File and encryption with GPG4win & Enigmail

Transcription

1 Protektor Services Windows Manual 11.5 File and encryption with GPG4win & Enigmail

2 Introduction, Contact, Legals, License Introduction Protektor Services Manual version 11.5 A new edition of the Protektor Services manual series. Protektor Services wants to assist by providing the right tools to help the people that need them without keeping them in the dark on how things actually work. Protektor Services manual series aims to do this by: Creating user friendly manuals Providing manuals for all major operating systems, it doesn't matter if you use Windows, Apple or Linux. Using only open source or open standards based software and solutions. Releasing the manuals under the Creative Commons Attribution 3.0 Unported License. Intermittent updates to the manuals to keep them current with real life computer systems. Making the source-file of the manuals available on request. In case you have any questions about the manuals do not hesitate to contact me. If you or your organization would like customized manuals or want to receive a full training for your people, do not hesitate to contact me Tom Contact Skype: Website: GPG Key: protektor.services@gmail.com or tom.keunen@gmail.com tomkeunen Acknowledgements I want to thank Nikki for the patience while I am thinking about computer stuff during social time. Legals All trademarks belong to their respected owners. No ownership is claimed by the author. License This work is licensed under the Creative Commons Attribution 3.0 Unported License. To view a copy of this license, visit or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.

3 Good things to remember Keep your system up to date. Keep your programs up to date. Choose a strong password. Create a user account for daily use. Use anti-virus software Do not forget to make regular backups.

4 Product Information Website: Version: System: License: , Released on March 15, 2011 Windows 2000/XP/Vista/7 Open Source Website: Version: System: License: , Released on June 29, 2010 Windows, Requires Thunderbird Open Source, MPL/GPLv2 What is GPG4win, Enigmail? The makers of GPG4win aim to maintain an up-to-date collection of tools to give the user all the right software for managing keys and encrypting/decrypting text and files. Enigmail is an extension for the Thunderbird client that provides the encryption, decryption and signing functionality. Why use GPG4win, Enigmail? GPG4win is a Windows collection of software and manuals that replaces the commercial PGP suite. Enigmail will give you access to all the cryptographic features you require for . How GPG4win, Enigmail work? GPG4win is an installer package that automates the installation of other programs, it makes installations much more user friendly. GPG4win contains more packages but in this manual you will use: GnuPG The core of the suite, GnuPG is the program that deals with the actual cryptographic features for files but also for Enigmail. Kleopatra Kleopatra is the front-end for GnuPG. It acts as the main key manager. Via an icon in the task bar the user gets access to different functions like encrypting and decrypting of text. GPGEx GPGEx is used for encrypting/decrypting files, you access it by right clicking on a file. The enigmail will be installed from within Thunderbird after we have set up GPG4win.

5 Keys? Symmetric Key Symmetric keys (also known as single-key algorithms) are encryption schemes where one key is being used for encrypting and decrypting. Asymmetric Key Asymmetric cryptography or Public Key cryptography is a design based on the use of a private key and a public key. Both keys are necessary to complete the process of encrypting and decrypting. An easy way to think about it is comparing it to your phone. In order to receive calls you have to give out your telephone number (your public key) but to receive a call you need your phone (your private key). How to use GPG4win? Download the installation package from the website and when finished double click on the icon to install. The installation process is straight forward, the default settings are the correct ones most of the time, the only 2 times you have to interact are in the components page Deselect the checkbox next to GPGOL if you are not using the Outlook client. Click on Next to continue with the installation.

6 And when the Define trustable root certificates page comes up. Select the checkbox that you want to skip the configuration. This part of the installer deals with S/mime certificates which is outside the scope of this manual. Click next to continue. The installation process is finished.

7 Start Kleopatra from the programs list. The main window for key management will appear. If you already have a GPG key you can import it by clicking on the Import certificates icon. If you don't have a key yet please continue.

8 Click on the File menu and select New Certificate. The Certificate Creation Wizard will guide you through the process. Select Create a personal OpenPGP key pair. Click on Next to continue.

9 The next step is to provide your details. Enter your Name and your address. The address has to be the same as your program sends out or there might be verification issues with your key pair making it harder to use. Click on Next to continue. You are presented with the details for your certificate, check them carefully. If the details are correct, click on Create Key.

10 You will need to enter a passphrase. Make sure that you choose a strong passphrase. The wizard will provide some visual help in the form of a quality bar to measure the strength of your chosen passphrase. If you choose a passphrase too short, or not complicated enough, the wizard will kindly offer you a chance to create a stronger passphrase.

11 You will be asked to re-enter the passphrase. Click on Ok to continue. The key creation is now finished. After your key pair Is created you should make a back up of it. From this window you can also send it to a key server. When you are finished click on Finish to continue. Your key is now ready to be used.

12 Now that we have created a key pair, let's export your public key so people can communicate with you in a more secure way. Select your key, click on File and select Export Certificates. Give it a more human readable name and for compatibility issues the.asc extension. Click on Save to continue.

13 If you want to send encrypted files to anybody else you will need their public key. To import this key go to the Kleopatra main window. You can now drag and drop the key file into the main window or select Import Certificates. Browse to where the key you want to import is located. Select it and click on Open.

14 Kleopatra will present you with a window to let you know you know the import process was successful. Click on Ok to close the window. The key has been imported but is not quite ready to be used. Select the key in the Imported Certificates tab from the Kleopatra main window, click on the Certificates menu and then select Change Owner Trust. The web of trust is important when you use GPG. Read the different trust levels and select accordingly. When you have selected the right level of trust, click on OK. Kleopatra will let you know that the Trust level has changed.

15 Next we will certify the key. Go back to the main window of Kleopatra. Select the key you wish to certify and click on the certificates menu and select Certify certificate. Select the checkbox for the key you want to certify. Verify the fingerprint with the user and click on Next.

16 The next window will let you choose the certificate you want to use to certify. Click on Certify to continue. You will be asked to enter your passphrase. After you entered your passphrase click on OK. Kleopatra will let you know that the certification was successful. Click on Finish to continue.

17 If you know go to the main Kleopatra and select Trusted Certificates tab you will see that the key you just imported is now trusted and ready to be used. Next you will encrypt a file to share with the person you just imported the key from. Go to document you wish to encrypt, right click with your mouse on the file and in the menu you will see the option to Sign and encrypt.

18 This process only takes a few mouse clicks. Select Sign and Encrypt and click on Next. The signing part of this process is part of what makes up the web of trust.

19 Next you will have to select the keys you want to use to encrypt this file. Select the key(s), and click on Add. They will be added to the bottom box and when finished selecting the keys, click on Next.

20 Select the identity you want to sign the file with. Click on Sign & Encrypt to continue. You will need to enter your passphrase. After entering your passphrase click on OK.

21 GPG will now perform the signing and encrypting. You will be presented with a window to inform you of the operations. Click on Finish to continue. Your encrypted document is now ready to be shared with your contact. As you can see the filename is not encrypted, be aware of this when choosing a filename so you don't divulge any information that might be sensitive.

22 When you receive an encrypted file and you need to decrypt it the process is even easier. Select the file you want to decrypt, right click and select decrypt and verify from the menu. Kleopatra will give you some options what you can do with the file. Click on Decrypt/Verify to continue. You will need to enter your passphrase. When finished, click on OK.

23 You will get the status report from Kleopatra. Click OK to continue. Your file is now decrypted. That is all it takes to import keys, to encrypt and decrypt files with GPG4win. This method is suitable for when you want to share files via removable media such as a USB stick. You can also send this encrypted document via . Next we will be looking at encrypting and decrypting . For this manual we will work with the Thunderbird client. If you use another client, chances are that there is a GPG extension available for it that will make it also easy to use. This manual will not go into depth on how to install and configure thunderbird but will focus on using the GPG cryptographic features in a user friendly way. There are many great tutorials available in the internet for general Thunderbird use.

24 First we will need to install the Enigmail extension. Start Thunderbird and select the Tools menu and click on Add-ons. The Add on menu will appear and search for Enigmail. When found, click on Add to Thunderbird.

25 Thunderbird will warn you about potential malicious practices. Click on Install Now to continue. Thunderbird will do the installation and when finished ask you to restart Thunderbird. Click on Restart Thunderbird to continue.

26 Once restarted you will see you now have an OpenPGP menu in Thunderbird. But first we will enable your account to make use of the new features. Select the Tools menu and click on Account settings.

27 Select the OpenPGP security tab. Select the checkbox to Enable OpenPGP support for this identity. Tick the Use specific OpenPGP key and click on Select Key.

28 A window will appear that will allow you to select the key you want to use. Select the key and click on OK. You will now return to your Account settings window. Click Ok to close. Your account is now ready to be used. Return to the main window of Thunderbird. Click on Write to start composing a new message that you will encrypt.

29 Create your message as usual. Before sending your message click on the OpenPGP button in the menu. Select Sign Message and Encrypt Message. For more options such as attaching your public key you can also select the OpenPGP menu.

30 Nothing seems to have happened. But at the bottom you will see the sign and encrypt buttons are now active. You will be asked to enter your passphrase. When finished, click on OK. When you created your key, the importance of using the right address was pointed out. Here you can see why this is. Enigmail will check the recipients' address against the addresses it has associated with the keys and use the corresponding keys.

31 Let's write another message but with an address for the recipient different then the one he or she created their public key with. As before select the sign and encrypt. Since Enigmail doesn't know one of the recipients it will ask you to select the keys you want to use for the signing and encryption of the . You can now select the key you want to use to encrypt the message. Press OK when finished.

32 Decrypting a received encrypted message. Select the message. You will see a lot of djibberish on the screen but Enigmail will pick up that this is actually an encrypted message and ask for your passphrase for decryption. Enter your passphrase and click on OK. Your message will now be decrypted.

33 The decrypted message. That is all there is to do to send and receive encrypted messages. If you want to send attachments to your contacts you can either send previously encrypted files or you can let Enigmail take care of this.

34 Write your and attach the files you want to send as usual, select the encrypt option from the OpenPGP button in the menu and when you select send Enigmail will present you with the following options. Select the appropriate action and press Ok to send your message with the attachments encrypted.