Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.

For the best experience please use the latest Chrome, Safari or Firefox browser.

GNU Privacy Guard
Tony Bemus
Metro Detroit Linux Users Group
November 9th, 2013
GPG setup and maintenance on linux
There are some GUI or point and click programs
 available 

These programs will allow you to create, export,
update, sign, send and sync with the servers

In Linux Mint there are three servers configured
by default: Ubuntu, SKS, and PGP.com.

Seahorse is for GNOME
Seahorse is a GNOME application for managing
encryption keys

* install on a Debian based system
sudo apt-get install seahorse
KGPG is for KDE
KGPG is a simple, free, open source
KDE frontend for gpg.

* install on a Debian based system
sudo apt-get install kgpg
gpg-tools is for the CLI
if you would rather use the command line 
here is the process Using GnuPG to generate a key
gpg --gen-key
The prompts are fairly self explanatory, it will ask what kind of key
(first one is a good option),  Enter your name, email, and comment like a
nick name. It will also ask for a pass phrase, Don’t forget it.
 add this line to your ~/.bashrc
export GPGKEY=[key-id]
to find your key-id use the numbers after 2048R/
gpg --list-keys
pub 2048R/DB471CEE 2013-09-24 uid Anthony Bemus (Tony the Gray)
y
My Key ID is:  DB471CEE
CLI cont...
Send your key to the server. 
CLI cont...
*In this case its the Ubuntu server
gpg --send-keys –keyserver
         keyserver.ubuntu.com $GPGKEY

Backup your keys:
CLI cont...
Public Key
gpg -ao file-public.key –export $GPGKEY
Secret Key
gpg -ao file-secret.key
      –export-secret-keys $GPGKEY

* Keep this one safe
CLI cont...
Restore your key
gpg --import file-public.key
gpg --import file-secret.key
Privacy through Encryption
Ecrypting in the CLI using your gpg key
gpg -e big.txt
gpg -d big.txt.gpg
Decrypting in the CLI
gpg -c big.txt
Ecrypting in the CLI using a password
Ensure authenticity
Sign the file people can verify it is from you
Sign and encrypt the file for a user (mat)
gpg -s filename.txt
gpg -es mat filename.txt
Getting you key signed
The whole point of all this is to create a web of trust. 
Sign keys of people that you can
verify their identity:

1) Keysigning Partys
2) People you already know
1) Locate someone that lives near you and can meet with you to verify your ID. 

2) Arrange for a meeting. Bring at least one ID with photo and printed fingerprint
     of your OpenPGP key, ask the same from the person you will be meeting with.
3) Print copies of your public key
        1) get the last eight digits of your fingerprint:
                    0995 ECD6 3843 CBB3 C050 28CA E103 6EED 0123 4567
         2) terminal:
gpg --fingerprint 01234567 >> key.txt

4) print the resulting key.txt file and bring as many copies to the meeting
          as you expect to have people sign

5) Meet, verify your IDs and exchange OpenPGP key fingerprints

6) Sign the key of the person you've just met. Send him/her the key you've just signed.

7) Update your keys on the keyserver, the signature you've just created will
       be uploaded.

Key Signing Partys
Finger Print C447 A702 1EDD 6738 068A 29B1 886C C3F6 DB47 1CEE
Sign my key:
ID: DB471CEE

People You know
Tony Bemus (me)
Configure Email clients
Evolution
Kmail
Claws Mail
Thunderbird
Mutt
Web mail
Using GPG for secure communication 
Evolution
1) Open Evolution and go to Edit->Preferences.

2) Choose your email account, click on it, and then click Edit.

3) Click on the security tab.

4) In the PGP/GPG Key ID: box, paste your KEY-ID.

Evolution has built-in support for OpenPGP. 
Look under the Security tab when you edit accounts.
email ...
Kmail
1) Start up KMail
2) Go to the Settings menu
3) Select the Security icon on the left hand side
4) Select the Crypto Backends tab
5) Make sure OpenPGP (gpg) is in the list, and check the box next to it.
6) Select the Identities Icon on the left hand side
7) If you haven't already created an identity for yourself, create one now.
8) Select your identity and click the Modify... button
9) Select the Cryptography tab
10) Click on Change... next to OpenPGP signing key
          and select your preferred key from the list.
11) Repeat for OpenPGP encryption key if you want to encrypt messages
12) Make sure the Preferred crypto message format is either Any or OpenPGP/MIME.
         The inline format is deprecated, and highly annoying to users of mail client
         software that doesn't support this standard. This is the "old" way of doing things,
         and the OpenPGP/MIME format is the preferred method.
13) Click OK in the edit identity window and in the preferences window. 

email ...
1) claws-mail-pgpinline is available in the "Universe" repository.

2) sudo apt-get install claws-mail-pgpinline

3) The plugin may have to be loaded manually after installing it.
                    Open Claws Mail and select Configuration -> Plugins


            1) If PGP/Core and PGP/inline are in the Plugins dialogue box,
                    the plugins are loaded correctly.


            2) Otherwise, click on the Load Plugin button towards the bottom of the window.
                    In the file selection dialogue, select pgpinline.so and click the Open button.


4) When Claws Mail tries to open encrypted e-mail, the program will prompt
     for your key's passphrase and then show the e-mail with the decrypted message.

Claws Mail supports OpenPGP through the plugin
        claws-mail-pgpinline

Claws Mail
email ...
Thunderbird
1) Thunderbird supports OpenPGP through the enigmail plugin.

2) Enigmail is available in the "Main" repository.

3)
sudo apt-get install enigmail

4) Configure OpenPGP support in Thunderbird under
       Enigmail->Preferences and add under GnuPG executable path.
       The path for GnuPG is /usr/bin/gpg.

email ...
Mutt
1) Create a ~/.mutt directory and copy this file into it:
    /usr/share/doc/mutt/examples/gpg.rc

2) Append this line to the muttrc configuration file.
             
source ~/.mutt/gpg.rc # Use GPG

4) If you're using Mutt 1.5.13, you'll need to fix the paths to pgpewrap
email ...
1) It's All Text! is a Firefox extension which allows you to edit
     your mail in your preferred local text editor.

2) If your editor supports it, this can make handling of encrypted mail easier.

3) For example, you could use gnupg.vim and a local Vim instance.

Web mail
FireGPG (Discontinued)
It's All Text!
email ...
References
Ubuntu GnuPrivacyGuardHowto
https://help.ubuntu.com/community/GnuPrivacyGuardHowto
How to Encrypt Files on Linux Using GPG, Ccrypt, Bcrypt and 7-Zip
http://www.maketecheasier.com/encrypt-files-on-linux/
GPG with KDE and Kmail
https://help.ubuntu.com/community/KMailGPGAgent
This Presentation
On the MDLUG wepsite
http://mdlug.org/presentations/bemus/gnupg-mdlug11-2013.html

Contact Me:
Tony Bemus
tony@bemushosting.com

Use a spacebar or arrow keys to navigate