Untitled Document

PGP 101

Getting, installing, and using PGP Freeware

One of the most common reasons heard for not using PGP is the “steep learning curve”. If people believe this, then PGP will be little more than a program that a minority uses. To help those who maybe don’t want to put too much time into learning the ins and outs of the program, maybe this will help. That having been said, let’s proceed.

This report is divided into 3 sections. They are –

The first thing you need to do is go to PGPi for PGP distribution. What we are going after is PGPFreeware 6.5.2 or 6.5.3. This site is full of great information about PGP and how to use it. I highly recommend checking it out. When you get to the site, it should look something like this-

What you need to do is to select the o/s that you use, such as Windows 95/98/NT and click on the link. You will be taken to a site that looks like this-

Choose one of the latest versions of PGP from the list and click on the link. You will be taken here-

Choose 'Download PGP 6.5.3'. This will bring up a screen where you will be asked to choose a mirror site closest to you. Since PGPI is in Norway, none of the sites offered may be particularily nearby, so choose whichever you wish..

Make sure the ‘Save this program to disk’ button is checked. After that, push the ‘OK’ button.

At this point, you should save the file on your computer at a location that you are going to remember. I suggest the Desktop.

After you save the file, it will begin downloading. As it is a rather large file, it will take some time to download. Depending on your speed, it could take as long as an hour to download (on a 28.8 modem).

Once you have downloaded PGP, go to the location where you saved it to and double click it. This will begin the installation process. You should see a screen that looks like this-

This is to let you know that the installation process is beginning. The next screen will look like this-

After you have finished reading, please press the ‘Next’ button. That will bring up the following screen-

At this screen you will be asked to type in your user name and company name (if applicable). After you have finished, please press the ‘Next’ button. The following window will appear-

This window is asking where you would like to install PGP. The default directory is fine, however, if you would like to install it somewhere else, that is fine. After you have selected the directory, please press the ‘Next’ button to bring up the following screen-

At this screen, you will decide what components of PGP you would like to install. Choose the plugin that matches your email program (for example- Outlook, Outlook Express, Eudora, etc.). You can choose the command line version if you like, but this is for expert users only. After you have finished selecting what you want. Press the ‘Next’ button-

This screen is simply confirming all of your choices before the actual installation process begins. After checking that everything is ok, press the ‘Next’ button.

This is the install screen. How fast it goes is dependent on your computer’s speed. However, it should not take more than a couple of minutes. When it is finished, the following window will appear-

At this screen, you will want to select ‘No’. If you are reading this tutorial, then you probably don’t have any keys. That’s ok, because in a few short steps, you will. After you press ‘No’, the following window will appear-

Make sure the ‘Launch PGPkeys’ choice is checked. After that, press the ‘Finish’ button. This will launch the PGPkeys program and the key generation wizard.

Click the ‘Next’ button. Enter your name and email address. This will distinguish your keys as belonging to you. Click ‘Next’. This will bring up the key type window.

This is the key type window. There are two choices. RSA and Diffie Hellman. For this tutorial, please choose RSA. If you would like to know more about the pros and cons of each type, please go to the DH vs. RSA FAQ. After you have chosen RSA, please press the ‘Next’ button. This will bring up the key size window.

This window asks how large you would like to make your key pair. The default is 2048. I would highly discourage using anything less than this. In my opinion, this is the best choice. After you have finished, press the ‘Next’ button.

This screen is asking when you want your keys to expire. The default ‘Key never expires’ is just fine. After you have selected your choice, press the ’Next’ button.

This is the most crucial phase of your key generation. This is the pass phrase section. Notice I said pass PHRASE and not pass WORD. It is paramount that you choose a long phrase of upper and lower letters, numbers and characters. Also, it should be something that you can remember without having to write it down. The weak link in PGP is the pass phrase. It is the easiest to compromise. So choose a phrase that can withstand an attack. After you have typed and retyped your pass phrase for confirmation, please press the ‘Next’ button. If you forget the passphrase, you will NOT be able to use the key to decrypt ANYTHING.

This is the screen that will be shown will your keys are being generated. After it is finished, press the ‘Next’ button.

This screen will ask if you want to send your key to a key server. This is totally up to you. Many people send their keys to a central server to make it easier for others to get it. However, others do not want anybody but those they choose to have their public key. This is up to you. After you decide, press the ‘Next’ button.

You have now finished generating your key pair. Press the ‘Finish’ button. This will bring up the PGP Keys window. You should be able to see your key in the window. Success!!

There are basically two reasons to use PGP. The first is to send emails that no one except those that you allow will be able to read. The second is to be able to publish content (or emails) and sign it. This makes it very difficult for someone to pretend to be you.

Now, let’s get to using PGP. You can encrypt text, files, and emails with PGP. We will begin with sending someone your public key and importing someone else’s public key.

There is an invaluable tool that you must become acquainted with. In your system tray (in Win9x systems, this is where your clock is) you should see a little icon that looks like this-

This is the PGP Tray icon. It contains every tool you need to operate PGP on your system. You can right or left click once on this icon. When you do, you should see a menu that has the following options in it (from the top)- Exit, Help, Options, PGP Keys, PGP Tools, Current Window, and Clipboard. The Current window and Clipboard options have submenus that can be reached by moving the mouse toward them.

There are many ways to export your public key to someone. They will need this key to send encrypted emails to you. The first is to use your email client’s attachment feature. Right click on your key and select copy. After that, you can paste it into your email message. You can freely distribute it to anyone you want to without fear. Another way to use PGP Keys is to select your key in the bottom part of the PGP Keys window. Then, under the ‘Keys’ tab, select ‘Export’. It will save the file as an asc file. Name it whatever you wish, something like Joe.asc. You can then attach this file in your email client and send it.

When you receive an attached public key that someone has sent you, first save the attachment onto your hard drive. Then open PGP Keys. On the Keys tab, select ‘Import’. You will be asked to navigate to where you saved the attached key, so remember where you put it. After you select the key, you should see a window that looks similar to this one-

Press the ‘Import’ button. After that, the key will be imported. Now you can send encrypted emails to your friend.

Another way to import a key is from the raw text. Often people will post their PGP key on their web sites. It will look like this-

mQGiBDieLJsRBAD5m4IxubXN9U7+oNMoT9faBllnQDbTS8trk0G64WNRSSv1qakE cd+PCjRmarlRavwCC7pNU5HUD9X/DYs7NZqmYMGw3Lr7a2LLnNL/swd6lQR4rh2z gCiYL7dy3hpOKYXu3tdO9Bf1ZPgU8xH2p1DV4qEQBDdNtM4k1aTXsVbLfQCg/8TL n13NdHysk4ju3x/lKsQ5lLsD/1TO7VPZSm/8Evta/tea59ZQ4EMLIj7Vg+XLfTWZ ltEl/Hd48R4xCfzOJAzj2YI2VMRyWcLgeWAzwJD32j6A3sjC8W8LH+lgBFqOIWQI kklmCYqH/38LOiXCouVyF40P2qhe7m5Givw/svWZRQNQyN3+E8nbMQw+/SXAQXA5 D1p8A/428jz8uuKLNdx84OnJbnQ/Iw8pzILdVZVArFFYXFYABKWH0lGUV9eBtjgv 4rOkm3ihxJ7p/VSdlWdbogUFW7Xa3hBIRJ6PlZQ7SC63NHzIGceLePk1RxdIQe3B XLO+CCxCRNSvbVsCPpATTIDU+Q7nf6n6CSPSQLmWaGLebO+6xbQbQWRtaW4gPGFk bWluQHNlY3VyZW55bS5uZXQ+iQBXBBARAgAXBQI4niybDQsDAgEAAAAAAAAAAAAC GQEACgkQFo04pHyrZbKMLQCg1UB2gRe4+vFkXJVZqP2dPViBGCwAn0+IUahvgtth XSZscpqlC/O2glw/uQINBDieLJsQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFu uUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89 PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa 8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6 ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICCAC4+IQ6 GTi8ItmQtMV9874OGBjzzd5v0SqB6IGhd5mQxCdWcXAuVc9wFF+aqwvMp2m0hIut /U6HQB6I4nqPeyVXuGcy/X4iPgwmdpjro2GImjeNwMF3l9/33TP0hSy3ms+D5Tdr 9d3SlEdRUFjR4SuK99pR9MfAzlrKB+CzOd666U+oxcg2GknoEUbZM6/w04mRnnhP +L9kTP7W27NePEmJArQV5XuaoQoeBaQe5JWUdZJHUW4s/PobIWAYMpbx01PZdAcV xIUR68WubRnTRAPz34+7gd1FfRpZC7uGMa42yJrq9igEZLTfo/ugk3Vk3MsBfDdM Md9ZOtJOGoUgfHDdiQBGBBgRAgAGBQI4niybAAoJEBaNOKR8q2WyzXUAoKQPsGdK qM/VwzfoYd/Iy550pfc7AKD+nIN4X2Fz7meozAIR1yQkHqyrKg== =bjww

All you need to do is highlight the entire thing (everything in blue), not just the gobblygook in the middle, right click and select copy. The headers at the top and bottom are crucial. After you highlight the section, paste it to a text file using Notepad. Notepad can be found by going to the Start button, Programs, Accessories, Notepad. Right click in the Notepad window and select paste. The above text should appear in the window. After that, save the file as key. Then import as shown above.

Open up your email client and type your message. After you have typed the message, click on the PGP Tray icon and go to Current Window. In the Current Window submenu, select ‘Encrypt and Sign’. The following window will appear-

You will need to drag your friend’s key to the bottom ‘Recipients’ window. After that, select ‘OK’. You will be asked to type in your pass phrase and then PGP will encrypt the message. After that, send your email to your friend. The encrypted text should look like this-

hQEMA6lx0LtyBC/TAQgArLGsN7eUnP95mcZXwN6fkpVyYswb8WHcYgfHtmT9qcRN
kcRFPzV4v5oUt/7VATt+0DbPIPMulFIijst0Fcvqw+WONovxAVtFW0XEg0/ZnhxA
kcG3DsTHtwh8pJsRs4kRRqQyDjLCed0xwMh/s0UlK73J15P8Uwar7yosWAUcP/CE
TI2pNihUsU+CiOkFEQNphABpMjfW7j9I0EBoSMg1CLeO5utFloxnXZs5Rq9yGng8
i1lGOQbI8uQIkcKmu3Rf1ONXFI+KyXd8ilxS5HOC+dI2wXuG+C5Xfwc1ngSS3L01
34Y2zFBFuMQZKJLFG1Kc5kVsno3FgDH6BtAqFeJLQ6UBSkYJDqcCpt81sy9c/eA/
3hzPw7sxYow4Wlz1C4VIjqaTpKdnHTn9D4A3F9cV511/rq7DeVi2iPynWvJUMHRO
UcFbZdrcNcNYDbbqOEw+1MoEicA/buatII6VxgY/C9b37O4rXXUPy6ZApvUodwco
F4zvWndvm9n5dScFvU3hM4KyoI5PBnXN1z6s93k7vrBcNpB52Llo/V6L/AL9SrTS
HYK9nZ8raqdz4tuh3sCPAR0/VsiqtzJN9Xavi8pd7EjItQkVeuz+W+R3W1vngRUv
eHhNX3+CjmrLuJNOYuxrxqBHJux7YfbKRtkdB4Csm9e6rA202El2RCXNcJFsj8sa
9wc74gPvGLmYnMCLYRlEPjia4+dzAlk2R9QSECHUHJqcylL7iJBbYLlqBf1ul1+P
E7npEiObDM+5kh0WkrghSw5ZuJGFaFNygJ7/tw==
=nnO5
-----END PGP MESSAGE-----

You have received a PGP encrypted email from your friend. In your email client, make sure that the window that the encrypted text is in is the selected window. After that, click on the PGP Tray icon. Select the ‘Current Window’ option and in the submenu, select ‘Decrypt and Verify’. This will open up a window requesting your pass phrase. After you type in your pass phrase, the message will be decrypted.

You can also use the plugin for your mail client, if you installed it. Plugins are available for Outlook Express and Eudora Pro at this time.

For further info on PGP, check out http://www.pgpi.com and http://www.tom.mccune.net/PGP.htm. Both have a great deal of info on PGP. Also, read the PGP Documentation which you can also download from the PGPi pages. It contains a great deal of information about the actual usage of PGP.