................................................................................................................... 2
PREREQUISITES .................................................................................................................................................... 2
REQUIRED RESOURCES ......................................................................................................................................... 2

GENERATING A PAIR OF KEYS ............................................................................................................................... 2

MAKING PUBLIC KEY AVAILABLE .......................................................................................................................... 4
IMPORT A RECEIVER’S PUBLIC KEY ....................................................................................................................... 6
VERIFY RECEIVER’S PUBLIC KEY ............................................................................................................................ 6
ENCRYPTION ........................................................................................................................................................ 6
DECRYPTION ........................................................................................................................................................ 7

REFLECTION ......................................................................................................................................................... 8
BIBLIOGRAPHY ..................................................................................................................................................... 9

Page 1 of 9
Encryption using OpenPGP

Encryption using OpenPGP

Approximate time to finish: 90 min

Objectives
Using OpenPGP to encrypt data

Background
GPG, or GNU Privacy Guard is a free implementation of OpenPGP standard as defined by
RFC4880. OpenPGP was originally derived from PGP software created by Phil Zimmermann.
OpenPGP is mainly used to provide end-to-end email encryption using public key cryptography
however it is also being used to encrypt data and symmetric keys. OpenPGP was standardized
in 1997 and has become the standard for almost all of the world’s encrypted email and the
implementation of OpenPGP is free and no license is required. At the time of writing this book,
none of the intelligence organizations are able to break it.

This lab is done in a group (two members per group). Each member will generate a pair of keys
(private and public). The keys will be signed and the public key can be shared with the other
members of the group either via email, upload in a public key server, in a cloud, in a usb, etc.

Prerequisites
• I would expect readers to know basic Linux, understanding of how public key cryptography
and digital signature works.

Required resources
• Linux OS (Debian-based OS). This lab is written using Kali Linux.
• Linux virtual machine or an installed Linux on a host machine

Generating a pair of keys

1. First check if you have gpg installed in Kali Linux; type gpg and you will see gpg prompt.
If it is not installed then type sudo apt-get install gnupg.
2. Generate a key using the following command:

Page 2 of 9
Encryption using OpenPGP

gpg --gen-key

Write your details such as real name and email address and press O to confirm.

3. Type passphrase. I would recommend using a strong passphrase. However, for the
simplicity reason I am using hello class. I will get the warning message that the
passphrase is not safe enough. Confirm the message.
4. The output of the key generation will look similar to the Figure 1

Figure 1 Out of public and private keys

The pair of keys will be generated using random numbers. The random numbers will be
generated based on the activity you do on the computer such as using a keyboard/ mouse,
install/uninstall some software, creating telnet sessions, etc. The more active you make your
system, the faster your keys will be generated.

One of the difficulties generating random numbers is to generate a high-quality random number.
The pseudo random number generator in Linux generates high quality random numbers by use
of hardware interrupts such as keyboard and mouse usage, disk/network usage, etc. In
situations where system is idle or not enough interrupts are generated, there is a possibility that
random numbers may not be truly random, and some patterns may exist. In such circumstances
additional entropy can be achieved by installing external packages such as haveged which
generates entropy to generate pair of keys.

Page 3 of 9
Encryption using OpenPGP

Making public key available

In order for the sender to encrypt and send data to the receiver, the receiver needs to make the
public key available for the sender. Similarly, in order to decrypt the data at the receiving end,
the receiver will use private key to decrypt the data. In other words, each party (sender and
receiver) both generates public and private keys and share public keys to each other.

Before sharing keys, it is a good practise that the sender and the receiver sign their public keys
so that both sender and receiver can trust the sender who s/he claims to be. The key can be
signed using the following command:

gpg --sign-key <your email address>

Replace <your email address> with the email address you have given at the time of
generating a pair of keys. The keys may already be signed at the time of generating a pair of
keys. The output of the command is shown in Figure 2

Figure 2 Output of a signed key

5. Export your public key so that you can share with the other member. Type the following
command.

gpg --armor --export <your_email_address> > pub_key.txt

--armor is used to get the output in ASCII format.

--export is used to export your public key

<your_email_address> Replace <your email address> with the email address you have
given at the time of generating a pair of keys.

Page 4 of 9
Encryption using OpenPGP

> is a redirection output, saving output in a pub_key.txt file which is saved in the current
location where you executed gpg command.

The output of pub_key.txt is shown in Figure 3.

Figure 3 Output of sender's public key

You can share this file with other members in the group.

Page 5 of 9
Encryption using OpenPGP

Import a receiver’s public key

In order to send encrypted data to other users (receiver), the sender should have receiver’s public
key. As discussed before that sender and receiver each generates pair of keys and share public
keys so that each can communicate in an encrypted manner. Once the public key is received and
saved in a media (for example hard drive), use the following command to import key from the
media to the GPG system:

gpg --import <absolute path of a public key>

replace <absolute path of a public key> with the absolute path of a public key.

Verify receiver’s public key

You can verify receiver’s public key by using the following commands

gpg --list-keys

You should able to see receiver’s public key which you imported previously.

Encryption
6. Create a bogus data using an editor. Make sure you know where you are saving a file.
7. Use the following command to encrypt the file.

gpg --encrypt --sign --armor -r <receiver’s public key email

address> <bogus data filename with extension>

-- sign switch will be signed sender’s message with sender’s private key so that it confirms
that the file is coming from the sender. The receiver should have sender’s public key in order to
verify the signature

-r Encrypt for user id name

--armor switch converts binary to ASCII format so that the output of the encrypted file can be
pasted in emails as oppose to conventional way of attaching with the email. The file extension will
change into .asc. If armor switch is not used, the format of the file will be in binary format with
Page 6 of 9
Encryption using OpenPGP

the extension .gpg. For example, the message “This is a secret message” is written in the file.
The output of the encrypted file with an extension .asc looks like:

<receiver’s public key email address> receiver’s public key email address. You can
also find the email address using gen --list-keys command.

<bogus data filename with extension> bogus data filename with an absolute path.

If the above command is correct, then you need to input passphrase which you have setup at the
start of the lab. The passphrase is hello class. See Figure 4. Remember this passphrase is
not shared between members. This is only used to make sure that an authorized user is using
the gpg system in your machine.

Figure 4 Passphrase

8. You should able to see the file extension with .asc. The file is saved in the current location
where you executed a gpg command. You can attach the file and send it to the receiver.
Alternatively, you can copy and paste the output of file using cat command. Make sure
you copy only the entire file; not any extra whitespace.

Decryption
The receiver will use its own private key to decrypt the file. The following command is used to
decrypt the file.

gpg <absolute filename with an extension.asc>

The filename with a .txt will be created since the original file was sent earlier in .txt format.

Page 7 of 9
Encryption using OpenPGP

Extracting private key to work on a different machine

How to carry private key if you move around different machines. In this case, you need to export
a private key and then import into another machine. The following commands are need for this
job.

1. First list the private key.

gpg --list-secret-keys

2. Export the private key

gpg --export-secret-keys --armor -r <email address associated

with a private key> > my_private_key.asc

3. Copy the private key into a USB or external storage. You must not send this key or store
in a cloud.
4. Import the key into gpg.

gpg --import <absolute path of my_private_key.asc>

Page 8 of 9
Encryption using OpenPGP

Reflection
1. Discuss which format is better to send an encrypted file (ASCII or binary)?

as ASCII a biniary to printable text , they can be easy sent in a standard message
forma b email or other network while its a bit difficult to do transmiision with binary
, so ASCII the better way

2. Download a video or use a file size of approximately 1GiB, encrypt using PGP. Time the
encryption command using the command time to check how long does it take to encrypt
and decrypt the file.

> 24 min for 945 MB

Bibliography
There are no sources in the current document.

End of document

Page 9 of 9