How to use PGP Encryption with iScribe
How to use PGP Encryption with iScribe
Scribe e-mail seamlessly supports e-mail encryption and digital signatures.
This bulletin describes how to setup iScribe so that you can send and receive encrypted e-mails and/or digitally sign your e-mails using the GnuPG encryption package.
What is PGP encryption anyway?
Before we start you might want to look at the concepts section of the GnuPG Mini Howto document. Don’t worry if the document doesn’t make much sense to you. Read the rest of this and then go back to it. It should make more sense once you read the explanation below.
PGP stands for Pretty Good Protection. It’s an encryption standard developed to facilitate the sending and receiving of digital documents securely. It’s a very good standard and you are pretty much assured that if you send a message to Joe and it’s encrypted with Joe’s “public key” (more on this later) only Joe will be able to read the message.
iScribe makes it easy to send and receive PGP encrypted messages. With a click of a button you can encrypt a message. When you receive an encrypted message simply pressing a button causes iScribe to prompt for your “private pass key” (more on this later) and, if you enter it correctly, decrypt the message that was addressed to you.
What are digital signatures?
Digital signatures are a way of encoding documents so that the recipient knows that the document was created by you and that it has not been tampered with. A digitally signed document or e-mail does not have to be encrypted. If, for example, you have a favorite recipe that you want to mail to an Internet news group (say the island packet news group) but you want to make sure no one modifies it and then passes it on to friends as their creation then you would simply digitally sign the plain text (or clear text ) e-mail. People receiving your message could then verify that the recipe you signed came from you and has not been modified.
Note that the recipient of your encrypted e-mail and/or digital signatures does not need to be running iScribe to view the messages. As long as they have some PGP standard e-mail program (there are many) they can read and verify your messages. Similarly, users sending you encrypted e-mails do not need to be using iScribe. Any PGP encoding program will do.
What is a key pair?
A key pair is what is required to encrypt/decrypt a document. When you install the PGP software on your computer you will be prompted to create a key pair. The installation software will prompt you for a “Pass Key” and generate two keys from it, the “Public Key”, and the “Private Key”. These keys are big long horrible sequences of letters and numbers which are used to encode your message. Fortunately, iScribe manages these keys for you in a simple way so that you don’t actually need to know what they are. They only really important thing to keep secure and not forget is your “Pass Key”. This is a simple string of text that you will need to decode messages addressed to you. If you forget your “Pass Key” you will not be able to open messages sent to you. The “Pass Key” can be any free text you want as long as it’s longer than 8 characters. “Honey I am home” is a perfectly good pass key. The pass key is case sensitive so keep this in mind when you commit it to memory.
How it works…
Let’s say you want to receive encrypted messages from Joe@somewhere.net. Before Joe can send you an encrypted e-mail he needs to know your “public key”. So in a plain e-mail you mail him your public key. Any one in the world can see the key, but it doesn’t matter. The public key can only be used to encrypt a message to you. It can not be used to read a message addressed to you. Only you can do that.
Once Joe receives your public key he can use PGP software to generate an encrypted message to you. If he is using iScribe the process is simple. When you receive the encrypted e-mail from Joe and try to read it with iScribe, iScribe will prompt you for your “pass key” (The Honey I am home thing…). iScribe will then generate the “private key” from the pass key and decrypt and display the message for you.
For you to send an encrypted message to Joe, you need to have his public key. So, Joe first sends you an e-mail with his public key. Once you receive the public key with iScribe, you push a button and Joe’s public key is automatically added to an address book. To send an encrypted message to Joe you then create the messages as usual, push a button and send the encrypted message to Joe. Very, Very simple and secure…
We will see later on how to actually carry out a send/receive operation.
What you need
- iScribe e-mail
- A free copy of GNU Privacy Guard for Windows.
- A personal computer running Win7, Vista, or WinXP operating system.
Installing the software
Here are the steps.
Download GNU Privacy Guard for Windows from http://www.gnupt.de and Save the file to your computer. Then run the file.
The installation program will ask you numerous questions. Simply accept all the defaults until you reach the final screen and then click finish.
The installation script will then run the program. You should then see a message box popup on the screen with the following. “Something seems to be wrong with your GPG keyrings”. This message appears the very first time you run the program and occurs because you have no public or private keys. Hit yes to create your keys.
Next select “Have GnuPG generate a key pair” and hit OK.
Now enter your name (Luis Soltero in my case), your e-mail address (email@example.com in my case) and your pass key (Honey I am home). Use the default key type and never have the key expire. Hit Start to generate the keys.
After the key generation completes you will be asked if you want to save your keys. Answer yes and store the files in a safe place.
You are now done with the GnuPG installation. You will see a “Key” shaped icon in the system tray. Double clicking on the icon will bring up GnuPG. Clicking on the X on the top right will minimize GnuPG to the system tray. We will discuss the usage of GnuPG a little later.
Now install iScribe if you haven’t done so. XGate users can do this by running the appropriate installation program. Follow the XGate installation instructions to complete the installation. Test iScribe, XGate to make sure all is working.
Next run iScribe and go to the File->Plugins. If you see GnuPG then select it and hit remove. Now click on Add and select the gnupg plugin. iScribe should tell you that it has been loaded correctly.
Finally click on the GnuPG plugin and select configure. You should see your name in User.
Once you startup iScribe you will see a new PGP menu and new Icons on the tool bar when creating a new e-mail or reading a pre-existing one. These icons are used to manage PGP and are described below.
You are now ready to encrypt/decrypt and sign e-mails…
Note that most of the following is in the iScribe Help file under the help menu. Menu->iScribe Guide. Click on Index and type PGP. This will get you to the PGP documentation.
Sending your public key to a user you want to correspond with. As I mentioned before you must publish a public key before you can receive an encrypted message. Here are the steps (BTW This is the most complex procedure in the whole process).
Compose a “regular” e-mail to firstname.lastname@example.org. While in the compose window move the mouse down to the windows application tray and double click on the “key”. This should bring up the PGPkeys application.
Scroll down until you find your Name and e-mail address. Then right click on your name and select copy.
Now exit PGPkeys.
Back in the iScribe compose window click the screen where you want to place your public key and then right mouse click and select paste. You should see some thing like
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.2.3 (GNU/Linux)
—–END PGP PUBLIC KEY BLOCK—–
Which is a copy of my public key. Note that in the next step you will be able to save
this key to your address book and send me encrypted messages in the future.
now send the message.
You are now done… Now we wait…
Receiving and recording a public key… While we wait for email@example.com to send us an encrypted message some one else firstname.lastname@example.org sends us an e-mail with his public key. doe wants us to send him encrypted messages from now on…
To record his public key we do the following… You might actually try this on this message.
Open the message as you normally would in iScribe.
Push the “Add Key” button. It’s the one on the very right of the tool bar. iScribe should tell you that it found one or more keys and that the key has been added to your keyring.
Now double click on the “Key Icon” in the system tray to bring up WinPT and find email@example.com in the list.
*** This is very Important ***
now right click on firstname.lastname@example.org and select sign. By signing Doe’s public key you are confirming to the software that the key does indeed belong to Doe. You might actually call Doe on the phone or contact him via some other means to confirm that he indeed sent you his public key. iScribe will not encrypt a message unless the key that is being used has been signed. Please see the section of the “Web of trust” in the GnuPG Mini Howto for more info. Here is the link.
Back in iScribe create or edit the contact information for Doe and make sure that the e-mail address and name appears in the contact information exactly like it does in the GnuPG entry. Note that iScribe will report an empty key ring error when ecrypting an e-mail if the UserName and E-Mail address in the key does not exactly match the entry in the contacts list.
You can now send me or email@example.com encrypted messages.
Sending an encrypted message…
Compose a message to firstname.lastname@example.org in iScribe as you normally would.
before you send it click on the “Encrypt” button on the tool bar.
If you want to digitally sign an e-mail click on the “Sign” button. As I mentioned before messages do not need to be encrypted to be signed. See discussion above on signing vs. encryption.
send the message…
That is all there is to it..
Decoding encrypted messages…
You have finally received an encrypted message from email@example.com. when you try to read it, it looks like this.
—–B_EGIN P_GP MESSAGE—–
Version: GnuPG v 1.2.3 (Gnu/Linux)
—–END PGP MESSAGE—–
Note: that I have altered this message by adding “_” to the PGP header so that it would not interfere with these instructions. Had I not done this iScribe would ask you for a pass code when you hit the “Decrypt” button in Step 2.
To decode PGP encrypted messages do the following.
Display the message as you would a normal e-mail.
Click on the “Decrypt” button on the tool bar
A window pops up requesting your “Pass Key”. Enter the pass key.
The clear text message replaces the encrypted message.
That is it…
Subscribe To Our Blog to Get the Latest News and Info from GMN