Cover V06, I08
Article
Sidebar 1
Sidebar 2
Table 1

aug97.tar


PGP: A Simple Usage Guide

David Endler

The freeware program PGP (Pretty Good Privacy) has become the standard for encrypting Internet email and verifying the authenticity of the email's author. Use of PGP has been prompted by the growing concern for privacy in the very non-private realm of the Internet. The article, "PGP: A Simple Guide to Pretty Good Privacy Setup," in the July issue of Sys Admin stepped through the basic configuration of PGP. This article concludes the two-part series by exploring PGP's use as an encryption and document-signing tool. Several useful PGP commands are shown in the accompanying sidebar.

Encrypting a File

After completing the initial setup discussed in the previous article, you are ready to encrypt a file. Once you have added a person's public key to your public key ring, you can encrypt a message to them using that key. The syntax is pgp -e filename. We will add the -a and -t options, respectively, meaning that we want ASCII output and that we are dealing with a plaintext input file that should be converted accordingly. For example, see the following file called file.text:

Hi there,
This is Dave sending you some email just so we can
test out one of the wonderful uses of PGP.

-dave

For the ease of example, I will encrypt the file to myself since (a) I have the public key, and (b) I can illustrate decryption later using the same message. I type:

% pgp -eta file.text

Recipients' public key(s) will be used to encrypt.
A user ID is required to select the recipient's public key.
Enter the recipient's user ID: endler

Key for user ID: David Endler <endler@eecs.tulane.edu>
1024-bit key, Key ID C778F0ED, created 1997/03/05
..
Transport armor file: file.text.asc

"Armor" refers to the ASCII format of the new message, such that it can safely travel through any email system and still remain a stream of printable characters.

Since I had the recipient's public key (mine) already in my public key ring, PGP smoothly encrypts the message and saves it with the asc extension, which means it is email-worthy. So, now the encrypted file file.text.asc looks like:

------BEGIN PGP MESSAGE-----
Version: 2.6.2

hIwDIgAJwsd48O0BA/0Z0DDFyU+0zri2vWfesMaP1fNWeHUqrxzhOXfxV0O2T669
l4Yk6xejEBEoatZW/vIGDiFAOCP8RBTpEzscDEs4enSMQ46cdvnEkkt7uWflIVj+
GHRK9OWU2/W63wf0oW9np9TyxzW7N0e0xOoAKHOFSwuUNJu1qpU6U/bJxUfzNKYA
AACKV1P5YPRcHyB4DTs+9tLzrLCGjXLBtBF3bS83/MT18kP3hS3fF4gEsf86VeXS
usc15IBdTp6GdcwytQhNgzFW5v+0dIQG1AfcGeS8i/y3Sjb1xs9YJEVn6Wp6x7yu
S3zHy2F00ZkjpvgptDgiV+B6sY5lZSAjnKHk2L4QfZRb/tXUIRNZ4CzDA5DF
=wCo1
-----END PGP MESSAGE----- 

If the recipient was somewhere on the Internet, we could email the message and she could decrypt the message using her PGP secret key.

As you may have noticed, after PGP has created a message, it places the output between two delimiting boundaries denoted by:

---BEGIN PGP MESSAGE--- Version: x.x and ---END PGP MESSAGE---

These boundaries are used to help PGP determine the nature of a message if no command lines are given to it. Also, UNIX mailers that integrate pgp rely on those headings to determine what to do with a given input file.

Decrypting a File

Assume I just received the above email, encrypted using my public key. I simply run the file through PGP, and it will automatically recognize that the file is encrypted and will prompt me for my passphrase. The command is simply pgp <filename>:

% pgp file.text.asc

File is encrypted.  Secret key is required to read it.
Key for user ID: David Endler <endler@eecs.tulane.edu>
1024-bit key, Key ID C778F0ED, created 1997/03/05

You need a pass phrase to unlock your RSA secret key.
Enter pass phrase: Pass phrase is good.  Just a moment......
Plaintext filename: file.text
Output file 'file.text' already exists.  Overwrite (y/N)? n

Enter new file name: file.text.decrypt
%

Now let's look at the new file and see if the decryption worked:

% cat file.text.decrypt
Hi there,
This is Dave sending you some email just so we can
test out one of the wonderful uses of PGP.

-dave

Those are the basics behind encrypting and decrypting. To encrypt to multiple recipients, you use the syntax:

pgp -eta <filename> user_id1 user_id2 user_id3 . . .  

PGP will create a file that can be read by each recipient using each public key. A minor warning though: A multi-recipient email will display the intended recipients if a user enters successive incorrect passphrases. Each entry will be listed as a User ID (if the entry is supported in your public key ring) or a Key ID (if the entry is not on your ring).

Signing a Message

Signing a key and signing a message are two entirely different things. Unfortunately, they have similar phrasing which often leads to confusion. Signing a key means certifying that you trust the identity of that key, and the people that trust you will take that into account when deciding whether to enter the key into their key rings. Signing a message is intended to authenticate the author's identity in an email message as well as ensure the integrity of a software package (such as PGP itself) against tampering. Imagine a text file called news.text that you want to send to a newsgroup:

To: comp.security.pgp

Hi guys,
I just really wanted to say that PGP is a useful program.

-David Endler

You digitally sign the message by typing:

% pgp -sta news.text

A secret key is required to make a signature.
You specified no user ID to select your secret key,
so the default user ID and key will be the most recently
added key on your secret keyring.

You need a pass phrase to unlock your RSA secret key.
Key for user ID "David Endler <endler@eecs.tulane.edu>"

Enter pass phrase: Pass phrase is good.
Key for user ID: David Endler <endler@eecs.tulane.edu>
1024-bit key, Key ID C778F0ED, created 1997/03/05
Just a moment....
Clear signature file: news.text.asc
%

The -a option can be added to most commands to enable output in printable ASCII format, otherwise you would get a pgp unreadable binary.

Now look at news.text.asc, we see the original message but with a PGP signature at the end:

---BEGIN PGP SIGNED MESSAGE---

To: comp.security.pgp

Hi guys,
I just really wanted to say that PGP is a useful program.

--David Endler


---BEGIN PGP SIGNATURE---
Version: 2.6.2

iQCVAwUBMx/0tCIACcLHePDtAQHcsgQAq0MJhiLtLRvBbW5fzl2vIEmc37I1lvxT
XkPUZzfCRe2N9xFpqedAXppsCOWR2+lHEDZd12tiulcvIvX874TF3pGRDhgxnh00
lugepT8B/iIuzfmnNoti0hXIZMXIzZDWf0h6Cx4gE/LfBuS/y9MabvtiM4SZ7PGr
zN2MOfjmRU0=
=JNy1
---END PGP SIGNATURE----

Upon receipt of this message, anyone can use my public key and the signature on the message to verify my identity. The signature is based on a unique hash function, which takes as input the original message and randomly generated numbers. The public key is used to authenticate that the signature was made from the person's secret key. This is another reason why the security of your secret key is so important.

Observe what happens when PGP processes a signed message:

% pgp news.text.asc

File has signature.  Public key is required to check signature. .
Good signature from user "David Endler <endler@eecs.tulane.edu>".
Signature made 1997/03/05 11:01 GMT

Plaintext filename: news.text
Output file 'news.text' already exists.  Overwrite (y/N)? n

Enter new file name: news.text.2

Notice that PGP was able to determine a "Good signature" showing that (under the assumption that no one else has access to my secret key and passphrase) I was indeed the person who wrote that newsgroup submission. Another term for this is non-repudiation, whereby someone's identity is established beyond a doubt.

The way in which this message was signed is called "clear signing." Clear signing involves keeping the body of the message readable while tacking on a PGP-encoded signature at the end. When pgp is invoked with the options -sta, it automatically assumes you want to clear sign a message.

The other option is to sign the message but have the output appear in PGP format rather than appearing in ASCII. To disable the clearsign option, you can either modify the config.txt file (which I will address later) or disable it on the command line using more arguments:

pgp -sta news.text +clearsig=off

which will produce a file that looks like this:

---BEGIN PGP MESSAGE---
Version: 2.6.2

owHrZJjKzMpoLP9jmhID56HjFR/eMjJ6PmL+p5JmtSgh1Fr0iNM0xw3mHlqZkz9x
F+wuCJjwZ9o2hZI3V5NFC6rCD7SItmV0S//v+7S3j2P+ZYmQezoHBUJ5jVcL5GX8
K9vI6mDCtDtqKRvLyz1LV34TWv7o7lXWqYpWGnzbW6SZTWpqeV9li+koxxl/4t54
bVk0B/PNJHH589vWH/PZtrVyzYoSzrzU8mK9ktSKEgYgCMm3UkjOzy3QK05NLi3K
LKnUK0gv4OXi5fLIVEgvrSzW4eVSgAJPhazS4hKFotTEnJxKhfLEvJLUFIWSfIXi
xEqFkozEEoUA9wCFzGKFRIXS4tS00hyFgqL89KLEXD2QcQoEgK5LYllmioJrXkpO
ahFIAwA=
=pUrL
--END PGP MESSAGE--

This is only useful for storing a signature of a software binary as a kind of checksum to ensure the package was downloaded from a pure source.

To sign a plaintext ASCII file with your secret key, encrypt it with the recipient's public key, then convert it to ASCII, you would type:

% pgp -esta news.text endler

A secret key is required to make a signature.
You specified no user ID to select your secret key,
so the default user ID and key will be the most recently
added key on your secret keyring.

You need a pass phrase to unlock your RSA secret key.
Key for user ID "David Endler <endler@eecs.tulane.edu>"

Enter pass phrase: Pass phrase is good.
Key for user ID: David Endler <endler@eecs.tulane.edu>
1024-bit key, Key ID C778F0ED, created 1997/03/05
Just a moment....

Recipients' public key(s) will be used to encrypt.
Key for user ID: David Endler <endler@eecs.tulane.edu>
1024-bit key, Key ID C778F0ED, created 1997/03/05
..
Transport armor file: news.text.asc

The format is the same as the encrypt command but adds the signature option as well. The file looks like:

% cat news.text.asc
----BEGIN PGP MESSAGE----
Version: 2.6.2

hIwDIgAJwsd48O0BA/46nSWNkqqu9TZyZHA/MnJgdMv5wxKRPY66FYEWS9HQ/XVx
ln6NDQ5xVirfVU2V0totstbRh9jL515XaPrZCTccBK7gWCHCc6QHGv4UjRG29lLw
jRm3Nx8VbaVTWuyPoGR07srERyqTVNjd1ud+HKT0Z7Bqrq8OT/3e5LQJStDJ06YA
AAExGxRCnFCwrFRvi2nz8aPDEFhdDp4q19Q6s4ScVxSLOwEKq/cE9eJkv3AbeQ1A
52+7xCxUCqgVhcUb/AH02BKHKhWBoGCFPBriosyChCiFTB3b1mtSFZ480vA58FDs
y7NOI/YsXZdq3EFA8YwxYOALDPbD/+woJn4D9JlJHdZ+YXMjdv64OGggK7VobBwE
2GMWgVvyF/apRB4NG5OJGkp0SqmymjxMdg09rLvxIITKQ4MKmWpEFN1iOotyzRYI
GgVvNeJ9ghdIE884G7VInMJT5RW/HaKIizHwg0ujWMlD6nkXpOudX6oT5ZarHbTJ
FX69Jy6nGy7G68I4owWapWG6OOhyy1O/7hRTyYhI1vGGsogqJOIOgHPhYXc6kTpW
/nE6d2FLrknqLqfgyIw7PCDmYng=
=vzH6
----END PGP MESSAGE----

And when we run PGP on it, as if we just received it in an email:

% pgp news.text.asc

File is encrypted.  Secret key is required to read it.
Key for user ID: David Endler <endler@eecs.tulane.edu>
1024-bit key, Key ID C778F0ED, created 1997/03/05

You need a pass phrase to unlock your RSA secret key.
Enter pass phrase: Pass phrase is good.  Just a moment......
File has signature.  Public key is required to check signature. .
Good signature from user "David Endler <endler@eecs.tulane.edu>".
Signature made 1997/03/05 11:19 GMT

Plaintext filename: news.text
Output file 'news.text' already exists.  Overwrite (y/N)? N

Enter new file name: news.text.3

% cat news.text.3
To: comp.security.pgp

Hi guys,
I just really wanted to say that PGP is a useful program.

--David Endler
%

So, I have not only provided encryption in the previous message but also verification of my identity in the signature check.

The config.txt File

As you may have noticed, every time you invoke PGP, you see the following "No configuration file found" message along with the credits:

No configuration file found.

Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses.

(c) 1990-1994 Philip Zimmermann, Phil's Pretty Good Software. 11 Oct 94

Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.

Distributed by the Massachusetts Institute of Technology.

Export of this software may be restricted by the U.S. government.

Current time: 1997/03/07 11:29 GMT

I have suppressed the header out of most of the examples for convenience, but long-term use of pgp can make this configuration notice annoying, especially when it beeps on the console. PGP allows you to set certain variable parameters in a file called config.txt that are invoked each time you run PGP. The file is located in your .pgp directory and pgp responds with the "No configuration file found" message if it can not find it.

The clearsign option that we modified above can be set to "off" in the config file. This file lets you define various things without having to type them in on the command line each time. There are many options, most of which are documented in the man pages and the user's guide that comes with pgp. Please read the user's guide for a full listing. Some of the useful attributes you might want to fiddle with are shown in Table 1.

It is also possible to set any of these configuration parameters directly from the PGP command line, by entering the parameter setting with a "+" character. For example, the following two PGP commands produce the same effect:

pgp -e +armor=on file.txt user1
pgp -ea file.txt user1

or

Armor=on

in the config.txt file.

You can assume that any value you do not declare in config.txt takes on the default value listed in Table 1. A sample config.txt file looks like this:

Language = en
Armorlines = 720
Clearsign = off
Textmode = on
Secret Key Security

Perhaps the most important aspect of PGP is keeping your secret key secure. Ideally your public key ring should be stored on a standalone computer that you physically control. If it is a standalone computer where many people have access to it, you should store your secret key on disk.

In a multi-user system such as UNIX, the physical memory of the machine can be examined by anyone with the correct privileges (root, etc.), endangering the privacy of your secret key and passphrase. Shared UNIX systems also possess the threat of someone hacking in and gaining access to your secret key or of a disgruntled administrator trivially making a copy of it. You may wonder why you should go to all the trouble of using PGP for UNIX then? Some UNIX systems are actually standalone workstations, which pose less of a threat, or non-connected mainframe systems. The easiest compromise for UNIX users concerned about the safety of their secret ring is to store only the public key ring on the UNIX side and actually encrypt and sign all messages on another standalone computer. Although this is cumbersome, it decreases the chance someone may sniff out your passphrase or nab your secret key. If someone gets a copy of your secret key, he or she can try to break the passphrase by initiating a CPU-intensive dictionary attack.

Safeguarding your passphrase is just as important as securing your secret key. If someone somehow copies your secret key, you must immediately revoke your public key and create a new public/secret key pair; whereas you may still have time to change your passphrase before a malicious user takes action if you suspect just your passphrase has become known.

Your passphrase is vulnerable to discovery in many ways. Sniffing over a network connection can expose your passphrase just as if someone with the proper privileges is capturing your keyboard input by creating some sort of Trojan horse. Van Eck snooping can pick up electromagnetic radiation from your computer, which can detect keystrokes and monitor changes. And of course, there is always the old "look over someone's shoulder" trick. My point is that you should take great care to protect your passphrase, because it acts as a last line of defense in the event someone obtains your secret key.

Backup Your Keys (Securely)

If your secret key ever gets damaged or erased and you have no other copies, then you are out of luck. A useful method for storing your secret key is to encrypt a copy in ASCII armor format using the conventional encryption option. Conventional encryption uses the IDEA algorithm and requires a key (passphrase) to encrypt. We will use our passphrase for the IDEA key:

% pgp -ca ~/.pgp/secring.pgp

Input file '/home/.pgp/secring.pgp' looks like it may have
been created by PGP.
Is it safe to assume that it was created by PGP (y/N)? y

You need a pass phrase to encrypt the file.
Enter pass phrase:
Enter same pass phrase again: Just a moment...
Transport armor file: /home/.pgp/secring.asc

% cat ~/.pgp/secring.asc
-----BEGIN PGP MESSAGE-----
Version: 2.6.2

pgAAAhQDVzdqrouUF4CExto/W+vKX10FHScTv2FF+bR6l0W5NqMQ7jKtU3/S1G4y
pOw9upNbmQDNgT9XvOVp65gnir+qdvE0J4s1GaGdRhOXFuYMtfvSzCe4Eqc4fOeh
xu7icoPc/ptJDjD1HFfrOD11QwOzWzkMYipxLuT0XlKscHW5xsNFVkUH/4Zab0R4
L11lRO+uKYvMzSAXX586ZRoHUYm0PGTajlVtosyQqCOClJCRqK3fQlF7h35E2qMP
E2yHlghlwsQ4KifWs8WzXhJ45DEqA0ppQLE19s6JHnEn5DvcvwLW25xiDHQyY8wm
O8DKWvra9aKWmmTQPNfVRjN+iISeD1pTRO+/2eYVfJTrUb61PXuASl/0gppSknU0
63K6fmqLmc7D+wjbE81upQBErDQ8fQhK3THN4bqrVWiFGjuwX8ZCozZKvk0sqPvv
etd4v3YOidTMcO4Df6WXGRlUuBnegoNrUXaB+tUfHVs4OOSYLpWscorlSAp/8jAd
oNZ70iYnehPyMROBDJDTnB1Bx5B/MagpuOgf9Y/aI2I9bgUjgL7p1OrYtVUbSN6/
Uc2tcfvJONNHTAIkOcg0rzI6gzOVnzu5nM/2AUHgMuM8rvb2aeB+SFsuLEg8H1il
ppGEAVNl4UrIUNX3YoyNnJ8h0NJF+CE0SpvEiMARQEo/OxfLJqKxPHA2gNN3sF4h
leJg0Sc5ceU3
=IjIU
-----END PGP MESSAGE-----

This is the copy of the secret key that you should keep on hand in case something happens to the original. Later, if you need to use the file, you can:

1. Type it back in (exactly as it appears)

2. Store the contents in a text file

3. Run PGP on the file, and it will automatically extract the key for you once you enter the passphrase and restore it to your secret ring

Notice that the above secring.asc is not actually your secret ring, but a password protected copy using your passphrase as the IDEA key.

You can do the same thing with your public key except there is no need to encrypt it. Just take the ASCII-extracted copy we made earlier and save it with your secret key just in case.

As long as you have your secret key encrypted in a text format, you can move from different PGP platforms and migrate all of your keys over simply by manipulating the key text files we have made.

PGP and You

There is an ever-growing amount of PGP-related software coming out for UNIX. PGP Inc., which was formerly Viacrypt Inc., only provides the old version of Viacrypt 4.0 for UNIX, but according to their public relations department, they "plan to support UNIX in all our products," so keep an eye out for things in the next year. There are also quite a few freeware sources and applications available. PGPhone 1.0 lets you encrypt digital phone conversations over the Internet. PGP plug-ins are available for popular UNIX mailers, including pine and elm, that seamlessly integrate pgp into the emailing structure. There are also PGP sendmail versions that automatically encrypt outgoing and incoming mail. In short, searching the Web for PGP applications and resources will not disappoint you in terms of quantity, creativity, and usefulness.

PGP has become more than a trend during the past few years, slowly winning over enough users to become standard. Why? Because it's free and it works. If you are even slightly serious about protecting your online privacy, give it a try; you have nothing to lose. Once you have stepped through the basic issues in these articles and feel comfortable with them, delve into the user manual's advanced topics. There are also many interesting discussions on the legal and political aspects of PGP you can join. PGP has had a far-reaching impact on Internet privacy. It will continue to shape secure Internet communications until another encryption program replaces it or our online infrastructure is repaired of the vulnerabilities that PGP protects against.

Note: The keys that I used in this article were meant for demonstration only and are not intended for use. To obtain my actual public key, please refer to my bio on the first page of this article. n

About the Author

David Endler is a senior at Tulane University majoring in computer science with an emphasis in network security. His PGP Key fingerprint is: C4 4F 9C E7 E0 99 2A D3 B1 A7 3E EA E3 0F A1 0F, and his PGP public key may be obtained by fingering endler@studentweb.tulane.edu. He can reached via email at: endler@eecs.tulane.edu.