Pretty Good Privacy (PGP)

Background

Chidinma has a lead for one of the child trafficking sponsors and needs to send the files to Nasir. Nasir uses a PGP but he needs to show chidinma how to set up her email for that just incase she needs to send to others.

PGP – Pretty Good Privacy

PGP is a popular program used to encrypt, decrypt and authenticate data and files. It has been adopted as a common encryption standard for email messages, with implementations in several programs both freely and commercially available.

GPG – GNU Privacy Guard is a completely free software that performs the job of the PGP encryption standard on computers, aside its fundamental feature of encrypting your messages it offers a versatile cryptographic key management system and has been ported to support various operating systems platforms and user interfaces.

CipherTexting – Encrypting your Messages

PGP uses a variation of public cryptographic system, this systems essentially means each user has an encryption key that is publicly known and private key that is only known to that user. Message is encrypted to the user with their public key and when they get the message they decrypt it with their private key.

A popular tool to accomplish this is Gpg4win – this a graphical implementation of GPG on windows. MacOS and Linux users can visit https://www.gnupg.org/ to download variants of GPG including the command line tool.

Steps to encryption

Visit the link below to download.
http://gpg4win.org/download.html

Note: By default, GPA is not checked. MAKE SURE YOU CHECK GPA! You need it in order to easily encrypt and decrypt messages.

Next is to make a PGP key. Remember, none of the details need to be valid. Also make a backup of your key!!!

Step 1 – click the keys in the menu at the top. Alternatively, you can click CTRL+N to begin the process of creating a key.

You will go through a setup, where you make a name for your key, which I suggest you use an alias.

After selecting your alias it asks for an e-mail address. This e-mail should be nonexistent, and be linked to a website that also doesn’t exist.

Then you will be asked to make a backup of your key. I highly suggest you do this! Although you can make a backup at any time, you should just do it now. This is where your public key will be that you give to others to contact you.

Step 2 – Find Your Key –

Find where you put the back up of your key. It will be an .asc file but no worries, when asked to open the file just tell windows or whatever OS to open it using Notepad. Here you will find a public key similar to this.

When sharing your key with others, you should copy and paste from the beginning dashes to the end dashes.

HOW TO IMPORT SOMEONE ELSES PGP KEY TO YOUR GPA PROGRAMS 
–  First make a blank text file and copy the user’s pubic key to it.

–  In the Keys menu where you made your key, select import keys.

–  Select the Text file you saved with the public key in it.

Then you should get this if the key was successfully imported:

Now, To send an encrypted message.
First, open the clipboard. You can get there through the Windows menu or through the clipboard icon on the quick bar.

Type the message you’d like to send and select encrypt at the top of the clipboard window.

When you press encrypt, you are given a menu shown below. In this menu you select what key you’re using to send the message, and what key is going to be receiving the message. I chose to send the fake account used to make this tutorial a message with my personal account.

After you select who’s sending and who’s receiving you should get an encrypted message:

This encrypted message is what you send instead of cleartext. So when messaging on websites, simply paste the PGP message. If you receive a PGP message, you can also use the clipboard to decrypt the message you have received by opening the clipboard, pasting the PGP message you got, and then pressing the decrypt button, shown here:

That sums it up.

Secure Email

Tools Needed
Mozilla Thunderbird
GPG
Enigmail – Thunderbird Add-on

Download Thunderbird from https://www.mozilla.org/en-US/thunderbird/

Getting Started

Step 1.

Double click the thunderbird setup file, Open File  and proceed till Thunderbird files have completed extraction. The Welcome to the Mozilla Thunderbird Setup Wizard window appears.

Step 2.

Click Next to activate the Mozilla Thunderbird – Setup Type window.

Step 3.

Click Next at the Choose setup options window. The default setup is Standard.

Step 4.

Click Next  to accept the default settings and activate

Step 5.

Click Install to start the installation process. The Mozilla Thunderbird – Installing progress status window appears. You should be able to see the following final screen:

Click Finish to complete the installation process.


Register an Email Account in Thunderbird

Step 1.

At the Welcome to Thunderbird window click Skip this and use my existing email

Step 2.

Type in your name, email address and password in the corresponding text fields; click the check box to disable the Remember my password option.

Step 3.

Click Continue to activate the following screen:

Note:
Internet Message Access Protocol (IMAP) and Post Office Protocol (POP) are two different methods used to store and receive emails.

Step 4.

Note: To add another email account, click Local Folders > Accounts > create a new account:

Email to activate figure 7 in this section, and repeat step 2 to step 4.

Using Enigmail and GPG with ThunderBird

Enigmail is quite different from the Mozilla thunderbird. It comes as a browser add-on that helps you protect the privacy of your email conservations. It serves as the interface that allows you use PGP within Thunderbird.

Step 1.

Open Thunderbird, then Select Tools > Add-ons to activate the Add-ons window; the Add-ons window will appear with the default Get Add-ons pane enabled.

Step 2.

Enter enigmail in the search bar, like below, and click on the search icon.

Step 3.

Click on the ‘Add to Thunderbird’ button to start the installation.

After installing, you should restart thunderbird.

Step 4

When you’re done , you should see a new option in the menu bar called ‘OpenPGP’. Click on it and go down to ‘Key Management’.

Step 5

A new window would appear. You should select ‘No Thanks, i want to configure things manually’. Click next and then Finish.

Step 6

In the new window, click on generate and  New Key Pair.

Step 7

In this window you fix the features for your key pair. ie.

user/ account id : the email you want associated with it.

passphrase: a generated key or password which you can use to protect your private key, as secure as possible.

comments: something that confirms your identity to your friends or colleagues.

key expires in: Lets your key automatically expire after a certain time.

Afterwards, Click Advanced.

Step 8.

Set the characteristics of your keypair.
Key size: choose the highest 4096 bit. But if you don’t fancy long keys 2048 bit is the the minimum you should choose with an RSA key.
Keytype: to harness the big key-size you should choose an RSA key.
Click Generate key.

Sending Encrypted messages

It’s pretty  simple. In the message compose option, there are two new options which can be identified by a pen and key symbol.

When the pen is clicked, it turns green. The message will be signed before sending. The right symbol is a key. It also turns green when clicked. The message will be encrypted for the receiver. Enigmail will ask you which key to use, and a list will appear with the keys matching the receivers e-mail address.


Continue the conversation.


Visit forum.safeonline.ng to post comments and get advice from a community of security experts