Tags
Ciphertext, encryption, gpg, Kleopatra, message, openpgp, windows
Since PGP/OpenPGP can decrypt the contents of files, generating ciphertext from plaintext, there is a workaround for anyone using Web mail that doesn’t support PGP or email clients with that feature. A full version of Gpg4win includes the core GPG components and the Kleopatra interface.
With this installed, the next step is to create a public/private key pair. To generate a key pair, launch Kleopatra, and select ‘File – New Certificate…‘.
The advanced settings allow for the selection of different key sizes. 2048 bits should be considered the minimum key length for a reasonable level security. A 4096-bit key wouldn’t provide much extra benefit, unless you were generating the keys on a hardened Linux machine and storing them on a Smart Card or security module. The point is a private key should be stored the same way a text file containing passwords would.
To export the public key, right-click the certificate entry and select ‘Export Certificates…‘. To export the private key, ‘Export Secret Keys…‘. The public key is the one you’d publish or share, and the private key is the one you don’t share with anyone. For the purpose of this demo, I have exported both to a folder in MyDocuments.
Encrypting a Message
Type the message as normal, and save to a local directory as a standard text file.
Next, navigate to the directory, right-click the file and select ‘Sign and encrypt‘. Here you can select ‘Encrypt‘ (without signing), and check the ‘Text output (ASCII armor)‘ to generate ciphertext that can be copied into a Web mail interface. The ciphertext is saved as an .asc file.
Decrypting a Message
The reverse process is used for decrypting a message. Save the ciphertext to a local directory as a text file. This time, right-click the file and select ‘Decrypt and verify‘.
Kleopatra should automatically select the relevant private key, if it’s present, and prompt for the password.
uwnthesis said:
Totally off tangent, but a little nugget that I wanted to add, was that the EU ENISA standard is 4096 bit keys, moving to higher levels of crypto as soon as software allows. However, will the UK maintain EU standards of crypto after we leave Europe?
Looking forward to part 2….
Michael said:
You’ll love the next couple of posts, as I’ve been trying out some interesting PGP-related things this week, and there’s also an interesting ‘Dark Mail’ project in the works. Thanks for mentioning the ENISA thing – I wasn’t aware of that.
I’m not too worried about how Brexit might affect crypto – standards are standards, and open source implementations will be around. That said, it’s being speculated now that one of Trump’s executive orders might threaten the ‘Privacy Shield’ agreement.