IFSM 430 PGP exercise Name__________________________ Log in to your account on the linux machine. A command line PGP is installed on it. We won't install PGP onto Windows because it's a bit too messy for a quick lab exercise. All PGP operations are done using the pgp command. To create a pair of public and private keys: pgp -kg It will ask you some questions. Choose RSA, 1024 bits, forever. Use just your username for the userid (email address is not needed). For a pass phrase choose something you'll remember. You might have to enter some random key presses to seed the random number generator. Yes, you want this to be your default key. A folder named .pgp will be created. Look in it: ls -l .pgp The file pubring.pkr contains the public key. secring.skr contains the private key. PGP calls these files "key rings" since they contain keys (cute, huh?). Displaying them won't be informative since they are binary data files, not text files. To see a public key: pgp -kx userid where userid is the userid you entered when you created the key pair. It asks for the name of a file to place the public key into, use mykey as the file name. Then display (with the more command) the mykey.pgp file. That's your public key. Print (with the lpr command) and label it. To encrypt a file with your public key: pgp -ea filename myuserid It creates a file named filename.asc that is the encrypted version of filename. Use the message file in my home directory; copy it your home directory: cp /home/wills/message . Then display the encrypted file. Print and label it. To decrypt a file that was encrypted with your public key: pgp -p filename myuserid wehre filename is the encrypted file and myuserid is you. You'll have to enter the pass phrase to enable use of your private key. To simulate posting your public key to a key server where people place their public keys, upload your mykey.pgp to your directory in the ifsm430 web site. Do so by using WS_FTP to download the mykey.pgp to your W98, then upload it to the ifsm430 account. Then copy someone else's (say Jones, if Jones has already posted his public key into his ifsm430 directory) public key file into your home directory: cp /home/ifsm430/public_html/Jones/mykey.pgp jones.pgp While you are doing this, the Jones group will be doing the same with your posted public key file. Display the jones.pgp file to make sure it's a public key. Then add jones' public key to your key ring so you can then encrypt messages with jones' public key: pgp -ka jones.pgp pgp -kc will show what public keys are in your key ring. Jones' should be there now. pgp -kc | lpr will output to the printer. Label it. Encrypt a different message but with jones' public key: pgp -ea message2 jones (There's a message2 in my home directory that you can copy.) Display the encrypted message. Print and label it. Since you don't have Jones' private key, you can't decrypt the message: pgp -p message2.asc jones Will fail. Jones of course has the private key. Change the permissions on the encrypted file so that anyone can copy it: chmod +r message2.asc Then tell Jones he can copy it to his home directory. You will copy the file he encrypted with your public key into your home directory: cp /home/jones/message2.asc . Decrypt with your private key: pgp -p message2.asc myuserid Display, print and label the message. Turn in this sheet and the printouts, in order.