Secure Email with GnuPG

Ben Rady — Thu, 23 Aug 2007 09:52:00 -0500

So you need to send someone the root password to your webserver? You should just put it in an email and send it to them, right? Well, actually, no…that’s a profoundly bad idea. Here’s how you can use GPG to securely send passwords (and other sensitive information) though email.

Public key encryption allows people to send secure messages to each other without exchanging pre-determined passwords. GnuPG is an open source implementation of a public key encryption system called OpenPGP. Other public key systems exist, but GnuPGP is both free and Free, so that’s what we’ll be using for this example.

First, you get to install GnuPG. If your operating system has a package manager such as apt or MacPorts, it’s generally as simple as:

sudo port install gpg

Creating a Key Pair

Now that we have it installed, lets generate a key pair. Key pairs allow others to encrypt messages to us using our public key, which we can then decrypt using our private key. Doing this in gpg is simple, just type:

gpg --gen-key

GnuPG will then ask a set of questions, including a passphrase, name, and email address. The default values it uses for the key settings are generally acceptable. GnuPG will then generate a key and add it to our keyring, which holds all our known public and private keys. To see the contents of the keyring, we type:

>gpg --list-keys
pub   1024D/A4D1213F 2007-08-23
uid                  Ben Rady <brady@objectmentor.com>
sub   ...

GnuPG then spits out the public and private key ID’s. Now that we have a key pair, we can decrypt messages sent to us. But how will anyone get our public key to encrypt messages? Well, we could export our public key and post it on our website. Or we could just email it to everyone we know. However, there are also numerous key servers around the Internet that host public keys, such as the MIT key server, and we can post our key to one of them. To do so, we type:

gpg --keyserver pgp.mit.edu --send-keys A4D1213F

Sending Encrypted Messages

So once the receipent has generated a key pair and made their public key available, we can send them a secure message. First, we need to import their public key into our keyring:

gpg --keyserver pgp.mit.edu --recv-keys A4D1213F

If you don’t know the key ID that you want to import, the MIT keyserver has a search function that will search by name or email address. However, it’s important to verify that the key you find in the search is really the public key of your intended recipient. Once we do that we (generally) should mark the key as trusted by typing:

gpg --edit-key brady@objectmentor.com
Command> trust
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5

Now, we can create a message and encrypt it:

echo 'Secure Message' | gpg -e -r brady@objectmentor.com > secure.gpg

We could have just as easily encrypted one or more files by passing them as parameters to GnuPG. We also could have included multiple recipients. Now we can safely email our secure message (stored in the secure.gpg file) to the recipient.

Receiving Encrypted Messages

When someone sends us an encrypted message, decrypting it is easy.

> gpg -d secure.gpg
gpg: encrypted with ...
      "Ben Rady <brady@objectmentor.com>" 
Secure Message

And there’s our secure message. Kept safe from the prying eyes of the Internet.

"Secure Email with GnuPG" by Fred

Sat, 10 May 2008 15:35:01 -0500

Thank you guys, very much!

"Secure Email with GnuPG" by feedogator

Wed, 23 Apr 2008 07:20:27 -0500

thanks ben for the great article

"Secure Email with GnuPG" by wow guild hosting

Mon, 21 Apr 2008 19:17:25 -0500

Secure email, geting a pair key and sending/receiving encrypted messages is all very valuable. Thank you.

"Secure Email with GnuPG" by iphone hacks

Thu, 10 Apr 2008 04:57:19 -0500

Worked on my iphone

"Secure Email with GnuPG" by Matt Stronge

Thu, 10 Apr 2008 04:36:07 -0500

Works like a charm, thanks for the great tip!

"Secure Email with GnuPG" by Dave Jerusalem

Mon, 07 Apr 2008 02:03:42 -0500

Even worked on my Ubuntu machine. Usually these type of tutorials don’t really work on ubuntu, and with my very limited knowledge in linux I usually just give up, but this actually worked by doing it step by step.

thanks mate.

"Secure Email with GnuPG" by rssnewsdigest

Thu, 03 Apr 2008 06:01:29 -0500

Try rssnewsdigest.com, a new comprehensive news aggregator. With rssnewsdigest, you don ’t really have to go anywhere else. http://rssnewsdigest.com

"Secure Email with GnuPG" by Real estate software

Sun, 10 Feb 2008 04:43:32 -0600

thank u thank u thank u! I just did that on my iphones freebsd and it worked like magic

"Secure Email with GnuPG" by dan ros

Fri, 09 Nov 2007 02:48:45 -0600

good site

Object Mentor Blog: Secure Email with GnuPG