---------------------------------------------
        "An Introduction to GnuPG"
---------------------------------------------
 C/O :: arp of Dynamic Hell Development Team
---------------------------------------------
 URL :: http://www.dynamichell.org
---------------------------------------------
 IRC :: irc.dynamichell.org #dhell
--------------------------------------------




=============================
  An Introduction to GnuPG
=============================


Introduction
============

This document is an introduction to GnuPG.  Explaining how it works (in 
abstract form), and how to use it on a UNIX-like system.  It is not an 
in-depth look at cryptographic mathematical theory, nor is it a complete 
reference for PGP or GnuPG itself, it is a simple tutorial, aimed at 
bringing the benefits of GnuPG to a wider audience.


Background
==========

PGP was originally released in 1991, and provided public-key and symmetric
key cryptographic functionality to other applications.  Essentially it gave
any application the ability to encrypt and digitally sign data, for authenticity
testing purposes.  However, PGP was not and is not open-source.  Due to the
importance of PGP in the computer industry, the GNU project saw the need for
a truly free alternative to PGP and other clones.  Thus, GnuPG was born.

GnuPG (The GNU Privacy Guard) is a "free replacement for PGP."  GnuPG is also
free from any patent infringements as it does not use algorithms used by
commercial alternatives.  Therefore "it can be used without any restrictions",
as well as distributed and modified like any other application released 
under the GNU General Public License.


Public Key Encryption
=====================

First, a program (such as gpg--the main component in the GnuPG suite of 
applications) will create a private-key.  Using this private-key, a 
public-key is then created (again using gpg).  Once a user has completed these
two steps they are ready to start encrypting and signing their data.  

A user with their private-key and public-key must next distribute their 
public-key to other users for sending encrypted data back to their computer.
Only the user's private-key is capable of decrypting data encrypted with their 
public key.  This is why the private-key must be kept secret--any encrypted
data using a user's public-key can be read by use of their private-key.


Digital Signatures
==================

Another use for GnuPG is digitally signing documents.  For example, a user may
add a digital signature to their email through the use of GnuPG (they might be 
concerned that someone may be intercepting and changing their data).  This 
signature will be created by using the user's private-key as well as actual 
data contained in the email itself (similar to the checksum in an IP header).
Once sent, the receiver's email client (using GnuPG) will be able to quickly 
ascertain whether the data is as originally sent; the signature will be tested
against the user's public-key and the data in the email itself.  If the 
checksum created by the client matches the checksum sent with the email (the
digital signature), they can be happy that the data user X sent to him has not 
been tampered with.


Verifiability
=============

GnuPG provides other applications an interface to check data against existing
keys.  Therefore, only one set of keys need exist.  This simplifies things for
the user.  They do not need to have many different keys for different 
applications--all applications just use the keys which gpg maintains.
This simplicity has brought secure communications to the masses.


Using GnuPG
===========

The first thing that you must do is become familiar with the options that can
be passed to GnuPG's gpg.  

susan@magnolia:~$ info gpg 

Assuming the above command worked, and you now have (at least) a vague 
familiarity with the types of functions that gpg provides, you are ready for
the next stage; generating a private and public-key.

This is relatively easy if you are familiar with the command-line environement.

susan@magnolia:~$ gpg --gen-key

gpg (GnuPG) 1.4.1; Copyright (C) 2005 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

You will then be asked various questions:

1) Please select what kind of key you want: (default is fine for most users).
2) What keysize do you want? (2048 is fine for most users).
3) Please specify how long the key should be valid for: (1 year is fine for most
   users).
4) Is this correct ('y' unless you made a mistake).
5) Real name: (Enter the user's real name--usually your own).
6) Email address: (Enter the user's email address--usually your own).
7) Comment: (Can be left blank for most users).
8) Enter a passphrase to protect your secret key: (Choose a password).

Note: The generation of the private key can take a considerable amount of time 
      on some systems.  It often helps to move your mouse around and perform 
      other tasks to increase the entropy pool (random bits), used and required
      by this process.

Once this phase has completed, the key will be generated and placed in
$HOME/.gnupg/trustdb.gpg.  Do not distribute this file, keep it safe.

To generate a public-key (pub_key.asc), which you can distribute to trusted 
sources, or even the general public, use the following command:

susan@magnolia:~$ gpg -a --export Fullname > pub_key.asc 

Note: You must follow the --export option with the full name or email address
      you specified when creating your private-key.  If you are unsure of what
      your full name is then use the --list-keys option with gpg.  It will
      list the available keys and their alias.


Using GnuPG with other Applications
===================================

Now that you have a private-key and are able to generate public keys, you are
ready to start signing and encrypting data.  To illustrate just how easy this 
is, an outline of the steps necessary to configure both email signing and
encryption using Evolution follows:

1) Open Evolution.
2) Goto Edit->Preferences.
3) Goto Mail Accounts, select your account and press 'Edit'.
4) Select the security tab.
5) Enter the email address, or username you chose when creating your
   private-key, into the 'PGP/GPG Key ID' text box.
6) Select security options available.  Such as 'Always sign outgoing messages
   when using this account.'
7) Click 'Okay'.

GnuPG is now configured to work with Evolution using the security options you
selected.  Encryption can be enable on an email-to-email basis.  Just select the
security menu and then 'GnuPG Encrypt'.  It's really that simple, and the steps
are very similar to those needed by other applications such as Mozilla Thunderbird.



Copright (c) 2006.  Alastair Poole.

Verbatim copying and distribution of this entire article are permitted
worldwide, without royalty, in any medium, provided this notice, and the
copyright notice, are preserved.
