email encryption part 2

Last time, we exported our public key. As my key expired I created a new pair.

Now, we will list our secrets key, where we can see our key ID. We remember, it’s the last 8 characters of the string.

Note: You should never publish your private key! It’s top secret!

– I’m just doing this here for demonstration purposes (anyway, I replaced this key with random numbers).

gpg --list-secret-keys
[keyboxd]
---------
sec rsa4096 2024-08-22 [SC]
7B865B1FB3B2731D4414F4A9319CA618681215D8
uid [ultimate] Chaot (Test) <creative-chaos.dev@proton.me>
ssb rsa4096 2024-08-22 [E]

Then we export the private key to a file. You will be prompted to type in your password.

gpg --armor --export-secret-keys 681215D8 > privatekey.asc

Here’s the privatekey.asc file. Keep it secure and never give it away. Don’t confuse it with your public key.

cat privatekey.asc 
-----BEGIN PGP PRIVATE KEY BLOCK-----

iQdGBGbGlVYBEAC9ttwIXe2jr+fCJd1XVTR6fK3+IeVbyqbgMFlY/dQj6zWnuqzx
nl0be+MuCBg9exdY1Xis68mmpZWALWx92lcdGQE8njqKi/RCO37qBHE7AuV02y59
wpNEwPv/HOTTujEIJPzoxliNZgEJGUHKt36M11dvynT5UyyUNN555OJtBdjIVYTQ
ZdqZvBqez760v4bDelh9hgZtBPdTnko3jwvAqy4adjvKh/bW0B0UGXTxlsbyREqg
GCYwbT3spjfuZQgywy5NS3sFIomFMCyd+bSaIylbHAHEkW9X0H/q4i26TPYILAvc
xHY2jSfQaC0/3VDLwL7gN79HENTeUQeD+oZ3/C8deQYP+yynvgNYFgkCfEDs1XJb
+Q1q2/eVkuHIFuLeUuCVaAmV8SJUUqTKWR1200yLatVFGiMuj0ATHV7nJx0P+yzE
N66p0MpxKGcPmXD1cPjbfUyCY9wABxNR6G9hP4Gy8jwP2CiP89VzLppYsZLyWjuq
ozomQJcwQDfvc/3Of68rrzwh0iYWwn26pYjYMwKOi/EjQ8pwMjdbUr1QfDwXqQOR
0nNhbuaw7Ud+TR3zTy9IDS+9Q0cZTD/Sh4VTRYAVUyXX274XBGJtnj8hPQU6LtYp
VCk+3Mms+m4aNZqBr9sezvO7K/EDjiSuWs8oCYAEFIlQdGtT8/yDvedzVwARAQAB
/gcDAh835C2WAlwE/4wGBdvqya2rzUsvQxnPjK01/SEPkQU/LkkvixDwMrY+akfd
0P3892jRF385YfUUjHlcQBvvyAAKhHZSGbG8X/vKsutEEUTKU4ta11D2TTVa+yUt
XIwkJ9SrAXbyt4kqP2SdjKWEjG+/ney2zNxFEj2vq12Bx1vmQuwqwTwaoyh51Ib8
vK68L4Vlb4kwOF1d/vCUpULHV6djfcTPjnetjL2EBs/S61z7oDCbi4eH6wMTKbTD
xChkymeSEyEndMjVYet72l9OBRykrhLBK8UpEA1K35wwrDkTjmRI6I8+og7vIKy3
HxmIu7sTOczn1cpPOe6VQtGtZhikL4qIV5dThUs2t1jl9QbeOQboT05as4x1pjdP
VWejfabwp2CYpcxnU3gewdtg4kPvgNYnHa7xVE/2SQkHYYFfLRVZtCj0xoUzBTsx
AkbT05iEgnTdw0RW5BSARrQCRvBTZxcSiypExoJqzpawde2yORUHJbX3N4yfn1R4
y9+kJD1/8XM1OYikC2pL5Boyw13sgLnkLkuBUMTJZerxtyypYBlKZWUzgIkwmjof
xylRrbDGJH39zWfIrOvLPzzpw9VNYMquBNnn/BvujZKY++EfPjxcb312Em8vFHI9
XQnfNd1dz2ixs/51El4j2AWChMJp9KdYtjQbJTF6z3DElWgOlYRlwHzjHSvQxaBz
kEFZY0oS8qjXc5varLm4ktp8B2CjDAhefAeQHH8PKSru0urrR9lhPENMDRkB2JHU
zbcltD/I67+3hxlktTqBSTjPhEcCCH437ggm8my3BWJWSJGokUgd3HJZSEzHZUxT
2llU+A0RoDq9DkW58Y6qMsPicc8sVtnohgVC7ctpKLsVULV1rr1uqjAvTfQ7dWny
/wDT6gzjvfnYdNPogneN6OrkHdw7qsXD+W5EWzxjOGlDp9W7wBwho3b8T9jo+pHs
RZJzfj8nzjbVG6xPxt4Z26gTe6OoTECDqwS4iDu+x2GmHwErY9fgm+hMA8AhJ4hd
WqI0qGgbgT6jUNcARe1Im5DMDebLkHBRrnAT5s1HIE4VPh0bfCQn6TFggtd7QPuk
tzt9B3Q4AZoXW5L2ILSOyIJ8t+AKAuNJC4Ukk+CC/vtw4uGH39xDMvaQcCWKjNYv
U/w9nzWDTcH6WVajgwAAsOobfbagRg/RnJohFIxrKdoCgMCU3Fkb44gvw3jGmsef
1ZBqXm3KlxzdQv1Ktg5NUcKnEt+9uPIil7HeJt7LimsncWdP95PaZUYkVIbgN80C
eWHxbYAuQcURz+6itn2WlzUCrORLbvBq1EMdopduUoFQBSuxJ66/zhrFaYfNLx07
UD3yg/lIDEdiFF0NjQYC+RZpzhv/Z7cDNxanWpc5V3a/7FI5JzyhxHspx+NNtFUO
FncFVhNZCNCLfH1ywmUzHnx2nf4wcbqOlbLE0i+2ToBReHwUgTUaYPdqJo5O0+9J
i9DmqRIm0l/3VKyPGt4NWj7gaWmsaaLlYCF+81TKNAQ9V3Pfj8Hub8L2n5yHj8G7
gIV2pZExDV8Utlsoc5pMp4sOsADa4cdN0EHHEUNBZQDlGqdRNzjyGaSu3rSRnxoI
cP1U8TxzEnOeh+/Z4FhopKCQ3CyH85BLxB/uBr0oUzUmY5Ubip6kS5qwhZVDL7G7
9/yoSg+dYv5XHexCU/7ckAMGsSR9Jcp0H0MexjO4Ll7IuMs+o+JhlVY9s+XXy3vf
RkBoY/SplDQNaMNolNal9kG+8ZChmmHVTcHmuqCWsPRgHBk/pLbDYiC0K0NoYW90
IChUZXN0KSA8Y3JlYXRpdmUtY2hhb3MuZGV2QHByb3Rvbi5tZT6JAlEEEwEIADsW
IQSL5lsfs7JzHUQU9KkwnKaYaBcF2AUCZsaVVgIbAwULCQgHAgIiAgYVCgkICwIE
FgIDAQIeBwIXgAAKCRAwnKaYaBcF2BaWD/sHVtkOyQHbV4GfD+1a1OCdcQScimHv
Y/zOdVi1dv8apyK8q8TV0Xea2hzDjcPyiSetYPsjJFVKV9bLYpxd+cbjAeecu3pi
Bdcef9iMluXc3K1NgC/oLG5I6Bjwj9mhlCEtM5kKJ1d3XgBjk4lEHzBn8Sf9x3zP
zQwSqNDWGIiVRx9THnPrb1ZrexLwscEQXJP/E5v1byLTmlqFHlz1Bqn6/ZnMQ0Mq
f5w8g6JJftqUAPXnGdNtHJvGyXwin7LyDXojYSqYB042MVGB8ZxybkTOMUSxqm9N
RRnztfm7cZj9O0l6U8/XVZapw9UHxYy59uzcYYhqupzOITUVdhi1Fh0RFrC40OgQ
oT2cew56S5w7M5CGKkluJ8WebbJFBliTZuhi/h6aGiaTmfL4Nqywb9NilX6uS/BG
GUPuGFDl9qwjwISFacgxg2FR3OxJ8GQANyWLd/ZLJNj93DLL7CRK0uBGHcP0K9cB
YeBx1rX10dtnUzCuhqsHFbnzq5D7r8tu/tKd+NkqMJHSis1JBjQwtTuDUGRi9Jrh
1MGIOzvoz9ups0ybAc76x2S9EjBPePQ4wo1b9QDSJMgVzzRY3XHlBhJDuPcbZqcT
aRRh1oBJOBa3sdHeVMd0M2jb9Bf1S1XbfK8s1vMvlG0aB8xyraErUGj5xl8Bqsrq
IN9lJ08v396bFZ0HRgRmxpVWARAAsMs8yQC6IObdTprrgzSXvJzNjjRvmNjBgJPC
n38gUWKv98h3YvpfQstS0Yw1PkIxWwHq+acBoBVIQVvyQ2zdDMOrqpxFq3vMbzQ7
J3gVrTuJsnZF8xAqH9fvUHUrcUzKma+ZB8ItsIwU79BNsVCNUVAPtWKYpMJxBFpw
Egqhgkl9aFBi4Sh44oUyav/PdrpXQK1kX/f4VolEAzegbVUHzdjompGBVYFrMxsn
c93BRsUs65cQoUBl16rOGKgGpBnz0HnrnVvTcrpn82zN3VPJNGiBiFIBBGL9Il5O
OK8wBHsdTXmzw2AOQwoZ8Z1H2XtKQBhkUcK3ZUpxPgmV+RekqBGQAikNDsxq8ZRl
H4CZrpFByLRiCQm4tI+KWvEdNvhI55DDQ7uKE988W3HPT4SjX3ENJYxn7wRlmbQv
+c1NnIeflKMoiUl7gaPv5SIiukuM1TX0yIl/zBCQ+/G6EFalfplqwcutSHJQ9gbT
L98JHpVRIuNAZG05JH5n8OTUufIBafJtNKY5nsnu7ojQmANuJk6zayfQl2fSyXnm
XpPabsPHaon34ycSFzKbD+T58yiiK7o7XOEr0nJYRvQ9Xd/OnAXm+waLwroMpsr7
hSuc5RtofcxNkWG0NDuMBVbt+CmwQR3SHbZcWZVO8EsI737NXhwYfo2LnAI3iyxB
BF0gr8UAEQEAAf4HAwJpu2qsHof6rP+0EPa0nl1uCDtIRSEqSkNMzZr6tWRFYp7i
ptfF5FuE04YUAQ+PUuYMmRVO3jmgnASpXe2+zn9pXZNfFzCflsmY0aPI5NWZv5EH
2Qbp0x/NcI2Fui+00hSA+6f1dCDk45LdIaDD31gtl2Q4c5HCB1hdoPcsAICBzB/6
cNzAejwvfLAQkHIRl0Cl5FCIs8h2QpUU/qc945cPGIPkid4jDDWZoYOOO+jQN0gJ
kdl8uC6z8If/XkqQM/2Nnym0DnRuk3AK4VLY9tR4LYjzu+eS73eQ23yID23hjc7r
L2ICntF10kRK0kV55yF7C5Wm+YnmjPhSmHtnakECVDJ8/vYS9SE1bllth8Obdkec
JCqqZ5TBm+m5lkzgDVPwcuFYZnep/+vWFXkZFzEx6nGohkp8r69A80urH0FK4sw/
sqnv5E/pXn0Vr4qi8mXgjFNbkyV6K6GtveQzW/zFwIC6vvXslGYmW/asXxO5vXhj
Jxm6LDUQTWusxJzE5FxcARGHZdPsZw6SoJJ+w6QyDrEcAw4CPtD92N3AqJ0IJqH3
XhNjRXzgxP7Y2PDTBm6FjJu9c27rt/mCGpLECgQZGysO8zWx5oZ4ziAZHiIV6wAW
/sAuRp9Cn/0TIkfIRZk/8834mrdo47hcNCrcTWrh5dWFupi0btDXPYS4fWYTRgvD
QKhAjQyEa16DXo6+BmANOlI8sK8sfDpx7WAcGOxDmC5zVRgRb5SwqCWkgxORC51S
uVz62bzKo2mzkki9LValGwXAguF5+gWZMJt2JPpk2fzHsqCeFW4ntQuG/E+E3art
+9hBFzLHv2UVoKLv7Mq7GJvEo/2inX+cEuJNe/FohZVUt3/FPhq1m92C0crm9h9G
rTWA0kLA3S2CqKsTc/+uFzCURt9fZfohlo6Ac/d7w5+oxYR8gyDD7SL0zznFJIlQ
zCIYSoD4EEP+cGR5H5kkvlcO6WEt48W0XU5DL0woZmm5A7kYiU0utlORbsnR55VT
k4OXAXr0n+PILnrJeU/CcILwO1bPt9Mquj2WsItr4oMvjBFOSbkIZfZ7QBW+/qbg
VA8/YEUqGKiGwhKF5ftwyfy/v7b17KLK5/GJmu6nncuNEspWuYpL6NuIeaQOueIj
FkvCP1jJN6xj/SGHTOOxP5Po71tGVS6HQCh6HC+QDbJbbDtSyi582mpIWs3ZVFWQ
/6xI+DLsPRMITT0HpXRespX9hRRNh2HPzUTivNarEMFwJFuGS/LHY1Z5dwF2jGTO
bO8dwI+KUwLMyR3tkJRhN1bZe9Xzr2MiJwsz4DAQUq60sTNsUy88w7TFwJwyCc6u
cfw2ubs81BGwzOUx0aMPUakNTFGBIRbH5m8SrqwxSbRmlKTU7If3fX3ShTLe2G4w
V0egde5Uxkfl1ypm2GRb/GxLzQpRcHK2TFUlF/8qe5siuIXous837nZySKqHm5I4
hxXBlQTpndQiFmbE+TB6Gs2a5Ozhjv1x15rYnO0Eu8XANZipJ64ZIC0fD4LShV7m
2g5fcNncv5TZmXApcO11qBJJom1czKUoplpte7NB+zRjnQJJnPiWttlyNX4VQsZS
Yl52t2gwX0GQQNOTW3I13bxX7BlcLcFHW9hOOWwthkY9z/l26gsxIAqT5XpbMGvH
UUQAJKV/0W5JoMc0VBljOC4ekklFH+Kfnlzk2WqaP6N8XKvjflJfqiba8LicfrBi
XX93ndSVbNbdXmMOGP83filgKiWhuCXmMRcyPPk7XhsONlhZt+Aw91oZIc5Jiguy
bvNaiQI2BBgBCAAgFiEEi+ZbH7Oycx1EFPSpMJymmGgXBdgFAmbGlVYCGwwACgkQ
MJymmGgXBdih0RAAlPgaOHlKkzaM7OAIMUNDL7m6fCqEP0vPuF13IAO+D4zOLKX2
dMqsUaz8nQnstva8gC8bLurXSx4V1tBt5K1Dtf7NvA5bZ8pznZBkk5N7ViVy/kWl
Puvgq1EXjeDGncQRAjBXxDyJI0Wq5gZSulbhPmAxY8QnzjkjanARtjqdXCYwfa0E
i+c2qn8vhiDW48zcnJgDTwt2Y+sWRrfxCiRcsXWeHd6cPkIkcsZZSCimY6hlFC3V
a0ezTeeyGJKMJzLSbpDaYsQB94BvEDYMXyXdXxZ7+9gW5GkzIWE3Jz4ihhqIEtmH
sXKCFHXcoUATClQWAj9XplekCdvsJxiXWtW7bmpeRpLPwMVAR5/4htodCQ4SbehW
cDufE8c9CtAEeYZ587Ujex7y0vMYl6zyhITDFXx9a0E0NxrdIPR0CkcPIQpCt8bF
qM+aZxDxlBqBi4ifNEzRJ3Htth1FumnJ4gfjT3IH7f63Ft0mgsm+44OSnWaC2y7O
IuiE1ZOZ+hYfyGa3HfTtA3ZEFiS+Kbj7UdIQAQeyF+xxou7WXBiwJZltwkQSAHjL
/M57szGGjh0QNlt7uGGt2yvpB2pF/qELs9wHMHaPmYL+DjjVH9n1TbC08x17ozJw
z84RKq+JekwDJQW98WgQAn2+H8Dj3h5Y2rR/wse9TVa/oV2M2ETdzs+I+r4=
=Tl9U
-----END PGP PRIVATE KEY BLOCK-----

Now we know our key pair and will already be able to encrypt a file.

We’ll create a file named message.txt. I’ll use vim for it. Alternatively you can use nano. But nano has different commands than vim.

vim message.txt

Vim: In Vim, we’ll have to enable the ‘insert’-mode by typing ‘i’.

# This is just a comment. You should type i and then press enter.

Vim: Now I can insert some text, by typing in the keyboard.

Hello Bob,
how are you?
Kind Regards,
Alice.
~
~
~
~
-- INSERT --

Vim: Now I press ESC-button to exit the insert mode.

# This is just a comment. You should press ESC to exit insert mode.

Vim: As we left insert mode, we can now save and exit, by typing ‘:wq’

# This is just a comment. You should press :wq and ENTER to exit insert mode.
Hello Bob,
how are you?
Kind Regards,
Alice.
~
~
~
~
:wq

Now we left vim.

We can check our message.txt with the cat command:

cat message.txt

This will be the output:

cat message.txt
Hello Bob,
how are you?
Kind Regards,
Alice.

Now we want to encrypt the message.txt file.

gpg --encrypt --recipient creative-chaos.dev@proton.me message.txt

This will create an encrypted file called message.txt.gpg. We can check it with the cat command. The contents are not meant to be human-readable, that’s why it looks strange. As I want to test the encryption I type in my mail adress, but if you want to send the message to someone else you should use their resp. the recipient’s mail.

cat message.txt.gpg

Z�WJT:�TEvj(䡞B!�.q�ʣC&PI����8|�|U���#��9y��N�(P�l.IG���Ђ,D��s.xXj
�nwɷ�v�.T�*z����XCJ&�yY lcThjr<�l���+|�@w�4b���".������n��U� �9�+
8�f����I�BE�th
qo!-����$W.ߩ9
�d���^*OeaL�O5Uc�(�k�k�WBZ'�qO�3�[f]�"k���K��⩲�㌲/
�{��:��Eyw>���c�#���@@2=l�
���
j�ݍ�ڍZn���[
��!& ׇ��9,�#*2Y�T�%�$����g�>�;ҷyF���jـf4��m���:�<�h�ו����+�5o�2�#����-�mȹ��]�N�<�?�d���Rn%%8�fdOU[3�]����=9�W�ԙ���`��z*����$tl0��;�*�~"�ڛR�?�v4��0���PEk�;^;�H�w �%|���9���P�4�%/��`k�Ĭ4���d�b7t1T�}�$,*fg��;��G8/�T��N������ﭛ��86���&v����s���T����@F���q����x���)�����5�

So let’s decrypt this file with the command:

gpg --decrypt message.txt.gpg > decrypted_file.txt

You will be prompted to type in your password.

gpg --decrypt message.txt.gpg > decrypted_file.txt
gpg: encrypted with rsa4096 key, ID 1E5AAA7F574A543A, created 2024-08-22
"Chaot (Test) <creative-chaos.dev@proton.me>"

Now we check our decrypted file with the cat command:

cat decrypted_file.txt

Will show this output:

cat decrypted_file.txt
Hello Bob,
how are you?
Kind Regards

Now you know how to encrypt and decrypt files.

Oh, I forgot to mention that you should import your communication partner’s public keys beforehand.


To verify and sign a GPG key from a recipient that you have imported into your GnuPG keyring, you can follow these steps:

Step 1: Import the Recipient’s Key

If you haven’t already imported the recipient’s key, you can do so with the following command:

gpg --import /path/to/recipient-key.gpg

or

gpg --import /path/to/keyfile.asc

Or using a keyserver. You can import a key directly from a keyserver using the recipient’s email address or key ID. This is useful for obtaining public keys that have been shared publicly. Use the following command:

gpg --keyserver keyserver.ubuntu.com --recv-keys <key-id>

Or using the Web Key Directory (WKD). If the recipient’s key is available in a Web Key Directory, you can use the following command to locate and import it:

gpg --locate-keys recipient@example.com

Or Importing from a Clipboard

If you have copied the key to your clipboard (for example, from a website or email), you can paste it into a file and then import it. For example you can use nano or vim.

Step 2: List Keys

To verify that the key has been imported successfully, you can list the keys in your keyring:

gpg --list-keys

Step 3: Verify the Key

Before signing the key, you should verify the key’s authenticity. This typically involves checking the key’s fingerprint and ensuring that it matches what the recipient has provided. You can check the fingerprint with:

gpg --fingerprint recipient@example.com

Make sure to compare the displayed fingerprint with the one provided by the recipient through a trusted channel (e.g., in person, over a secure chat, etc.).

Step 4: Sign the Key

If you are satisfied that the key is legitimate and you trust the recipient, you can sign their key. To do this, use the following command:

gpg --sign-key recipient@example.com

This command will prompt you to confirm that you want to sign the key. You may also be asked to enter your passphrase if your private key is protected.

Step 5: Verify the Signature

After signing the key, you can verify that the signature has been added successfully by listing the key again:

gpg --list-sigs recipient@example.com

You should see your signature listed alongside the recipient’s key.

Step 6: Export the Signed Key (Optional)

If you want to share the signed key with others or upload it to a keyserver, you can export the signed key:

gpg --export -a recipient@example.com > signed-key.asc

Step 7: Upload the Signed Key to a Keyserver (Optional)

If you want to upload the signed key to a keyserver so that others can see your signature, you can do so with:

gpg --send-keys recipient@example.com

By following these steps, you can verify and sign a GPG key from a recipient, enhancing the trustworthiness of the key in the web of trust.


To upload your GPG key to a keyserver, you can follow these steps:
Step 1: Identify Your Key

First, you need to identify the key you want to upload. You can list your keys with the following command:

gpg --list-keys

This will display all the keys in your keyring along with their key IDs.

Step 2: Choose a Keyserver

You can choose from various keyservers to upload your key. Some popular keyservers include:

# keyserver.ubuntu.com
# pgp.mit.edu
# keys.openpgp.org
# pgp.key-server.io

Step 3: Upload Your Key

Once you have identified the key you want to upload and chosen a keyserver, you can use the following command to upload your key:

gpg --keyserver keyserver.ubuntu.com --send-keys

Replace with the actual key ID or email address associated with your key. For example:

gpg --keyserver keyserver.ubuntu.com --send-keys ABCD1234

Step 4: Verify the Upload

After uploading your key, you can verify that it has been successfully uploaded by searching for it on the keyserver. You can do this using the following command:

gpg --keyserver keyserver.ubuntu.com --search-keys your-email@example.com

This will search for your key using your email address. If it appears in the results, the upload was successful.

By following these steps, you can successfully upload your GPG key to a keyserver, making it available for others to find and use.

In the end, GnuPG is used to encrypt files. When it comes to emails, consider that metadata is also transmitted, which can reveal information about the sender, recipient, and the time of communication. There is an ongoing discussion about which is better – email encryption or messengers with encryption. Since email encryption is rarely used, messengers are more practical. Therefore, my idea for a client titled ‘Pretty-Nice-Privacy’. However, I am still in the conceptual phase.


Comments

One response to “email encryption part 2”

  1. […] Part 2 will be about private key, encrypting and decrypting messages. It will be about signing messages and the issue about key servers. […]

Leave a Reply

Your email address will not be published. Required fields are marked *