How to use GPG

From KnowledgeLab
Jump to navigation Jump to search

For simplicity, let me assume we talk about encryting using a GPG front end, such as Enigmail.

The Beginning: Read this!

GPG usage is based on the idea that you encrypt an email such that only the receiver can decrypt it. Let's use two people as an example: you and me. For the standard usage, everybody has two GPG keys, which fit together and to none else. You have a public key and a private key. You ought to keep the private key to yourself, hide it, give it to nobody else. The public key, however, you can distribute freely.

If you want to send me an encrypted email, you will encrypt it with my public key. I will then decrypt it with my private key. So, if you encrypt it only with one public key, only the one fitting private key can read the email (actually: I use my private key to decrypt and then read (not the key reads)). If you want me to send you an encrypted email, you have to give me your public key, such that I can encrypt the message to you.

Social Network: I

GPG key usage is based on the idea that you are sure that your communication is with the person who claims to be this person. It is necessary that the key fits to the right person, such that nobody else can intrude our communication!

How do GPG keys fit? In practice this means: If you come to the knowledgelab, let's meet for a brief chat. In this chat, we will check that I really got your GPG key (making sure that not a "bad" person pretends to be you and gave me a key). We will call this organized chat Key-signing Party. Please send me your key until Friday, 3rd Feb 06.

Using the Software: I

During installation of the Recommended Software you will be asked to generate a key (WinPT) or you have to do it yourself. Most frontends allow you to press a button to generate your key-pair (private and public key). (Read more about generation of the key-pair) I will now assume you have your key-pair generated. Your public key has several relevant characteristics: It carries your or a name or several names (the name which you tell me lateron, please) one or several email-adresses, it has a key-ID and a key-fingerprint. Your private key needs to be really, really safe. Therefore, you keep it private and also assign a secure passphrase (not just a word!).

The front end allows you to "export" your public key. If you do that, you can save this key as e.g. "my_name.gpgkey" on your Desktop. Now, you could send me your public key, and then I can "import" it. After importing, I (need to do some further small details and then) can encrypt emails to you. The other way around: You can import my key with your front end and use it to send me encrypted emails.

Social Network: II

When we meet at the knowledgelab, you tell me your name, show me e.g. your passport (or equivalent) and you show me your GPG key-fingerprint. You find the fingerprint using something like "show info/characteristics". You can note the fingerprint on a piece of paper, carry it around, or save your public key on a usb-stick and give it to me... Why all that? I need to make sure that I really communicate to the real person who gives me the key. I need to trust the key.

Using the Software: II

With the front end I can edit the key: I need to say whether I believe the key belongs to the real person. If I believe that, I will "sign" the key. Signing means, I write my virtual signature on your key. To make sure that nobody fakes my signature, I will use my private key to sign your public key. To access my private key, I need to enter my passphrase. I can now also say in how far I trust the key-holder, you, to seriously check the indentity of other GPG users. This has a big, big advantage: We can build a Web of Trust. With this, we will have much less work in future to use GPG.

Actually, I can only use a key for encryption if I signed it and declared my trust!

All other usages, we will discuss at the knowledgelab. Read here, for more info.

Main Page EnCrypted - Recommended relevant software - How_to_use_GPG - More introductionary texts - Privacy in the Internet - The GNU Privacy Handbook