IWS - The Information Warfare Site
News Watch Make a donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

    

__________________________________________________________

GUIDE TO (mostly) HARMLESS HACKING



Beginners' Series Number 4b



PGP for Newbies

____________________________________________________________



Do you cringe at the idea of people snooping on your email and through the

files on your computer?  Encryption is the only way to be absolutely certain

you can keep your private stuff really private.  Even if you are a newbie,

encryption can be surprisingly easy  -- if you use the free PGP program, the

encryption technique so powerful that it is illegal to use in some

countries!   The following GTMHH was written by Keydet89

<keydet89@yahoo.com>, so if you want to ask questions, email him and not me!

(Carolyn Meinel).



This Guide will tell you about:

[Creating your own keys]

[Importing keys]

[Creating a group of keys]

[Making your public key public]

[Encrypting Files]

[Encrypting your email]





PGP is a personal encryption program that you can use to

encrypt files or email.



PGP is 'Pretty Good Privacy', originally created by Phil

Zimmerman.  The long and short of the story is that Phil

released his encryption program to the public and was

investigated by the federal government.  As soon as the

investigation was closed, Phil started a company based on

his product, which was later purchased by Network Associates.



You can get the freeware version of PGP from:

http://www.nai.com/products/security/pgpfreeware.asp

**Be prepared for a wait, as this is approximately a 5.5Mb

file.



Note:  All of the examples used in this Guide are performed

using PGPfreeware 6.0.  The link above is for this version.



************************************************************

NEWBIE NOTE:  How to use PGP will be described, but if you

want to make it a little easier to use, download the Eudora

email client and install PGP's Eudora plug-in.  The tools

from PGP appear as icons on the toolbar in Eudora, and

encrypting or decrypting an email is as easy as selecting

an icon.



To get Eudora freeware to use with PGP, go to:

http://www.eudora.com/products/

************************************************************



Once you have the PGP freeware program, double-click on the

icon to install it.  Just follow the instructions, they are

very straight-forward, and there are no tricks or surprises

along the way.  You will have to reboot your computer, though,

but when you do, PGP Tray should be in your Startup group, and

there will be a little lock icon on the TaskBar.



NOTE:  For the purposes of this Guide, PGP 6.0 was installed

on NT 4.0/SP 3.  However, there should be no great difference

with 95/98.



Okay, once you have PGP installed, you need to create your own

keys.  But before we get started on that, let's briefly describe

how all of this works...



Briefly, the idea is this...PGP generates strong cryptographic

keys, a public and a private key.  You keep the private key, and

distribute your public key...attach it to your email by using a

signature file, post it on a web page, whatever.  You get your

friends public keys and import them into PGP Tools.  When you want

to send an encrypted email, you encrypt the email using the public

key of whomever you are sending it to...and only that person will

be able to decrypt it using their private key.  You can also sign

the files and emails so that whomever has your public key in their

key ring will know that the file is from you, and not someone

pretending to be you.



[Creating your own keys]



Now, let's generate a key pair.  Click Start -> Programs -> PGP ->

PGP Keys.  Note:  This assumes that you installed PGP using the

default options.  You will see lots of keys already in the PGP Keys

tool...these are the keys of the folks at PGP, Inc, which is now

part of Network Associates.  Scroll down until you find Phil

Zimmerman's key...he is the creator of PGP.



To create your own pair, choose Keys -> New Key... and follow the

instructions.  The second screen of the Key Generation Wizard asks

for your full name and an email address.  If you have one of the

free email accounts from Yahoo or HotMail, you may choose to use

that email address.  The third screen asks you to pick how large

of a key pair you wish to generate...since the Happy Hacker herself

uses 3072 bits, we'll choose the same strength.



************************************************************

NEWBIE NOTE:  The size of the key determines its strength...

the larger the key, the harder it is to crack.

************************************************************



On the fourth screen, choose 'Key pair never expires'.



The fifth screen asks for a passphrase to protect your private key.

Choose something that is not at all easy to guess...and then mix in

numbers, capital letters, and punctuation.  After you confirm your

passphrase and click 'Next', there will be a way cool graphic

while PGP generates your key pair.



Next, since we're just setting this up on our own system, and not

connecting to a root server (a server that is used by companies to

manage lots of keys), do not check the 'Send my key to the root

server now' box.



You now have your own key pair!!



[Importing keys]



Okay, now what?  Hhhmmm....let's look at an example of how to

import keys.  Go to:



http://koan.happyhacker.org/~satori/satori.asc



There are two key blocks on this page...looks like two different

versions of PGP.  Great.  Look at the larger one...now highlight

it, including the lines that contain 'BEGIN (END) PGP PUBLIC KEY

BLOCK'.



NOTE:  We are only going to import the lower key block.  Do not

include the upper key block...the smaller one that says 'Version

2.6.2'.



Highlight the entire 'Version:  PGPfreeware 5.0i' block, and

press 'ctrl-c' (ie, hold down the control key, and press the 'c'

key) or choose Edit -> Copy from your browser.



Minimize the browser and open PGP Keys.



Choose Edit -> Paste, and you'll see Satori's key in the

dialog window.  The email address used is 'satori@rt66.com'.

Click 'Import'.  Now you have Satori's public key, and you can

encrypt messages to him...and only him.



PGP ships with two public key servers built in.  To see them,

open PGPKeys, and choose Server -> Search.  The drop-down box

at the top of the Search Window will list an LDAP server at

PGP.COM and an HTTP connection to MIT.EDU.  You can search for

keys by typing in the name of the user you are looking for...I

found the Happy Hacker's public key in a matter of seconds!  I

just clicked on her key, and dragged it to my PGPKeys window...



Hint:  For the search, use the UserID of 'Carolyn Meinel'.



[Creating a group of keys]



Now let's create a group of keys. What this does is keep several

keys together, so if you have several keys from friends and you

want to encrypt a file for all of them, you don't have to go about

encrypting the file for each person.



In PGPKeys, choose Groups -> New Group..., and enter the

information asked for.



Choose Groups -> Show Groups, and a lower dialog window will open

in PGPKeys, with the name of the group you just created.



To add keys to the group, highlight the key you want to add and

click 'ctrl-c' to copy the keys to the clipboard.



Highlight the group, right-click on it to open the popup menu,

and choose Paste.  The keys will be pasted into the group.



[Making your public key public]



There are a couple of ways to make your public key available.

We'll describe two methods...using a public key server, or

saving the key to a text file so that someone else can import

it.



First, as stated above, PGP ships with two public servers...one

at PGP.COM, the other at MIT.  When you are connected to the

Internet, open PGPKeys, select your key pair, and click Server ->

Send to, and choose the server you want to send your public key

to.



The other method is to save your public key to a file.  This

file can be sent to your friends, or pasted into your signature

file on your email.  To save your public key to a file:



Open PGPKeys, and select your key pair.



Click Keys -> Export, and a file dialog will open.



Choose a filename.



To save your public key into a document that already exists,

such as a signature file for your email:



Select your key pair.



Click Edit -> Copy (or hit ctrl-c).



Move to the document where you want the key saved, and choose

Edit -> Paste from the menubar for the document (or hit ctrl-v).



[Encrypting Files]



WARNING:  The next example shows you how to encrypt and decrypt

your files.  Choose a file to try the example on but do NOT

try it on a system file or other important file!!



Want to encrypt a file on your machine?  Great, let's try it.

Open up any folder, and choose any file.  Right-click on the

file, and go to PGP in the popup menu.  Choose 'Encrypt', and

choose your key pair from the dialog window.  Now, click on the

pair, and drag it into the lower window.  PGP will encrypt the

file and you'll see another icon pop up...an armor plate with a

lock on it.  Very appropriate, if you think about it.



Now to decrypt the file, make sure that you've moved or deleted

the original file (make sure that you aren't using a system or

other important file for this example!!) and double-click on the

encrypted file.  Enter your passphrase in the lower dialog window,

and BANG!, your file is decrypted.



This is a great way to protect your files.  And it's free!



To encrypt a file for the group, just follow the same steps as

above, but choose the group name instead of a single key.



[Encrypting your email]



Now, encrypting your email...if you are using Eudora or (god

forbid!!) Outlook, then you could have opted to use the PGP

plug-ins for either of them.  However, if you don't use either

of the two mail clients, then in order to encrypt your email,

can choose a couple of options.



First, using an email client such as Netscape, you can easily

encrypt the file as described above, and attach it to the email.



Another option is to type what you want into the message area of

the email, and then highlight it and click 'ctrl-c' to copy the

text to the clipboard.  Then right-click on the PGP Tray icon on

the TaskBar (the little lock) and choose 'Encrypt & Sign

Clipboard'.  The PGPKeys window will open, and you need to choose

to whom you wish to encrypt the message.  You'll be prompted for

your passphrase, as the message will be signed, so that your

friend (who has your public key) will know that it's from you.

Once the text on the clipboard is encrypted, go back to the email

(or file) and highlight the text again, and click 'ctrl-v' (hold

down the control key and hit 'v') and the encrypted message will

be pasted into the email over the original message.



************************************************************

NEWBIE NOTE:  If the PGP Tray icon isn't on your TaskBar,

check your Startup folder.  If it's not in the Startup folder,

add a shortcut to PGPTray.exe to the folder.



If at any time you are having difficulty trying to do anything

with your keys, simply open the Help in PGP.  The help documents

are very good...they are clear, descriptive, and concise.

************************************************************



Here's my (Keydet89) public key:



-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com>



mQGiBDYMk4YRBAD3QaP+/6SFBzkdZLc+iVlfRJ1q7F3axQOK3uAgEMQ41kyJVQju

Ynn+ZnVG8qgPRnvD3DkapzmWpl/lgc+ezmA9Af6pezrFKEBP9NWZN8u53qXNKPxo

CaIIikhoOcd+5YnrsezKvDN6ab8vWcYgrui3ecMu6AmAxnFAj+rCiQizvQCg/6V8

sYmhkBIqTbu8eMwZ/G7OXq8D/13LtUsoLB/Z9Wtza661GtZ/O9NLiA0qlJbDOkvf

cv9k76KvzHCshvTwM/s9sqmc5EuB4cvNNILelW0wMcQrM+NBNNxtgGf/Q4+nh0kB

11GSOOijIEDFLSb2MIu3I1wDeFLiSD30F88MjpK517bhLIPY+xt5EtIBzFx6Xh27

23EFA/9IZkLzO7fwAtjljWCyw72e4sxXDPO5v1GFBG+TZF9DM+Zzbfext9Wkw5MW

DMStICIaCYAsq5ywaQUrzPe2WJfeQqNbSOi9QULnri7dg0jBOxHHPkMDy4wxKqmu

dS4txrCedXKWALKVnFfDy2bfrLZ9WYP2YIqta3QoYvg5Qkpy+LQdS2V5ZGV0ODkg

PGtleWRldDg5QHlhaG9vLmNvbT6JAEsEEBECAAsFAjYMk4YECwMCAQAKCRA5IB4E

SkfiCzxJAJ9I8COJS34TOJftyPXFLHz1qpAFiwCg8c9G3jZRv4ki5MjufpPDtnOQ

5zG5Aw0ENgyThhAMAMwdd1ckOErixPDojhNnl06SE2H22+slDhf99pj3yHx5sHId

OHX79sFzxIMRJitDYMPj6NYK/aEoJguuqa6zZQ+iAFMBoHzWq6MSHvoPKs4fdIRP

yvMX86RA6dfSd7ZCLQI2wSbLaF6dfJgJCo1+Le3kXXn11JJPmxiO/CqnS3wy9kJX

twh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV89AHxstDqZSt90xk

hkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58

yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4

DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/

POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlL

IhkmuquiXsNV6UwybwACAgv+PxYBW2jJR/SP7xiaZ0TZ8E1QsgyZfN0EBHb8oogw

hpNmJzqjmTLWrPpTMRlHVkPxikunEnUIL1tBzrPGaz+CuUOhCFAVqXr/JwCF2ocQ

Zus/rtucN7PPqvkC5IMYW04MvBGE4n/7pbNFelXZb790nkyOamVh0zqMokraQtfW

mi4qQrlg0yEqiLt1JUvf/mdaSR2UdYiLMLg43oIPXmp608DjtUWXBU8nZuYLq60v

dQde2dX82cOvlswR3/z43KGrhsklQwKZoPq1IkcP3pA9Jjqq3ltLXf5A74vFCetl

JBoLUW0pCIuN1GcG4qAIeUusTuyX6QtO6pfvfYyNhyEF+ylJGyt93VSUssNF1wR/

UodXQ3NdtQAWYrNXTWwrXDN9Sm4rG/rHU/BPbd0VLC8PH8wraVluk/NzMrMdPGhj

mnxeHcBRb0WtIA6hZt+rIJBsel7In6ayl0UbnZWFkp0AZshmh0DKBy46Tr4V2UYM

NdjL9AemPh4kd64VmvJ2GHleiQBGBBgRAgAGBQI2DJOGAAoJEDkgHgRKR+IL3BwA

oIkAAwmgpFp9CLq1SX4sPj871eekAKCag3rN+zsu1dh3lBJQ4lYw7TmtAg==

=0E/c

-----END PGP PUBLIC KEY BLOCK-----

________________________________________________________

Where are those back issues of GTMHHs and Happy Hacker Digests? Check out

the official Happy Hacker Web page at http://www.happyhacker.org.

We are against computer crime. We support good, old-fashioned hacking of the

kind that led to the creation of the Internet and a new era of freedom of

information. But we hate computer crime.  So don't email us about any crimes

you have committed!  

To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless

Hacking, please email hacker@techbroker.com with message "subscribe

happy-hacker" in the body of your message. 

Copyright 1998 keydet89.  You may forward, print out or post this

GUIDE TO (mostly) HARMLESS HACKING on your Web site as long as you leave

this notice at the end.

_________________________________________________________

Carolyn Meinel

M/B Research -- The Technology Brokers

http://techbroker.com