PGP and GnuPG for secure e-mail

by Nat Queen

[Note. This is a slightly modified version of an article that originally appeared in issue 267 of Acorn User (Christmas 2003 issue).]

In 1991 Phil Zimmermann, an American computer scientist and security expert, released a computer program that would revolutionise electronic communication: Pretty Good Privacy, or PGP for short. Fearing that proposed legislation at that time might soon restrict the use of strong cryptography in the US, he released his program PGP into the public domain in order to make it widely available, as a means of forestalling any restrictions on its publication.

As Zimmermann's program spread rapidly around the world via the internet, the US government saw this as a threat to its ability to monitor electronic communications. American export regulations treated strong cryptography as 'munitions', and Zimmermann was suspected of having 'exported' PGP. For several years he was under investigation and at risk of severe penalties, until the matter was eventually dropped for lack of evidence.

Thanks to Zimmermann's personal commitment and generosity, PGP has become the undisputed worldwide standard for secure e-mail. Versions are available for all major operating systems, including RISC OS. The various versions are generally interoperable, so that even people with totally different computer systems can use PGP to communicate securely.

PGP implements the very powerful technique of public-key cryptography. The program allows each user to generate a unique secret key and a matching public key. The secret key is stored in a computer file which is protected by strong encryption. Whenever the program requires it, this key can be unlocked temporarily by means of a passphrase known only to the user. The public key, on the other hand, can be publicised widely, just as people's telephone numbers are normally made freely available, so that others can contact them.

The basic idea is that a message intended for a particular user is encrypted with that user's public key. However, the message can be decrypted only with the recipient's secret key. This is what ensures privacy of the message - nobody else has access to the secret key required to decrypt it, and there is no known way to obtain the secret key from a knowledge of the public key.

Public-key cryptography makes it possible for people who have never had direct personal contact to communicate securely over the insecure channels of e-mail, without the need for prior exchange of secret keys. Moreover, the cryptographic methods used by PGP have been extensively studied and reviewed by some of the world's most respected experts in cryptography, so that all users can have full confidence in them.

PGP and GnuPG for RISC OS

The latest version of PGP for RISC OS is version 2.6.3ia, which was ported many years ago by Gareth McCaughan from an early DOS version. However, since then PGP has become considerably more sophisticated, and version 9 is now available for Windows and other operating systems. The more recent versions of PGP allow a greater variety of encryption methods. As a result, users of the ageing RISC OS version can experience certain difficulties in using it to communicate with people who use more modern versions of PGP.

This limitation can be overcome by using the RISC OS version of GnuPG instead, which was originally ported to RISC OS in 2001 by Stefan Bellon. GnuPG (short for GNU Privacy Guard) is a free and open-source alternative for PGP. It has been updated many times, so that it remains compatible with all modern versions of PGP. It is fully compliant with the OpenPGP standard of the Internet Engineering Task Force. It even offers some extra features for expert users which are not available in any version of PGP. Although GnuPG performs all the same functions as modern versions of PGP, it must be used from the command line, like the old version of PGP.

PGP for RISC OS is comparatively simple to use. It is only necessary to learn a few commands in order to use it effectively for secure e-mail. In fact, even this is not necessary, since user-friendly front ends for it are available. In contrast, GnuPG allows a huge number of options and special features, and its use may appear daunting to the beginner. However, for most practical purposes only a few basic commands are needed, and these are very similar to those of the old PGP for RISC OS. In any case, there is a simple front end for GnuPG, called !Crypt, which makes it easy to carry out all the essential operations of GnuPG without the need to remember any commands. In addition, some mail clients, such as Messenger Pro, have very convenient GnuPG (as well as PGP) support.

All the software mentioned above can be obtained through links on my website, where the reader can also find a number of tutorials on installing and using either PGP or GnuPG. Since the RISC OS version of PGP is now rather limited in its functionality in comparison with more modern versions for other operating systems, I shall concentrate here on describing the use of GnuPG. Only the bare essentials will be covered in this article. Further details can be found in the tutorials on my website and in the documentation included with the software.

Setting up GnuPG

The installation procedure is simple. Download the basic archive gnupg/zip and copy the entire contents to some convenient directory. This includes two applications, !GnuPG and !GnuPGUser, as well as a substantial amount of documentation.

!GnuPG is the application that does all the work. !GnuPGUser will contain all the data referring to you as an individual user, including some user-definable options and your secret and public keys. Both of these applications must be 'seen' by the filer before you can use GnuPG. If you intend to use it frequently, it is best to ensure that the filer 'sees' these applications during startup of your computer by placing appropriate references to them in your boot sequence. Some advice about how to do this is contained in the !Help file inside !GnuPG.

Before using GnuPG for secure e-mail, you must first use the program to generate a pair of secret and public keys. This is done by means of the command

gpg --gen-key

Note that commands in GnuPG (unlike PGP) generally begin with a double dash. When you initiate the procedure for generating a key pair, GnuPG will offer a choice of several options. My recommendation is to select the default option for the key type, and a large key size to ensure high security for the foreseeable future. GnuPG will also ask for your name and e-mail address, which together will form a user ID to identify your public key.

To communicate with other users you will need to have their public keys, and also make your own public key available to them. GnuPG stores your collection of public keys in a special file known as a public keyring. If another user sends you his public key, or if you download it from a website, for example, you can import it to your public keyring by means of the command

gpg --import <keyfile>

where <keyfile> denotes the filename of the file containing the key.

You will also need to know how to export your public key into a file in order to make it available to other users. The appropriate command is

gpg --export -o <keyfile> <name>

where <keyfile> is the filename of the output file into which you want the public key to be extracted, and <name> is any substring of your key's user ID which identifies that key uniquely in your keyring.

Using GnuPG for secure e-mail

Suppose that you want to encrypt a message for another user. Assuming that you already have that user's public key in your public keyring, you can encrypt any file for him by means of the command

gpg --encrypt -r <name> <file>

where <name> specifies the user ID of the recipient's key, and <file> is the filename.

GnuPG also allows you to add a digital signature to a message. A digital signature is a certain string of characters which depends on the message as well as on your secret key according to a complex mathematical formula. Anyone who has your public key can use GnuPG to verify that your signature matches the message. This is based on the fact that the secret and public keys reverse the action of each other. If any part of the message is corrupted or altered in any way after the signature is added, even if only a single byte is changed, the signature will no longer be valid. The signature also contains information about the key that was used to create it. When GnuPG processes a signed message, it automatically reports who created the signature by specifying the relevant user ID. This authenticates the message, since only the owner of the matching secret key could have produced the signature.

To add a digital signature to an encrypted message, simply supplement '--encrypt' with '--sign' in the encryption command. In this case, GnuPG will ask for your passphrase in order to access your secret key for creating the signature. For the user's convenience, '--encrypt --sign' can be abbreviated as '-es' (with a single dash).

Suppose now that another user sends you an encrypted message. If it is properly encrypted with your public key, you will be able to decrypt it by means of the simple command 'gpg <file>', where <file> is the filename of the file containing the message. GnuPG will automatically check that you have the secret key required to decrypt the file and, if so, it will ask for your passphrase for accessing that key.

If the file that you decrypt contains a digital signature of the sender, GnuPG will automatically report this fact and tell you whether the signature is 'good'. A good signature confirms that the file is identical to the one originally signed by the sender.

Sometimes you may want to send a message in the clear, i.e. without encryption, but digitally signed to prove that it came from you and to enable any recipient to check that the message has not been altered. This process is called clearsigning. You can clearsign a particular text file by means of the command

gpg --clearsign <file>

GnuPG will then create another text file containing the message, but with a digital signature appended at the end.

Here is a screenshot of a digitally signed (clearsigned) text message:

Here is a screenshot of an encrypted message:

A file containing an encrypted and/or signed message can be sent to another user by e-mail by simply pasting it into the body of the mail or adding it as an attachment. Some of the popular RISC OS mail programs which include support for GnuPG make it easy to encrypt or decrypt mail messages, and to sign them or check signatures from others, without the need to remember any particular commands.

If you have not previously enjoyed the benefits of secure e-mail, or if you have used only the old PGP for RISC OS, I recommend trying GnuPG. Admittedly, some people find the initial learning curve difficult, but it is worth the effort. The tutorials on my website may help you to get started. Once you get used to the software and begin using it to communicate securely with other PGP or GnuPG users, you will probably wonder how you lived without it.

Finally, if any readers have specific questions which they cannot resolve from the available documentation, I will be glad to help by private e-mail.