Send and receive emails with free GPG encryption

GPG is GNU Privacy Guard, a non-commercial version of the encryption tool PGP (Pretty Good Privacy). It is used to encrypt and verify the sending and receiving of emails, files, and other data, ensure the reliability and authenticity of communication data. This article will introduce GPG technology and related tools to help "sincere" communication between online surfers.
1. PGP Overview
Before introducing GPG, let's take a look at the basic principles and application rules of PGP.
Like many encryption methods, PGP uses two keys to encrypt data. Each person who uses PGP encryption technology must create a pair of keys, one for public keys and the other for private keys. Public keys can be widely spread and even stored in public key databases for access by other Internet users. Private keys are personal information and should never be disclosed to others.
The public and private keys interact with each other to encrypt and decrypt the data. Data encrypted by public keys can only be decrypted by private keys, and data encrypted by private keys can only be decrypted by one public key. In this way, you can implement dual authentication.
Before sending key information to a specified person, the user uses the public key of the user to encrypt the information. Because only the user's private key can be used to decrypt the sent information, it ensures that other users without the private key will not decrypt the information.
In addition, users can use their private keys to encrypt information and send it to many people. Because only the sender's public key can be used to decrypt the received information, so that the recipient can be sure that the information actually comes from someone.
Ii. obtain and install GPG
As mentioned above, GPG is a non-commercial version of PGP, that is, the free version. Therefore, understanding and mastering the GPG technology has great practical value and promotion effect.
GPG is http://www.gnupg.org/download.html
The current version of GPG is 1.0.6, and there is also a security patch. Download the two files gnupg-1.0.6.tar.gz and gnupg-1.0.5-1.0.6.diff.gz at the same time, decompress them, install patches, and run the configure script program for configuration. Note: After the default installation, the configuration options are applicable to most users. Then, run make and make install to install the GPG binary file and other components. The related commands are as follows:
$ Tar-xzf gnupg-1.0.4.tar.gz $ cd gnupg-1.0.4 $ patch-p1 <.. /gnupg-1.0.4.security-patch1.diffpatching file g10/mainproc. cpatching file g10/plaintext. cpatching file g10/openfile. c $. /configure... [Output of configure]... $ make... [Output of make]... $ suPassword: # make install... [Output of make install]... # exit $
3. Create public and private keys
Before sending or receiving encrypted data, you must create a pair of keys, namely, public keys and private keys. You can use the following command to complete the creation:
$ Gpg -- gen-key
If you use GPG for the first time, GPG will create the directory $ HOME/. gnupg. Then we must run this command again and answer a series of questions listed by PGP in sequence. For these problems, you only need to simply select the default value. The following shows the command execution:
$ Gpg -- gen-keyPlease select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) ElGamal (sign and encrypt) your selection? 1DSA keypair will have 1024 bits. About to generate a new ELG-E keypair. minimum keysize is 768 bits default keysize is 1024 bits highest suggested keysize is 2048 bitsWhat keysize do you want? (1024) 1024 Requested keysize is 1024 bitsPlease specify how long the key shocould be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n yearsKey is valid? (0) 0Key does not expire at allIs this correct (y/n )? YYou need a User-ID to identify your key; the softwareconstructs the user id from Real Name, Comment andEmail Address in this form: Heinrich Heine (Der Dichter) Real name: Joe UserEmail address: joe@mynet.netComment: PGP Rules! You selected this USER-ID: Joe User (PGP Rules !) Change (N) ame, (C) omment, (E) mail or (O) kay/(Q) uit? OYou need a Passphrase to protect your secret key. Enter passphrase: Repeat passphrase:
Note that do not set passphrase at will when entering passphrase. We recommend that you set passphrase according to the general rules for setting passwords.
Now, the GPG starts to create the key. However, you may see the following information:
Not enough random bytes available. Please do some otherwork to give the OS a chance to collect more entropy!
This is because, before creating a key, GPG still needs a small amount of Stable Random Number information. In Linux, GPG usually gets these random numbers from the/dev/random device, and it is best to get these random numbers in the current state when the system is running. We can move the mouse or press Shift or Ctrl multiple times to create a random number.
In the end, the GPG successfully creates the key:
Public and secret key created and signed.
Iv. Operation Keys
The following describes the key operations, including the key list, key import, key export, Key signature, and user trust.
1. Key List
The key list is very important. The command to obtain the Key List, the name of its owner, and the Email address, and the execution status are as follows:
$ Gpg -- list-keys/home/joe/. gnupg/pubring. gpgpub 1024D/D9BAC463 2001-01-01-03 Joe User (PGP Rules !) Sub 1024g/5EE5D252 2001-01-03pub 1024D/4F03BD39 2001-01-15 Mike Socks (I'm WIRED) sub 1024g/FDBB477D 2001-01-15 $
Each row in the output result contains the public key information used to encrypt the file and the e-mail address that can be sent to encrypt the data.
2. Import and export keys
The import and export operations of keys are common in the PGP world. For the sake of secure data exchange, the sender and receiver must first have a public key for each other, to achieve this goal, you need to import and export keys.
First, let's see how to export the key. Suppose the user is mike. The specific command is:
$ Gpg -- export mike@mynet.net> mike. gpg
In this way, the public key information for the mike@mynet.net is saved to the mike. gpg file, then mike can be used to spread mykey. gpg to friends, partners, secure communication. However, this mike. gpg is an unreadable file, which means its content looks messy. Can I generate a standard ASCII format key export file? Of course, you can add a "-a" parameter. The command is as follows:
$ Gpg-a -- export mike@mynet.net> mike. gpg
The new mike. gpg has a good format and contains the same public key information and regular identification strings.
Next, let's take a look at how to import the key. The mode is similar to the export key. Assume that the user is god and the command is:
$ Gpg -- import mike. gpg
In this way, god can receive emails encrypted with keys from mike and mike.
3. Key signature and user trust
Although theoretically, secure information communication can be achieved with public keys and private keys, the public keys must be validated in practical applications. Because there is a possibility of forging public key information.
Therefore, a complex trust system is introduced in GPG to help us identify which keys are true and which keys are false. This trust system is based on the key, mainly including the key signature.
When an acquaintance's public key is received and GPG informs that there is no entity credibility information attached to this public key, the first thing to do is to "fingerprint" the key ). For example, we have imported the public key from mike, and GPG tells us that there is no additional trust information for this key. At this time, the first thing we need to do is to sample the fingerprint of the new key. The command and execution are as follows:
$ Gpg -- fingerprint mike@hairnet.orgpub 1024D/Jun 2001-01-15 Mike Socks (I'm WIRED) Key fingerprint = B121 5431 8DE4 E3A8 4AA7 737D 20BE 0DB8 4F03 BD39sub 1024g/Jun 2001-01-15 $
In this way, the fingerprint information is generated from the key data and should be unique. Then, let's call mike to confirm two things. First, whether the fingerprint information of the public key is sent to us. If Mike confirms these two things, we can be sure that this key is valid. Next, we sign the key to indicate that the key comes from Mike and our trust in the key. The related commands and execution are as follows:
$ Gpg -- sign-key mike@hairnet.orgpub 1024D/4F03BD39 created: 2001-01-15 expires: neversub 1024g/FDBB477D created: 2001-01-15 expires: never (1) Mike Socks (I'm WIRED) pub 1024D/4F03BD39 created: 2001-01-15 expires: neverFingerprint = B121 5431 8DE4 E3A8 4AA7 737D 20BE 0DB8 4F03 BD39Mike Socks (I'm WIRED) are you really sure that you want to sign this keywith your key: Ima User (I'm just ME) Really s Ign? YYou need a passphrase to unlock the secret key foruser: Ima User (I'm just ME) 1024-bit DSA key, ID D9BAC463, created 2001-01-03Enter passphrase: $
Now, we use our private key to sign Mike's public key. Anyone holding our public key can verify that the signature really belongs to us. The signature information appended to Mike's public key will travel around the Internet with it. We use personal credibility, that is, our own private key, to ensure that the key actually belongs to Mike. What a touching and honest story it is:-) should people in the real world reflect on this strict technical standard?
Back here. The command to obtain the list of signature information appended to a public key is:
Gpg -- check-sigs mike@hairnet.org
The longer the signature list, the greater the credibility of the key. In fact, the signature system provides the key verification function. Suppose we receive a key whose signature is Mike's public key. We verify that the signature actually belongs to Mike, so we trust the key. By extension, we can trust any key signed by Mike.
To be more secure, GPG also introduces another additional feature: trust level ). With this function, we can specify a trusted level for the owner of any of our keys. For example, even if we know that Mike's public key is credible, we can't trust Mike's judgment on other key signatures. We will think, mike may have signed only a few keys, but did not check them carefully.
The command and execution status for setting a trusted level are as follows:
$ Gpg -- edit-key mike@hairnet.orgpub 1024D/4F03BD39 created: 2001-01-15 expires: never trust:-/fsub 1024g/FDBB477D created: 2001-01-15 expires: never (1) mike Socks (I'm WIRED) command> trust 1 = Don't know 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully s = please show me more information m = back to the main menuYour demo-? 2 Command> quit $
In the command editing environment, execute trust and select Level 2 (I do NOT trust). In this way, we cut any trust chain so that every key must pass through Mike's signature.
5. Use GPG to send and receive data
Next we will start to discuss how to use GPG to send and receive data. This is a day-to-day task and must be understood and skillful. In the PGP overview section that begins with this article, we have mentioned two ways of data exchange. Now we have a conceptual concept of its classification:
● Signed data: the sender uses the private key to encrypt the data, and the receiver uses the public key to decrypt the data.
● Encrypted data: the sender uses the public key to encrypt the data, and the receiver uses the private key to decrypt the data.
The following is a detailed description.
1. Data signature Transmission
The sender uses the private key to sign the data. The receiver has the public key of the sender, trusts it, and uses it to verify the integrity of the received data. The simplest way to sign data is to use the clearsign command, which enables GPG to create a readable signature and is suitable for sending emails. The specific commands and execution conditions are as follows:
$ Gpg -- clearsign mymessage.txt You need a passphrase to unlock the secret key foruser: Ima User (I'm just ME) 1024-bit DSA key, ID D9BAC463, created 2001-01-15Enter passphrase: $
After passphraseis input, a new file with the extended name of .ascwill be generated. Here, mymessage.txt. asc will be generated. This file contains the original content of the mymessage.txt file and the signature information shown below:
----- Begin pgp signature -----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
Bytes
N + yWiCt4SCTVkSSgezGKIUk =
= WnX/
----- End pgp signature -----
When the recipient receives the information or file containing the preceding signature, he can use the public key of the sender to verify the integrity of the information. The specific commands and execution conditions are as follows:
$ Gpg -- verify message.txt. ascgpg: Signature made Sat Jan 13 22:33:21 2001 MST using DSA key D9BAC463gpg: Good signature from Ima User (I'm just ME) $
2. Encrypted data transmission
The purpose of the 2nd transmission modes is to only let individual people see the sent information. The so-called "letter" has a single clock. The sender uses its public key to encrypt the file or data, and the receiver uses the private key of the sender to decrypt the received data.
The encryption command consists of two parts: one part specifies the Email address of the recipient and the other part specifies the file to be encrypted. The command is as follows:
$ Gpg-r mike@hairnet.org-a -- encrypt message.txt
The output result is the message.txt. asc file, which is similar to the following:
----- Begin pgp message -----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
HQEOA/Yj7lT9u0d9EAQAhE + KaGfMzvRfCdrfW2EYzuu + YeaKdoJksHB16CO7RsZC
DkllV/uma/rMj5PiDzFoV8PGjqdq9M + n9YXOVnuG3XITWhuvfFqm1KWxK9e0UDoS
7 TB 2cm + k8UK18HBI/EaNrV + a3A5YQr6nVY0OCXheohg3 + 9ursFc8uOBQma64/VUD
/Io0EQiIxEmERy2UsN7e + OB1/w4fucrt7ffwctvmgduuqpy8ukest1_u43nlpsf5
6uPPjaTxCOjjQoCf17XnfxqJPm9c0uyPDjljXYmp74XroT + lHvGcaKK56t0agGVo
I5nMflXoCIA2n/KDALzTjy7cIzLnUeYVU4NrBt7pV4TTyelxYB70mW94Wlr5BlLj
S + FYueR31i790QO + 265iS4QPA + zxXIT5KCF8TT1gVPaZOJxmo0wRKuoOYrCd7LQD
Oz3exhCgeKKjfZRwJtqvl/qvamf?syhaiutla60ihyxiqazlwloyoxs9oois49g
HLYG6hSemJEW + ftx8xipoofdxzhrjjue897igew62mf6hlr4anb1kwrl1_d7xdr8
29 + sckZlSRtBvL3/dSw5FcRCFYbS51AHstdywYvNu4rqSOljv5C6dXEw9Gre + wPS
5s7k0kotlk4vozji2bybtzxgjqnr7ytpu1qfe2 + 10tpHx6MLkUFV/BJZbAtJ3C0v
AuS4xskoSlZgbuX/8Veqhx4GC0lSRLqn14M9CP/tzZN0dIZSTbM2aq58zk0wZZVB
Tmb06HdYvkLrcLkmyNBt3/PUlDIIdeXNCkqN5bjGD/elTtkaMmHN9OIIDHWA9olR
TcXoLJPF4kgg1q6y6pgy2sklYQhI8A4q8VoQNJDzF/SbKvlnGji5HyF6rvKDCF0m
/L0heQEMn4AyFbJ7LZt2zh4i3jSwyV4Ff + tWJD09xaNziKi791FaSBVMxsPhT4SD
W + R75JR/FV0IRpMsy8kdJw/+ kejQwCmRqDbm3EHOESCOouxsL8JB39vX + 1h32p1b
EdVyQIHZA + TomHsp/y3i + EX52MC8 + 8XmCukHfT0dCVcnfk2H0hKvFueBkW8Y2JGd
FJZb + CDX33Aapr6FW9CIXvI + 1 NFOz + ciwvziyyecnuze4l3jik1_3ry2to4e/WUy
MN + ZKsMb6xlhMSoRa9qHWY + S/pp9D8qiqweOLg4cnCjZBZWVOMf4dMcDWNjsW3mX
GgYVmPf52WxvVFtp1yjNbHBu + is8/ZR1P04efD + kOg1WtwpfRdHKQ1o1fn/OxYX1
Bytes
SHJ2OtRpcqHuXB27EU3C4OR/N ++ 7 ExhG/MNB8WPFb82cbIP8xDF9q + 3b73b7myTn
JpAYj4p2ocv9Zf1DH9HHaT7bYD37hvjLlNXe07kYOlMWB9 + 48meO/o + Yjn5oEj60
WipRdCiP4TUoAwC9EDFED64qLXST9MBycLrc5DwiMYzfdyauiHU3MNhUfErXVaRJ
/5 ljtJUGHA/P/ouqbSCleHQ =
= 2Sgq
----- End pgp message ----- www.2cto.com
Note: The Information encrypted in the preceding method can also be signed by adding the-s parameter to the preceding command.
To decrypt the encrypted data, the receiver can use the-decrypt command and specify the output redirection location. The specific commands and execution conditions are as follows:
$ Gpg -- decrypt message.txt. asc> message.txt You need a passphrase to unlock the secret key foruser: Pipi Socks (I'm WIRED) 1024-bit ELG-E key, ID FDBB477D, created 2001-01-15Enter passphrase: $
After the recipient inputs passphrase, the encrypted information is decrypted and then imported to the message.txt file.
Vi. Closed speech
The above introduces the concept, principle and usage of the Free encryption tool GPG. We can see that the entire operation process is easy to understand and operate. I believe that you have mastered another method of secure communication with friends in the online world, so that we can use this method flexibly and skillfully to live a more real life on the Internet!

From wenjianxue's BLOG