Encrypting email with GnuPG

Slashdot it! Delicious Share on Facebook Tweet! Digg!

Three-Step Process

Communicating an encrypted email via OpenPGP/GnuPG requires the following prerequisites for the sender as well as the recipient:

  • Generating a key pair
  • Exchanging public keys
  • Importing the partner's public key in your keyring

As a Thunderbird user, you should install the Enigmail [2] extension via the add-on manager (Tools | Add-ons | Search add-ons). The menu list then includes the OpenPGP entry that controls all encryption and signing functions.

The PGP function is already built into KMail, and you get to it with Tools | Certificate management. Both programs provide a GUI for the console commands described as follows.

The gpg --gen-key command generates a new key pair. The program prompts for a key type and length, with the currently recommended values being RSA/RSA 2048-bit for compatibility and security reasons. Then, you need to set the key's validity period. Beginners should not use the default 0 = key does not expire value, because, once published, a forgotten private key value can no longer be retrieved from key servers.

Next, you need to enter the name, email address, an optional comment, and a password, which is required for use of the key. Keep in mind when entering the password that it can be more easily cracked than a 2048-bit RSA encrypted one.

The program then generates a secret key based on a 2048-bit random number sequence. To ensure attacker unpredictability when generating the secret key, GnuPG figures in external events, such as mouse movements and keyboard input, so the use of mouse and keyboard accelerates the process.

The key pair is generally available in less than a minute. GnuPG then adds the key pair to your keyring, which becomes available for Thunderbird, KMail, and all other mail programs that GnuPG uses for encryption.

Exported Goods

Check that your keyring actually contains the generated keys. The gpg --list-secret-keys or gpg -K command lists the private key, while gpg --list-keys or gpg -k lists the public key. To make the public key exchangeable, first export it to a local file, as follows:

$ gpg -a --export <ID> > my_pubkey.asc

The -a option specifies the ASCII format, making it easier to exchange via email. When a remote partner requests your PGP key, send it to her so that she's capable of sending you encrypted messages.

To allow others to send you encrypted mail without a key request, you can publish the key to a key server, as follows:

$ gpg --keyserver hkp://keys.gnupg.net --send-keys <id>

If you're wondering about hkp://, that's not a typo; it stands for the HTTP key server protocol. A number of key servers are available – the most popular of which even synchronize among themselves.

Buy this article as PDF

Express-Checkout as PDF

Pages: 6

Price $0.99
(incl. VAT)

Buy Ubuntu User

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • An overview of the IMAP client Trojitá

    Trojitá is new to the scene of email clients, but it already stands out for its intuitive interface and speed. Even so, this client is still missing some essential functions.

  • Welcome

    The title of this issue's Editorial section is a shameless rip-off of a section that used to run in Omni, the influential and very cool 80s magazine of "Science Fiction, Fact, and Fantasy." The section in Omni talked about advances in science and technology and where they would lead us. The title played on the actual verbal tense – the word "will" was used a lot in the articles, and the fact that, well, it was about the future.

  • GNOME Cleartext Passwords: Bug or Feature?

    The current discussion in the Ubuntu forums is about a possible security hole in GNOME, specifically about GNOME registered users having their passwords appear as cleartext on the keyring. Not a bug, say its defenders, but the security concept behind the GNOME keyring.

  • Anonymous and secure surfing with Tails

    If you need an anonymous connection to the web, Tails 0.19 is just what you need. The Live system conceals all traces of surfing and mailing.

  • Pyspread – The Spreadsheet with a Python connection

    You can find plenty of spreadsheets offering a multitude of features. The Python-based Pyspread demonstrates that a sophisticated spreadsheet application can also be newcomer-friendly.