[nmglug] setting up GnuPG for NMGLUG people
Mark Galassi
rosalia at galassi.org
Tue Dec 2 12:00:43 PST 2003
Dear NMGLUG people,
At the last meeting I suggested that it might be nice to have a
(small) focus project where we all set ourselves up to have PGP
encryption using GnuPG (GNU Privace Guard).
Apart from the conceptual learning part, the practical part of using
GnuPG involves:
1. setting up and managing a key pair
2. hooking encryption into your email/messaging clients
3. "snarf"ing your friends' keys, with a level of paranoia appropriate
for your risk tolerance
The place to start is probably http://www.gnupg.org/ which has links
to the various clients and to various documents. The handbook is at
http://www.gnupg.org/gph/en/manual.html
-- 1 --
For key setup/management I have I have used GPA (GNU Privacy
Assistant) to set it up, and gpgp (GNOME front end to PGP) to extract
an ascii version of your public (for some reason I could not get GPA
to do this for me).
On Debian GNU/Linux you can do:
apt-get -u install gnupg gpgp gpa
and then you run gpa and gpgp to create/manage keys.
-- 2 --
Your favorite mailer almost certainly has GnuPG support -- see
http://www.gnupg.org/(en)/related_software/frontends.html#mua
I found this intriguing: there is a debian package called
mozilla-thunderbird-enigmail
If you use an emacs mailer (I use GNUS) then the mailcrypt package is
the one you want, and it is very emacs-like and integrates well with
the mailers.
For webmail fans, the link above includes some webmail-based GnuPG
approaches.
-- 3 --
This is my weak area. The various mailers probably have an option to
"snarf" public keys from email (for example, this message has my
public key below) and add them to your keyring. If not you can save
it into a text file and load the key from that text file with your key
management program.
Once you have some peoples' keys you can choose to be paranoid. Do
you really believe that email in which you got the key? I am not
paranoid so I don't worry too much -- recognizing the person's writing
style is enough for my risk tolerance level.
But there are "key signing parties" you can have, and you can also use
the phone to exchange the "fingerprint" (a shortened signature of the
key which can be recited on the phone -- see my signature below).
-- my suggestion for Thursday --
I suggest that by Thursday some of us (all of us?) could have
ourselves set up with GnuPG keys, and we could post the public keys to
this list.
Then we can each report on what mail program we use (MUA) and if it
can be configured to automatically encrypt/sign messages to anyone who
is on our keyring.
And if someone is interested in the whole "biometrics"/high-paranoia
aspect of key distribution, they could lead us in a key-signing on
Thursday.
-------- and here is my key information --------
The key id is C7017E7F and the fingerprint is:
4156 6752 362B F98F 3951 7752 A36D 2828 C701 7E7F
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
mQGiBD/DW3MRBADCrr99+LJsdSrzwylzYBxsBtzupegVOiVAz9tyVxj5BHquZ1m0
sM+wpPjNMdGMFi1SHYf6zT+agS3w7G2yQWK5lM7H7WxHK3FWCJvfl0tcDNRckuGM
1dAIObBgoCkmT+hhoCSZmq9CPLPCchhD9PnJB5F/35KIhoUCRjhJJ8DT5wCgrQS+
uI0W5FtW7SJOP+SKomqVARUD/jZwXHY2osZWyg+mPzVq7VHsNB/XOjjNSpQNQBPX
GimdMeMl8/cT61UuNG1HMSncUgbyYmKsMurbZJX7QNxwsBv4nxpgFe84ue8Wmx6b
rX7cXnXe7Fuc5QGuoqpWTjuObsI1NPHFzFU3crayoR5vim8kk/v5vk3SxAr2q5+2
JJTBA/9ErmWeb23JvknpMnFEse5+9tTeb+p4AiMaDszYkf+0Cuwc9gdMaV/p4cSD
LBl5uTHLx+eO9jiVbHLi/TIGP4Y5RT5/L4DoLPD2apWSCF54sEsmBFWcqU9TBnuN
EbfnqbQ/DQJfZ9r7ZmJrq6zscZgb4NM/Y4P/2VHDq51tytYUB7RUTWFyayBHYWxh
c3NpIChuZXcga2V5LCAyMDAzLTExLTI1LCBvdXRkYXRlcyBhbGwgbXkgb2xkZXIg
a2V5cykgPHJvc2FsaWFAZ2FsYXNzaS5vcmc+iGEEExECACEGCwkIBwMCAxUCAwMW
AgECHgECF4AFAj/DXhIFCQHj2R8ACgkQo20oKMcBfn8NqwCeLq2YquGNlVBf/Pmh
vDKiZ0YZSAAAniMxBxgjtttz5svJ36Xt5Kb1dE+7uQENBD/DW3QQBADkrCEOVxNS
COpmZqSqtfwxzRMgZuP4R32cPbsRnhPerGWeVZ6CLiKSKjFGZ1PiPcFs+EsPtcPa
dqQi2TPeDT9gZxyLMlIvaPVr4gmfT6yqsBT5LvrRjX/FsHDQsu4Bwtqob9VfAX67
j9+Hi4cBH5SAt5eqZt9gmTqZXGlqRTlJ0wADBQQAp0QjbeCwuobHSzfInhLSTEVX
HAhzHJTsCgb0CpHRFtmHibxFv+yLGFPb4RiOCUnIoiy3ba8cP0pNm+7bCwl6EEnM
cA/xValKkgUejV2kZ31SoisAcjZxhGveYGsyVFnyiU2qNpo1xWmDy7QKGh/FlV9q
Cz5zfwd7oMhV668SJhGIRgQYEQIABgUCP8NbdAAKCRCjbSgoxwF+fyq9AJ9GhslJ
ZBQXBtDtgFH6n+l74kOM4ACfUMcaVrcfOTdK1DIoFwIUywzjegg=
=j2pb
-----END PGP PUBLIC KEY BLOCK-----
More information about the nmglug
mailing list