Advertisment

Secure Mail on Linux

author-image
CIOL Bureau
Updated On
New Update

You’ve read about using PGP with Outlook Express in Windows to encrypt and decrypt

messages. PGP software is also available for Linux. We configured PGP to work with Kmail,

which is an e-mail program in Linux. To set up PGP, mount this month’s CD and copy

the file pgp50i-unix-src.tar.gz to a directory, say /opt. Uncompress and untar the file as

follows:

Advertisment

mount /mnt/cdrom

cp /mnt/cdrom/cdrom/linux/pgp/pgp50i-unix-src.tar.gz /opt

cd /opt

Advertisment

tar -zxvf pgp50*

This will create a directory pgp50i in /opt directory. Change to the src sub-directory

in this directory and issue the following:

./configure

Advertisment

make

make install

Next, edit a file named profile in /etc directory to append a line:

Advertisment

export PATH=$PATH:/usr/local/bin

This will include /usr/local/bin in the path. PGP executables are placed in this

directory.

Creating the public-private key pair

Advertisment

The next step is to create your public-private key pair. These are generated as

follows:

pgpk -g

You’ll be prompted to answer some questions. The first lets you select between DSS

or RSA encryption techniques. The next step lets you choose the key size. This specifies

the number of bits to be used in keys, and can be between 768 to 2,048 bits for RSA and

768 to 4,096 bits for DSS. Higher number of bits takes more processing power, so it takes

longer to generate the keys, and encrypt and decrypt mail messages. Next you are asked to

enter a user ID, which can be just your name, or in the form of ‘name ’ like

‘shekhar ’. The latter is preferable as it also tells the recipient the e-mail

address associated with the key.

Advertisment

In the next step, you enter the number of days for which your key will be valid

starting from the date of its generation. The key will never expire if you set this value

to zero, which is the default value. Next, you’re asked for a passphrase or password,

which will be used each time you encrypt your or decrypt your e-mail. The next step is the

key generation process. To generate a truly random key pair, it’s better to generate

movement in your system, for example, through your keyboard or mouse. You can then submit

your key on a key server by entering its URL, for example, http://pgpkeys.mit. edu:11371.

Configuring Kmail

Now that PGP’s configured, it’s time to use it with an e-mail client. First

ensure that you have the K-Desktop installed. If you want it to run whenever you give the

‘startx’ command, type ‘kde’ in a file .xinitrc in your home

directory. Now run Kmail by selecting K>Internet>Mail client. Next, select Settings

from the File menu and click on the PGP tab. Enter your PGP user ID, which is

‘shekhar ’ in our case. You’ll now find two check boxes. The first one

gives you the option of storing the passphrase. If you check this option, your passphrase

will be asked only once and then be stored in memory. Checking the second option lets you

see the encrypted e-mail which you send.

Advertisment

Receiving encrypted e-mail

You have to first distribute your public key to the people from whom you want to

receive encrypted mail. Your public key can be given on a floppy, kept on a key server

(explained earlier), or sent as an attachment. For sending it as an attachment in Kmail,

compose a new mail, fill in the e-mail ID of the recipient, and from the Attach menu,

select Attach Public Key. From the list, which would as of now contain only your public

key, select your public key, and click the Send button. The recipient of your e-mail must

add your public key to his key ring. You’re now ready to receive encrypted e-mail.

When you select encrypted mail in your inbox, you’ll be prompted for your passphrase,

and then Kmail will show you the decrypted message. You can also decrypt mail by first

saving it as a file and then issuing the command:

pgpv

Sending encrypted e-mail

To send encrypted e-mail, you must first obtain the public key of the person you want

to send mail to. In this case, the person would use the above procedure to make the public

key available to you, provided he uses Kmail. When you get a public key as an attachment,

you must add the key to your key ring. For this, save the public key file, say, in your

home directory. Then change to your home directory, and add it to your key ring by issuing

the following command:

pgp -a public_key.asc

where public_key.asc is the name of the public key.

If the public key is on a key server, you can retrieve the key from the server as:

pgpk —a

For example, pgpk —a sachin http://pgpkeys. mit.edu:11371

This will extract the public key with user ID sachin, and then prompt you to add this

to your key ring.

Now, compose a new e-mail and enter the e-mail address of your friend. Then select the

red key icon in the menu. This will encrypt the mail using your friend’s public key.

If you want to encrypt an attachment that you’re sending, you must encrypt it

separately, and then attach it to the mail. This can be done as:

pgpe - c

Now you are ready to send your PGP encrypted mail.

This article originally appeared in PCQ December 31, 2000.

tech-news