well yes ok take 15min… or 30min…
Snowden has used it: Why this is important
Recent government spying revelations have shown us how hard real privacy is to achieve, and how little of our information is really safe.
GnuPG is one of the few tools that can offer real protection.
Yet it remains popular primarily in only hi-tech circles, despite it’s availability on Windows, Mac, and Gnu Linux, its ease of use, and the fact it’s free of charge.
We need to introduce new people to GnuPG and help them to start emailing safely and privately – the new GnuPG website will play an key role in making strong crypto desirable and accessible.
Why is strong privacy so important?
Faith in the privacy of our communications is necessary for:
– Guarding trade secrets
– Meaningful and fair negotiations
– Protection and advancement of human rights
– Academic exploration and development
– Political freedom and democracy
– Proper development from to adulthood – childish mistakes belong in the past
What makes GnuPG so secure?
It’s Free Software – anyone can inspect its source code and check for back doors, and security experts frequently do. It’s made by leading experts who were originally chosen by the German Government for their aptitude. It’s build on rock solid cryptography principles that have been adopted industry-wide, and uses the OpenPGP Open Standard for compatiblity with other applications. It’s so widely used that hundreds of companies have a vested interest in checking that it works the way it should. Unfortunately that doesn’t mean they choose to donate to the project or support it in other ways. And it’s even used by Phil Zimmerman, father of strong email and voice over IP encryption.
If you are using GnuPG to secure your data – either on server based systems or for example by email applications on the desktop – it is in your own interest to keep this software alive and well maintained. You can help GnuPG and thus yourself by:
if you wanna send them an encrypted mail look here: http://werner.eifelkommune.de/mykey.asc
IT WILL NOT ENCRYPT THE „FROM“, „TO“ AND „SUBJECT“ HEADER PARTS OF AN EMAIL… UNFORTUNATELY THIS CAN NOT BE DONE. (E-MAIL IS A VERY BROKEN SYSTEM)
IT WILL ONLY ENCRYPT THE BODY AND ATTACHMENTS OF AN MAIL! NOT THE SUBJECT! DO NOT WRITE ANYTHING IMPROTANT INTO THE SUBJECT – JUST WRITE „SELLERIE“.
In short: PGP works with 3 files
pair of keys:
1. public (pub.asc) (distribute that on the net)
2. private (pub-sec.asc) (keep that file private e.g. on a truecrypt encrypted container on a usb stick that you wear with you or store away savely)
3. revocation certificate (rev.asc)
you will generate all three in the following process.
if you encrypt something (mail, file) with your public key – it can ONLY be decrypted with your private key.
This is why NSA wants to get quantum computers so they can crack that too.
The public key goes public – on your website – attached to your mails or you can upload it to a keyserver, where people can download it again and encrypt mails that they want to send to you.
mine looks like that:
Version: GnuPG v2
-----END PGP PUBLIC KEY BLOCK-----
There will be a third file called „revocation certificate“ that you can use to disable your public key – in case someone stole your private key and it’s not safe anymore to send you encrypted mails with that key.
We will go through that later.
With PGP the NSA can still see who communicates with who (meta-data) but can not mass-analyse content.
You can set this up pretty fast.
1. get and install PGP Plugin
Linux debian 3.16.0-4-686-pae #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) i686 GNU/Linux
# under debian linux this works as easy as
apt-get install pgp; # should install gnupg
gpg --version; # check version
gpg (GnuPG) 1.4.18
Copyright (C) 2014 Free Software Foundation, Inc.
2. get and install icedove/thunderbird
apt-get install icedove; # rebranded version of thunderbird
3. install a little older version of the Enigmail Addon, because the newer one gives ugly errors (under Debian8 jessie 3.16 kernel and icedove 45.2) like this:
the older version of Enigmail 1.8.2 works like a charm with this setup.
or download mirror: http://dwaves.de/software/enigmail-1.8.2-sm+tb.xpi
3dfd29a12fc36c5780574bdab67fb61d63e65e67671d14921749187f7af1639f enigmail-1.8.2-sm+tb.xpi; #should be in any case like this, no matter from where you downloaded.
4. Start icedove/thunderbird:
5. drag and drop the enigmail-1.8.2-sm+tb.xpi into the whitespace of your addon window of thunderbird/icedove.
MAKE SHURE TO DISABLE AUTO UPDATES! OR YOU WILL END UP WITH A BROKEN VERSION 1.9.XX IN A MATTER OF SECONDS 😀
you can safely click on „Install“ after 3 seconds…
you will have to hit „restart now“ button to restart icedove to activate the plugin.
6. You will have new menu options „Enigmail“ -> if you do not have yet any PGP keys click on „Setup Wizard“ will guide you through the process…
save the revocation certificate on the truecrypt container on your usb stick that you later put into your save…
backup / export your keys to the truecrypt container on your usb stick that you later put into your save…
you will have to click „Export Keys to File“ twice, once for your private key, second for your public key…
you will have to give a passphrase that unlocks your private key whenever you have to decrypt messages that were encrypted with the public key of your key-pair.
7. if you already have some PGP keys that you would like to use: (and savely stored away on some truecrypt encrypted usb stick)
you might want to import them this way:
you do this twice:
- first select your public key: „Your Name firstname.lastname@example.org (0xEA1994CC) pub.asc“ file and hit import. You should have a new entry in your list of available public keys.
- you again go import keys from file and import your private key „Your Name email@example.com (0xEA1994CC) pub-sec.asc“ and now the entry in the list turns bold-black.
DO NOT SELECT YOUR REVOCATION CERTIFICATE! OR YOU WILL REVOKE YOUR KEYPAIR IMMEDATELY (WITHOUT BEEING ASKED).
you now have successfully imported all your files and you could publish your public key to a keyserver like pool.sks-keyservers.net:
so people can conveniently download it again and have not to search all over the internet.
8. click on the „three stripes“ on the very top right -> Preferences -> Account Settings
click on „Select Key“
9. test if you can send yourself an encrypted message and decrypt it again.
and hit on send, you will be asked for your passphrase which is used to unlock your private key to encrypt the message. (same on decryption)
If you hit Ctrl/Strg+U (Source View)
you can see how the NSA Agent from the Matrix would see your message:
WARNING: THE SUBJECT AND HEADER ARE SEND IN CLEAR-TEXT!!!!
ONLY THE MESSAGE CONTENT/ATTACHMENT IS ENCRYPTED!!!
THIS IS NOT A BUG!!! IT’S A „FEATURE“ 😀
Delivery-date: Fri, 23 Sep 2016 20:31:06 +0200
Received: from [188.8.131.52] (helo=[192.168.178.75])
by dwaves.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
for firstname.lastname@example.org; Fri, 23 Sep 2016 20:31:06 +0200
Subject: this is an encrypted message
Date: Fri, 23 Sep 2016 20:31:05 +0200
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101
This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
Content-Description: PGP/MIME version identification
Content-Type: application/octet-stream; name="encrypted.asc"
Content-Description: OpenPGP encrypted message
Content-Disposition: inline; filename="encrypted.asc"
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2
-----END PGP MESSAGE-----
as stated here: https://enigmail.wiki/Signature_and_Encryption
One important point concerns mail header security. Mail headers cannot be encrypted, nor included in the signature computation. This includes also the Subject mail header. Therefore, do not write any sensitive information in the Subject when sending an encrypted message.
Signature and encryption applies to the mail body only –- and also to attachments, if you chose so. That is, when you sign a message, no mail header (such as the Subject, Date, all Received headers, etc.) can be included in the signature. Also, when you encrypt a message, mail headers are not encrypted.
Revoke your certificate
If you have the feeling someone compromised your system and stole your private key.
You can revoke your public key.
this time select your revocation certificate file ending with: rev.asc
it get’s imported and you can r-click on your key and click -> revoke key.
Now it reminds you to also upload your local changes to the keyservers you previously uploaded your public key to make the revocation of your key public.
Thanks for taking the time.
this tutorial video was taken down… for whatever reason: https://www.youtube.com/embed/bakOKJFtB-k
Nice Video that explains: How PGP Works (german):
SCARY ERROR MESSAGE:
Enigmail Security Info
Error – no matching private/secret key found to decrypt message
gpg: WARNING: The GNOME keyring manager hijacked the GnuPG agent.
gpg: WARNING: GnuPG will not work properly – please configure that tool to not interfere with the GnuPG system!
gpg: encrypted with 2048-bit RSA key, ID XXXXXXXX, created
gpg: encrypted with 4096-bit RSA key, ID XXXXXXXX, created
gpg: no valid OpenPGP data found.
gpg: block_filter 0xb78984d0: read error (size=5229,a->size=3181)
gpg: block_filter 0xb7897fe8: read error (size=10198,a->size=6102)
gpg: WARNING: encrypted message has been manipulated!
gpg: block_filter: pending bytes!
gpg: block_filter: pending bytes!
Note: The message is encrypted for the following User ID’s / Keys:
0xXXXXXXXXXXXXXXXX (Kali Linux Repository <email@example.com>),
0xXXXXXXXXXXXXXXXX (Kali Linux Repository <firstname.lastname@example.org>)
Latest articles from Kristian’s personal blog (RSS)
- 2016-08-17: OpenPGP: Duplicate keyids – short vs long
- 2016-03-11: Norwegian government propose access to extended surveillance methods
- 2016-03-07: OpenPGP Certificates can not be deleted from keyservers
This website provides services for the SKS keyservers used by OpenPGP. A pool of keyservers is available at hkp://pool.sks-keyservers.net Information about the other variants of the pool is found in the overview.
If you wish to contact me feel free to send an email to the user id in the key 0x94CBAFDD30345109561835AA0B7F8B60E3EDFAE3
The HKP Pool
Read about the various pools
Status information about the different keyservers can be found at the status pages
Interact with the keyservers
A simple way to interact with the keyservers is available at the interaction pages
The number of OpenPGP Keys
A chart showing the development in the number of OpenPGP keys by day. This is the maximum number of keys found on the keyserver at the start of any given day.
This site is developed and hosted by KF (Kristian Fiskerstrand) Webs
Amazing Stuff: Werner Koch
Werner started GnuPG in 1997 and still puts most of his working time into the development and maintenance of GnuPG. He has 29 years experience in commercial software development on systems ranging from CP/M systems to mainframes, languages from assembler to Smalltalk and applications from drivers to financial analysis systems. Werner is a long time free software supporter and co-founder of the FSFE. With the support of his brother he founded g10code GmbH in 2001 to make GnuPG development his profession. Werner is full time employed by g10code.
From Wikipedia, the free encyclopedia
Koch in 2015.
|Born||July 11, 1961|
|Known for||GNU Privacy Guard|
Werner Koch (born July 11, 1961) is a German free software developer. He is best known as the principal author of the GNU Privacy Guard (GnuPG or GPG). He was also Head of Office and German Vice-Chancellor of the Free Software Foundation Europe. He is the winner of Award for the Advancement of Free Software in 2015 for founding GnuPG.
Life and work
Koch lives in Erkrath, near Düsseldorf, Germany. He began writing GNU Privacy Guard in 1997, inspired by attending a talk by Richard Stallman who made a call for someone to write a replacement for Phil Zimmermann’s Pretty Good Privacy (PGP) which was subject to U.S. export restrictions. The first release of GNU Privacy Guard was in 1999 and it went on to become the basis for most of the popular email encryption programs: GPGTools, Enigmail, and Koch’s own Gpg4win, the primary free encryption program for Microsoft Windows.
In 1999 Koch, via the German Unix User Group which he served on the board of, received a grant of 318,000 marks (about $170,000 US) from the German Federal Ministry of Economics and Technology to make GPG compatible with Microsoft Windows. In 2005 he received a contract from the German government to support the development of S/MIME.
Journalists and security professionals rely on GnuPG, and Edward Snowden used it to evade monitoring whilst he leaked classified information from the U.S. National Security Agency. Despite GnuPG’s popularity, Koch has struggled to survive financially, earning about $25,000 US per year since 2001 and thus considered abandoning the project and taking a better paying programming job. However, given Snowden’s leaked documents showed the extent of NSA surveillance, Koch continued. In 2014 he held a funding drive and in response received $137,000 US in donations from the public, and Facebook and Stripe each pledged to annually donate $50,000 US to GPG development. Unrelated, in 2015 Koch was also awarded a one-time grant of $60,000 US from the Linux Foundation’s Core Infrastructure Initiative.
- Wayner, Peter (November 19, 1999). „Germany Awards Grant for Encryption“. The New York Times. Retrieved February 6, 2015.
- Angwin, Julia (February 5, 2015). „The World’s Email Encryption Software Relies on One Guy, Who is Going Broke“. ProPublica. Retrieved February 6, 2015.
- Library Freedom Project and Werner Koch are 2015 Free Software Awards winners FSF
- Goodin, Dan (6 February 2015). „Once-starving GnuPG crypto project gets a windfall. Now comes the hard part“. Ars Technica. Condé Nast. Retrieved 28 July 2015.
- Thomson, Iain (5 February 2015). „Internet lobs $$$s at dev of crucial GPG tool after he runs short of cash“. The Register. Retrieved 6 February 2015.
- Zemlin, Jim (8 February 2015). „Answering the Call for Werner Koch’s Everywhere“. Linux Foundation. Retrieved 28 July 2015.
Master of the classic branch
David approached the GnuPG Project in 2002 after the relaxing of the US crypto regulation allowed the participation of US based hackers on international crypto projects. One of his first achievements was a much improved Web-of-Trust implementation. Today he mainly takes responsibility for the keyserver access and the classic GnuPG 1.x branch.
Marcus is part of the free software community since 1997, when he joined the Debian project. Probably best known for his past work on GNU/Hurd, he also has a diploma degree in mathematics, and was employed by g10code to work on the GnuPG and related software from 2001 to 2012.
Smartcards and Libgcrypt
Niibe is a long time free software hacker who joined the GnuPG project in 2011 and soon took over the development of the smartcard related code. He is also the person behind the Gnuk Token and the MEP game. Niibe’s work on GnuPG is financially supported by g10code.
Jussi joined the GnuPG project in 2012 and worked since then on assembler optimized code for cryptographic algorithms in Libgcrypt.
Core components hacker
Neal started to work on GnuPG in 2015 to support maintenance and development in all areas. He is full time employed by g10code.
Kai is working on the Enigmail project since 2015. He is part time employed by g10code.
Core components hacker
Justus started to work on GnuPG in 2015 to support maintenance and development in all areas. He is full time employed by g10code.
PRIVACY FOR THE WEAK – TRANSPARENCY FOR THE POWERFUL!
Consider donating to the project: https://gnupg.org/donate/