Commission Music

Commission Music
Bespoke Noise!!

Friday, 20 July 2007

Crypto Howto

Last night, I posted my PGP key with no context whatsoever. Some of you probably didn't quite grok it. So here is an explanation of what it is and how to use it. This is specifically written for OS X users, but the concepts can apply more generally.

What is PGP

PGP stands for "Pretty Good Privacy." But it's more than pretty good, it's very very strong encryption. This means that you can send email to somebody such that only that person can read it. You do not have to meet ahead of time and arrange secret passwords or secret knocks. No "the crow flies at midnight" required.

Or rather, there IS a "the crow flies at midnight" required but anybody and everybody knows it. This is something called a public key. You want to shout your public key from the rooftops. Anybody that wants to send you a secret message has to know it. But the public key is only half the story. You also have a private key which you keep secret.

Your buddy in the Animal Liberation Front wants to send you some secret email. Zie uses your public key to encrypt the email. This transforms hir message into a bunch of gobbledygook. Zie sends you the gobbledygook. Nobody can figure out what the secret message is - except for you! Your private key (and ONLY your private key) can descramble the message.

Your public and private keys go together. One scrambles. The other descrambles. They are a key pair and work together.

The main point: you can send secret messages to people that ONLY they will be able to read.

You can also use PGP to sign messages, which is something that we'll get to at the end.

Why would you want to send secret messages?

Email goes through the internet like a postcard goes through physical mail. Your text is not at all hidden. The postal carrier can easily read what you've written. Do you use gmail? You know how the ads on the side are related to your email contents? It's because they're peeking at your mail to figure out what ads to show you. (They promise that no human ever peeks, it's just an ad-making engine.)

Just like with a postcard, any computer sitting between your computer and the recipient can read your email. For Americans, under the Patriot Act, various government agencies can demand that your ISP hand over your email and never even tell you it happened. I'm sure you're not planning any nefarious deeds, but recall that police have been infiltrating the sort of peace groups that gather and hold candles. If you've ever gone to an anti-war march or just have a similar name to somebody who has, it's possible that your email is being intercepted. To put this another way: you know all those stories of woe surrounding the idiotic "no fly list"? Well, the same thing is probably going on with email, except since nobody tells you, you never know. Recall that the big telephone building in the Mission District of San Francisco has a bunch of federal spy equipment in the basement. Reading emails going into and out of the Bay Area.

Maybe you've got a really unique non-activist name and are completely apolitical. What have you got to hide? Except that steamy extra-marital affair!

Wait! Can't terrorists and kiddie porn people also use these tools??!

Yep. Having opaque walls of your house ensures that nobody can see you when you're sitting on the toilet, but it also means nobody can see you when you murder cute puppies. I'm still in favor of having opaque walls.

Getting Software

As if things weren't confusing enough, the current version of PGP is called GPG. (The 'G' stands for GNU, not that it matters.) It does not come standard with OS X, but can be downloaded from: http://macgpg.sourceforge.net/

You will want to download several of the programs on that page. Scroll down some and then grab: GNU Privacy Guard. (Get the version that matches your operating system version (to find that out, go to the apple icon in the very top left hand corner of your screen. Click on it, then click on "About This Mac". A window will open with a picture of an apple and the words "Mac OS X". Below that is the version.))

Also grab: GPG Keychain Access, GPGFileTool, GPGDropThing and anything else that looks interesting.

Making Keys

After you download and install the tools, you need to create a key pair. Recall that a key pair means a public key and the private key that goes with it. One encrypts. The other decrypts. As you can probably guess, there's some tricky math involved (it has something to do with the products of large prime numbers and is really cool, but this is the last you'll hear of it in this post, alas). Fortunately, the software handles all of this for you.

Start up the GPG Keychain Access program. As you can guess from the name, this program keeps track of keys for you. Not only your keys, but the public keys of your friends, co-revolutionaries and secret lovers.

Under the Key menu, click "Generate". A helpful dialog will pop up. The default values are all fine. When it asks for your name, give a name known to people who want to send you email. And for email address, obviously, you want an address also known to those people. For comment, give some info that will separate you from all the other Sarah Jane Smiths on the internet like "traveler in space and time" or "investigative reporter" or something that actually applies to you that will help your friends and co-conspirators recognize you.

Eventually, it will ask you for a password. This will be the password for your keychain. Recall that your private key has to remain secret. This secrecy requires the boring, old-fashioned, password-based security, like the combination lock on your gym locker. All the normal suggestions for picking passwords apply.

And finally, it makes your key pair. Which takes a while because of the tricky math. Go make a cup of tea or walk your dog while this part goes.

Sharing Keys

Posting your key to your blog is, alas, not the best way to share keys. Instead, there are computers called keyservers. These computers sit on the internet and do nothing but keep track of people's public keys. They are good places to put your public keys and also a good place to find the public keys of other people.

Your new key is now listed in the Keychains window of the GPG Keychain Access program. Click on it so that it's highlighted. Then, under the Key menu, select, "Send to Keyserver."

Oh my gods, weird windows popping open! The terminal! Ack! Yeah, just close all of them. The program is kind of ugly and messy, but it does it's job. Your key is now out on the internet where folks can find it.

Finding Keys

I can hear your inner monologue now, "Whee! This is fun! What next? Secret email! Oh, but who do I send it to?" Well, you could send some to me! But first, you need to find my key. Go back to the "Key" menu on your Keychain Access application and select "search for key." Type in my name, "Celeste Hutchins"

More windows pop open, but this time you have to pay attention to them. The terminal window will give you a numbered list of all the people named "Celeste Hutchins" who have submitted keys. Which one is me? Well, make your best guess and type in the number next to it. It should then go into your key menu in the keychain application.

How do you know it's really me and not some evil miscreant pretending to be me? Well, that's a problem. And for that reason, you need to tell the keychain manager how much you believe that the keys actually go with the person that you think they go with.

Highlight my key. Under the Key menu, select "Edit." Again, a terminal window opens. It waits for you to type a command. Type "trust" (without the double quotes) and then hit return. It then asks you about your trust level. It gives you a rating from 1 - 5, where 1 is "none" and 5 is "all the way." this trust level is not about how much you trust me (or the person whose key you are editing). It's how much you trust that they actually belong to who you think it belongs to. Do you trust that it's really my key? Well, alas, there are some features that won't work unless you select 5. So if you want to try sending me encrypted email, you're going to have to pick 5. Type "5" (without the double quotes) and then hit return. Then type "quit" (without the double quotes) and hit return. Now you can close the window.

Encrypt Something

Yay, now the fun part! Open the program GPGDrop Thing. A strange-looking window opens. Type something in that window. Specifically, type your secret message! When you're done creating your secret message, go to the GPG window and select "encrypt." You get to pick the recipient from a drop down list. In that list, you will see your own email and the email addresses of everybody that you trust ultimately. Pick your recipient and then click ok. Your message will turn into gobbledygook. Now select the whole contents of the window, copy it and paste it into your gmail account (or other mail program). Send it. Only the recipient can descramble it.

Decrypt something

You just sent me encrypted email. I wrote back with an encrypted message. It looks like:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.7 (Darwin)

hQEOAwGSD30Hb8lOEAP/RmZP0J11auooLc/VGT13VDD1U+r2MhD3mivHOlK3pn8u
8gnSiHSvVTqX1xSRqWoyFKN9o+7oJMCOTLqzPxin+lzzejIPNJYQ8jIWASxHXSPS
2bAl+dVHywXs3FQH2ZgPa4Hn7hDfi5fR/cdmNdp0QTOz8JUEf8pfS8upkvGYQ1UE
AKhYTl455pEV2WU5+E4/LH0qifQWgRnmmS7J6UAow/u45GakeC2athUpF3K8l1uM
PnvLK41KRUhQPS+VkbK5CgPlR+EGTmZgxqE4fTe+oBSPB/M3DSNiCBHux/auAIOM
6QvvjCyw8G+Dejx9IGIVrky8En5rKAvdOwWfU9YApWhF0mMBEwEnVdbjuLoh+en1
e93Hfc3UabK7gGcx3xE+fJHtDnghYdamAKk0sR5kp7dBAtcENiNYmYlgD5p9hhvz
F8t3X0K/e8NREERDx814RL3AzhjJmcvTJEn27NXQ/lFOpH5AlDY=
=CNU6
-----END PGP MESSAGE-----

What does it say?! Copy and paste it into GPGDrop thing. Get everything between and including the "-----BEGIN PGP MESSAGE-----" and "-----END PGP MESSAGE-----". Go to the GPG menu. Click "decrypt". Now you can read your secret message!

Sign Messages

Sometimes encrypting messages is overkill. you don't need to bother encrypting it, but you'd like to make certain that it hasn't been changed mid-route. Maybe you're sending email internationally and part of it got censored, just like an over-zealous postal carrier might strike out naughty words on a postcard. You can sign a message, thus showing whether or not it has changed en route.

This puts some text around the message like this:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is a signed paragraph.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFGoMDraT4BrLUNqWkRApd1AJ4xqy9KtjGdG1du6U+UKCrS3V0S3gCgoSdG
Ehf8fbykxxhJEGiq2bcZgRg=
=MKke
-----END PGP SIGNATURE-----

The main text is "This is a signed paragraph." The rest is the signature. It verifies that the text that you received is the same as the text that I sent. PGP uses my text and my private key to generate the signature. The text and the key put together form a unique string of gobbledygook. You can verify that they match by cutting and pasting the whole thing into GPGDrop Thing. Under the GPG menu, click verify. If it verifies ok, the message is as I sent it. If does not, it means that my text has been changed.

Going further

If you use the Thunderbird mail client, you can install some PGP plugins to handle all of this for you. There are also scripts that exist for firefox. You will have to look these up on your own. Have fun!

Confused?

Please leave comments if you are confused or have ideas about how this can be improved. Is it clear enough for people who are not power users, but just surf the web and check their email?

1 comment:

secure email said...

Most Internet user never ever even have heard about PGP. Not to complicated but for most its a bit twisting their brains.

You could use http://www.websecureemail.com to send secure email via a secure web interface. Then the sender does not need to install any PGP software on her side.