Check the GnuPG web page for documentation on the GnuPG package:
http://www.gnupg.org/In particular, look at the documentation, and the "Mini HOWTO" for lots of good information:
We'll use pkg_add to install GNUPG. A local copy is on our noc box:
# pkg_add ftp://noc/pub/FreeBSD/6.2-RELEASE/i386/packages/All/gnupg-1.4.5_1.tbz
Creating a Public/Private Key Pair
Now that GnuPG is installed you can use the gpg
command
to use the Gnu version of PGP. In these steps you should do this as your user on your system (i.e. admin), not as the root user!:
$ gpg --gen-key
You will be asked quite a few questions. Picking the defaults for key type and size should be fine.
Be sure to set an expiry date when prompted.
Your PGP information will be stored in your user's account home directory under the ".gnupg" directory.
To extract your public key as text do:
$ gpg -a --export <your key id>
Note: "your key id" is probably your email address in this case.
To see what public keys you have installed, you can always type
$ gpg --list-keys
To place your newly generated public key on the MIT
(Massachussetts Institute of Technology in Boston, Massachussetts,
United States) PGP server do the following:
$ gpg --list-keys yourUserid
Look for the line that says "pub" - the second set of numbers after the "/" is your key-id. A sample such line is:
pub 1024D/E947C3B4 2007-11-28 [expires: 2008-11-27]
The string "E947C3B4" is the key-id in this case. So, to send your newly created public key to a keyserver you would do:
$ gpg --keyserver pgp.mit.edu --send-keys key-id
That's it! Your public key is now available to anyone who goes to the MIT PGP server and searches on your name, email address, etc. Your key information will propagate to all the pgp key-servers worldwide within a few hours.
Generating your Public Key's Fingerprint
You calculate the fingerprint for a local copy of a public key like this:
$ gpg --fingerprint <key id>
Importing Someone Else's Public Key
Once you have obtained a public key, you can import it to your local keyring so that you can use it like this:
$ gpg --import <filename>
Note, you can, also, import public keys via email plugins. We'll be doing this later on in these exercises.
$ gpg --sign-key <key id>
Now that you have installed with PGP, created your own key and played with some of its features let's use PGP via an email client like Thunderbird. First we'll need to install Thunderbird on your workstations. To do this type (you need to be root):
# pkg_add ftp://noc/pub/FreeBSD/6.2-RELEASE/i386/packages/All/thunderbird-1.5.0.7_1.tbz
Once Thunderbird is installed let's install the enigmail extension, which adds PGP support to Thunderbird. First you'll need to get the enigmail Thunderbird extension. We have a local copy of this on the noc. Make sure you are "admin" for this exercise:
$ cd
$ ftp noc
username: anonymous
password: admin@pcN
ftp> cd pub/FreeBSD/configs
ftp> lcd /home/admin
ftp> get enigmail.xpi
ftp> exit
OK, now you have all the bits and pieces needed to make Thunderbird work with your created pgp keys. You can find Thunderbird under the Application ==> Internet menu in your desktop.
First open Thunderbird, then you will be prompted with a New Account Setup dialogue. Answer the following:
There are many more things you can do with GnuPG than those described in these notes. For more information, see:
http://www.gnupg.org/