Jump to content
IGNORED

WATMM PGP Club


joseph
 Share

Recommended Posts

It is now very important that all internet-using people know how to communicate securely, even over insecure channels like gmail, and with no fear of being spyed upon by e.g. the NSA. Fortunately there is a way to do this. It is called PGP.

 

This thread is a brief explanation of PGP and how to use it, with an interactive component. Your challenge is to send me an encrypted message!

 

HOW PUBLIC KEY CRYPTO WORKS (VAGUELY)

 

Everyone makes their own public key and private key. You keep the private key to yourself, but advertise the public key widely (website, email signature, etc.), so that anyone who wants to message you securely uses your public key. The encrypted message can only be read by the person with the associated private key, namely, yourself.

 

Remarkably, this allows you to communicate securely with complete strangers who you've never met before, without exchanging a secret key.

 

HOW TO DO IT (in 5 minutes)

 

1. First, download the software. By googling "PGP client" you can find an assortment; I prefer gpg4win for Windows. Macs might try GPGtools. My tutorial will focus on gpg4win, but the steps will be similar for other clients. Worst case scenario, you have to read someone else's tutorial.

 

2. Open Kleopatra.

 

3. File, New Certificate, create an OpenPGP key pair.

 

4. Enter your details, and in Advanced Settings chooseRSA 4096 bit (for maximal security).

 

5. Create the key. Make sure to use a long (>16) password which is generated randomly using special characters. random.org has a generator you can use, but I recommend KeePass as a generator and a way to store your passwords (so no memorization needed).

 

6. Now, from my experience you may want to close and restart Kleopatra at this point, because usually it doesn't immediately list your new key. You want to see, in the main interface, the key with your name, email, etc.

 

What to post here (to complete the challenge)

 

1. First, you want to right click the key you've created, and click "Export Certificate". This makes an .asc text file (which may be opened e.g. with WordPad) containing your public key. It will look like the block of text at the bottom of this post. This is the public key; other people need to see it in order to communicate to you securely. Now, post your public key in this thread (as I've done).

 

2. Second, you need to practice by sending me a message. To do that, copy/paste my public key (which is below) into a blank text document, and save it as a .asc file. Then, in Kleopatra, go to Import Certificates, and select that file. Once my key is imported, you may send me an encrypted message. First, type the message you want into a .asc file. Then in Kleopatra, go to file, sign/encrypt files. Choose the file, choose encrypt and select "Text output (ASCII armor)", next, select my name as who you want to encrypt to. Voila! Kleopatra will make a file which contained the encrypted message. Place the encrypted message

 

3. If you did everything correctly, I am the only person in the world who can read your message (with the private key corresponding to my public key). When I read the message, I will write a response and send an encrypted message back using your posted public key. To read it, you will go to File, Decrypt/verify files, and the rest should be obvious by now.

 

 

--------------------------------

I'm anxiously awaiting your responses! Please tell me if anything is unclear in the above, or if you have any questions.

 

Here is my public key:

 

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: GnuPG v2.0.21 (MingW32)
mQINBFMWWZMBEADfu0HeZBJFaXfTRgKdG3UUQNfvFF00EYBPFMBrBVAE9mA8WXGX
huMVC3tG+BwI/mJ3t7WLzpj+WmySI57Ei9XcwM8BROUt9B4ITnp3ZnXJoTzJe02E
CDyzmG2xW/6YNtQy/z4VsZr2kvY7jeCKoFOSX9Fbm2+30H6ISM1TfCt8GnzXAVEd
zFZtbpNSw84zMxeY5iNQk61iDAhhEWFc/fVzde0nFMl+29bdBxc6PyKuZfsJ6tCu
CUQN/ppK/GjCGfDeFSf8JztBaPCoDTcsOxDBeOyBi2i55EOF3fhpHzV6nNw7gnCb
c3Mp50ONycKV75GoEVjb4ChNNDbxJBjiVg4CO14qRhC/P3p7XvR8UGkOgG3kWlj2
05RdqZGk9ZI9rteiXnQSvDvTHELBBK4UUfeaA8G2F1Ch+Foy7+iBIE4JB2IklDm/
SSaMVsfs2CwQScHzT7VuumVdbmaSfPpRHy2s19zdJV1TBleFFygYV4YDqLa0hFab
3fj955rVMkzJTmjL7MltktYHaXdbBGBF/UEMZtQ27ZRCowp085S1V9nhlWuTuDwi
cMgaOH/woFUA3X2TNGVje9oM3Vu2fc1uVpBDAVZV52FI4BWhyxgODQc+zXUyIFPM
Hmhi4Xdc7TYVZxJBMtOJT+YgohQA20nKkWN6esIqxcpRxJ2mQG5+gUSo6wARAQAB
tCVKb3NlcGggS25pZ2h0IDxqb3NlcGguOTM3MUBnbWFpbC5jb20+iQI5BBMBAgAj
BQJTFlmTAhsvBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQEXlPi5pXZ9A2
iBAAxWIvcD2yQ84OQc7QDUlHGl1E4nmwQ7X/qckWzDk6U/i6MmEwhalKNDCEKv8y
h9qOLGuw/mzJA/RwSQG+lM1bWi6njku1PYnZFAdEaM0arngCCkE+HMDP3ohQDJ5I
XvR87yRw9F/aIt6QP80+ce5huq7v5ks75fcJwQduy8Mi5/AoYzijL/ZVTtPIgJaJ
2MVKt4yT+bq8FjzBrjKmTNktfmnFopABDD6sM8i656P8zYKxx1Szs0FEOzbDyCLP
ZUdxO/CHk6mgOIWJGYJHRfjJdry1F2E7y15wrMqF9HkV8D0hOImWog5ECHrSK/Rw
rLkm+XN6stGnhcEXjHO1fQnMWI9g26BAUKL8RD1RlqhlGl9ouS1oTFRL3WpG5itH
l86fh8GofKkAgx7b4ZH9Egi8SbAl6I6ps/OoGwzN2VniKEHDwO1a5WROv4kLBcT0
9114gmPHW0PMnfEVkad9DbZQqs7z4O4MG4vOtEEdUg9AwSV2ArzJLM0Cnsgo97Yh
o4liILaoryCLgPxfTsqPJiKFeroISC26CneCzYRnxOStH9f8RrinLqPQkFbIwvnL
+CG6h2votCbWoUCfdx8BTItAdEN2E852ILducQyHcTW2CPpW0ZpQe/PafdgMFVmz
cXjzIAdrK0Byc1YnzYR3jLvymGhDOJXi6OqfJ5oJGW0Oliw=
=2G+t
-----END PGP PUBLIC KEY BLOCK-----

 

 

Link to comment
Share on other sites

I'm fairly sure a good deal of WATMMers know about PGP encryption, it's been around for a while now... and also... While I have used PGP. I only really felt the need to do so when I was buying/selling drugs over the internet.

Link to comment
Share on other sites

-----BEGIN PGP PUBLIC KEY BLOCK-----    
Version: GnuPG v2.0.21 (MingW32)    
    
mQINBFMWWZMBEADfu0HeZBJFaXfTRgKdG3UUQNfvFF00EYBPFMBrBVAE9mA8WXGX    
huMVC3tG+BwI/mJ3t7WLzpj+WmySI57Ei9XcwM8BROUt9B4ITnp3ZnXJoTzJe02E    
CDyzmG2xW/6YNtQy/z4VsZr2kvY7jeCKoFOSX9Fbm2+30H6ISM1TfCt8GnzXAVEd    
zFZtbpNSw84zMxeY5iNQk61iDAhhEWFc/fVzde0nFMl+29bdBxc6PyKuZfsJ6tCu    
CUQN/ppK/GjCGfDeFSf8JztBaPCoDTcsOxDBeOyBi2i55EOF3fhpHzV6nNw7gnCb    
c3Mp50ONycKV75GoEVjb4ChNNDbxJBjiVg4CO14qRhC/P3p7XvR8UGkOgG3kWlj2    
05RdqZGk9ZI9rteiXnQSvDvTHELBBK4UUfeaA8G2F1Ch+Foy7+iBIE4JB2IklDm/    
SSaMVsfs2CwQScHzT7VuumVdbmaSfPpRHy2s19zdJV1TBleFFygYV4YDqLa0hFab    
3fj955rVMkzJTmjL7MltktYHaXdbBGBF/UEMZtQ27ZRCowp085S1V9nhlWuTuDwi    
cMgaOH/woFUA3X2TNGVje9oM3Vu2fc1uVpBDAVZV52FI4BWhyxgODQc+zXUyIFPM    
Hmhi4Xdc7TYVZxJBMtOJT+YgohQA20nKkWN6esIqxcpRxJ2mQG5+gUSo6wARAQAB    
tCVKb3NlcGggS25pZ2h0IDxqb3NlcGguOTM3MUBnbWFpbC5jb20+iQI5BBMBAgAj    
BQJTFlmTAhsvBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQEXlPi5pXZ9A2    
iBAAxWIvcD2yQ84OQc7QDUlHGl1E4nmwQ7X/qckWzDk6U/i6MmEwhalKNDCEKv8y    
h9qOLGuw/mzJA/RwSQG+lM1bWi6njku1PYnZFAdEaM0arngCCkE+HMDP3ohQDJ5I    
XvR87yRw9F/aIt6QP80+ce5huq7v5ks75fcJwQduy8Mi5/AoYzijL/ZVTtPIgJaJ    
2MVKt4yT+bq8FjzBrjKmTNktfmnFopABDD6sM8i656P8zYKxx1Szs0FEOzbDyCLP    
ZUdxO/CHk6mgOIWJGYJHRfjJdry1F2E7y15wrMqF9HkV8D0hOImWog5ECHrSK/Rw    
rLkm+XN6stGnhcEXjHO1fQnMWI9g26BAUKL8RD1RlqhlGl9ouS1oTFRL3WpG5itH    
l86fh8GofKkAgx7b4ZH9Egi8SbAl6I6ps/OoGwzN2VniKEHDwO1a5WROv4kLBcT0    
9114gmPHW0PMnfEVkad9DbZQqs7z4O4MG4vOtEEdUg9AwSV2ArzJLM0Cnsgo97Yh    
o4liILaoryCLgPxfTsqPJiKFeroISC26CneCzYRnxOStH9f8RrinLqPQkFbIwvnL    
+CG6h2votCbWoUCfdx8BTItAdEN2E852ILducQyHcTW2CPpW0ZpQe/PafdgMFVmz    
cXjzIAdrK0Byc1YnzYR3jLvymGhDOJXi6OqfJ5oJGW0Oliw=    
=2G+t    
-----END PGP PUBLIC KEY BLOCK-----    
 

Ok, I found a way to format my public key better. Use this for importing, it will be easier.

 

 

Link to comment
Share on other sites

The benefit is that you will gain a very important and relevant skill. Also, if your message to me is erotic I will reply in kind.

 

I'm one of the ones who've never heard of it, but what makes this not crackable?

It is not uncrackable, in the sense that given unlimited computing resources, an eavesdropper could eventually recover the message.

 

However, cracking PGP (RSA) is tantamount to factoring very large numbers, which is a very hard computational problem. I.e., if I take two huge prime numbers and multiply them to get N, how hard is it to recover the primes just knowing N? It's very hard, and that's essentially what guarantees the security of RSA/PGP.

Edited by Joseph
Link to comment
Share on other sites

  • 1 month later...

Hi, i would like to apologize for my post in this thread. At this moment i have to learn this pgp thing and this thread been very useful, thank you joseph.

 

:beer:

Edited by Deer
Link to comment
Share on other sites

To whichever WATMMer emailed me a couple weeks ago: could you just copy/paste your public key and message in regular text (either ITT or over email)? I'm not sure how to open the files you sent.

 

(If you add 4 spaces after each line in the public key, and paste it into WATMM's "code" box, it will come out justified and therefore easier to import for me and others).

 

If you're having trouble exporting your public key and/or message as ascii, just ask!

 

Hi, i would like to apologize for my post in this thread. At this moment i have to learn this pgp thing and this thread been very useful, thank you joseph.

 

:beer:

:beer:

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.