Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.

For the best experience please use the latest Chrome, Safari or Firefox browser.

Whys and Hows of 
Encryption Using PGP / GPG
Tony Bemus
June 10, 2014
Why Encryption
If I'm not doing anything wrong,
 then what do I have to hide?

  • Credit Card Numbers
  • Social Security Numbers
  • Business Plans
  • Whistle Blower
  • Confirmation of Identity 
Initially published by Phil Zimmermann in 1991
in response to U.S. Senate Bill 266 which was designed to force
manufacturers of secure communications to provide a "back-door"
by which the U.S. government would be able to read those communications.
The Bill was ultimately defeated, but PGP was born.

Out of concern for the commercialisation of the program and the legal
encumbrance of the IDEA and RSA algorithms, a group of open-source
programmers related to the GNU project wrote GnuPG, a free software
(GPL'd) version conforming to the OpenPGP standards.

GnuPG was initially developed by Werner Koch, 1999
Hows of PGP / GPG
  • Using Key Pair,  Public and Private
  • Both symmetric and asymmetric encryption methods
The email message is encrypted using a symmetric algorithm with a key
size of, say, 128 bits. That key is then encrypted asymmetrically using the
recipient's public key with, say 2048 bits, and the entire message
(symmetrically  encrypted body and asymmetrically encrypted key)
 is sent together to the recipient

  • Public Keys are distributed on key servers
  • GUI programs are available
  • Cross Platform (Mac, PC, Linux, BSD)
GPG setup and maintenance on linux
There are some GUI or point and click programs

These programs will allow you to create, export,
update, sign, send and sync with the servers

In Linux Mint there are three servers configured
by default: Ubuntu, SKS, and

Seahorse is for GNOME
Seahorse is a GNOME application for managing
encryption keys

* install on a Debian based system
sudo apt-get install seahorse
KGPG is for KDE
KGPG is a simple, free, open source
KDE frontend for gpg.

* install on a Debian based system
sudo apt-get install kgpg
gpg-tools is for the CLI
if you would rather use the command line 
here is the process Using GnuPG to generate a key
gpg –gen-key
The prompts are fairly self explanatory, it will ask what kind of key
(first one is a good option),  Enter your name, email, and comment like a
nick name. It will also ask for a pass phrase, Don’t forget it.
 add this line to your ~/.bashrc
export GPGKEY=[key-id]
to find your key-id use the numbers after 2048R/
gpg –list-keys
pub 2048R/DB47TTEE 2013-09-24 uid Anthony Bemus (Tony the Gray)
My Key ID is:  DB47TTEE
CLI cont...
Send your key to the server. 
CLI cont...
*In this case its the Ubuntu server
gpg –send-keys –keyserver $GPGKEY

Backup your keys:
CLI cont...
Public Key
gpg -ao file-public.key –export $GPGKEY
Secret Key
gpg -ao file-secret.key
      –export-secret-keys $GPGKEY

* Keep this one safe
CLI cont...
Restore your key
gpg –import file-public.key
gpg –import file-secret.key
Privacy through Encryption
Ecrypting in the CLI using your gpg key
gpg -e big.txt
gpg -d big.txt.gpg
Decrypting in the CLI
gpg -c big.txt
Ecrypting in the CLI using a password
* not using your gpg key
** only you can decrypt the file
Ensure authenticity
Sign the file people can verify it is from you
Sign and encrypt the file for a user (mat)
gpg -s filename.txt
gpg -es -r mat filename.txt
Getting you key signed
The whole point of all this is to create a web of trust. 
Sign keys of people that you can verify their identity:
1) Keysigning Partys
2) People you already know
1) Locate someone that lives near you and can meet with you to verify your ID. 

2) Arrange for a meeting. Bring at least one ID with photo and printed fingerprint
     of your OpenPGP key, ask the same from the person you will be meeting with.
3) Print copies of your public key
        1) get the last eight digits of your fingerprint:
                    0995 ECD6 3843 CBB3 C050 28CA E103 6EED 0123 4567
         2) terminal:
gpg --fingerprint $GPGKEY >> key.txt

4) print the resulting key.txt file and bring as many copies to the meeting
          as you expect to have people sign

5) Meet, verify your IDs and exchange OpenPGP key fingerprints

6) Sign the key of the person you've just met. Send him/her the key you've just signed.

7) Update your keys on the keyserver, the signature you've just created will
       be uploaded.

Key Signing Partys
Finger Print C447 A702 1EDD 6738 068A 29B1 886C C3F6 DB47 1CEE
Sign my key:

People You know
Tony Bemus (me)
Configure Email clients
Claws Mail
Web mail
Using GPG for secure communication 
1) Open Evolution and go to Edit->Preferences.

2) Choose your email account, click on it, and then click Edit.

3) Click on the security tab.

4) In the PGP/GPG Key ID: box, paste your KEY-ID.

Evolution has built-in support for OpenPGP. 
Look under the Security tab when you edit accounts.
email ...
1) Start up KMail
2) Go to the Settings menu
3) Select the Security icon on the left hand side
4) Select the Crypto Backends tab
5) Make sure OpenPGP (gpg) is in the list, and check the box next to it.
6) Select the Identities Icon on the left hand side
7) If you haven't already created an identity for yourself, create one now.
8) Select your identity and click the Modify... button
9) Select the Cryptography tab
10) Click on Change... next to OpenPGP signing key
          and select your preferred key from the list.
11) Repeat for OpenPGP encryption key if you want to encrypt messages
12) Make sure the Preferred crypto message format is either Any or OpenPGP/MIME.
         The inline format is deprecated, and highly annoying to users of mail client
         software that doesn't support this standard. This is the "old" way of doing things,
         and the OpenPGP/MIME format is the preferred method.
13) Click OK in the edit identity window and in the preferences window. 

email ...
1) claws-mail-pgpinline is available in the "Universe" repository.

2) sudo apt-get install claws-mail-pgpinline

3) The plugin may have to be loaded manually after installing it.
                    Open Claws Mail and select Configuration -> Plugins

            1) If PGP/Core and PGP/inline are in the Plugins dialogue box,
                    the plugins are loaded correctly.

            2) Otherwise, click on the Load Plugin button towards the bottom of the window.
                    In the file selection dialogue, select and click the Open button.

4) When Claws Mail tries to open encrypted e-mail, the program will prompt
     for your key's passphrase and then show the e-mail with the decrypted message.

Claws Mail supports OpenPGP through the plugin

Claws Mail
email ...
1) Thunderbird supports OpenPGP through the enigmail plugin.

2) Enigmail is available in the "Main" repository.

sudo apt-get install enigmail

4) Configure OpenPGP support in Thunderbird under
       Enigmail->Preferences and add under GnuPG executable path.
       The path for GnuPG is /usr/bin/gpg.

email ...
1) Create a ~/.mutt directory and copy this file into it:

2) Append this line to the muttrc configuration file.
source ~/.mutt/gpg.rc # Use GPG

4) If you're using Mutt 1.5.13, you'll need to fix the paths to pgpewrap
email ...
1) It's All Text! is a Firefox extension which allows you to edit
     your mail in your preferred local text editor.

2) If your editor supports it, this can make handling of encrypted mail easier.

3) For example, you could use gnupg.vim and a local Vim instance.

Web mail
Mymail-Crypt for Gmail™
It's All Text!
email ...
1) Mymail-Crypt for Gmail™ is a chrome extension that adds
     encrypt, sign, and decrypt buttons to gmail

Ubuntu GnuPrivacyGuardHowto
How to Encrypt Files on Linux Using GPG, Ccrypt, Bcrypt and 7-Zip
GPG with KDE and Kmail
Introduction to PGP encryption
GNU Privacy Guard
Contact Me:
Tony Bemus (Tony the Gray)
On the Bemus Hosting website

This Presentation
Finger Print C447 A702 1EDD 6738 068A 29B1 886C C3F6 DB47 1CEE
impress.js presentation created at

Use a spacebar or arrow keys to navigate