Previous | Table of Contents | Next |
Before you can encrypt a message for someone else, you first need to have all the recipients keys on the public key ring. Through various key management methods, you can obtain other users keys and, after they are obtained, the keys can be added to the public key ring. For example, a user could add this key block:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQBmAirCXPAAAAECxRpUPos8OENoVWYEkpaZm4YXKu1khXZi/+6UfqPqkMXXASQX 7gqilRqTEMDM1sdq9+n4VWpvXZAktYPmZb3VOBbCmL3JLKDGbCexjjqb62yoMDh0 K1zBsGrxAAURtB5EZXJlayBBdGtpbnMgPHdhcmxvcmRATUlULkVEVT6JAJUCBRAu Y2P/xS1HbQ2/kG0BAahpA/0Zh4oLeYMLFcijLltTo6FuDuPas6eGy+da5lHOPUft 7lgDZ0AdjvEDGiQdAGsIfRjcrKlITQBxjolUZegN9T/C+iPbx6ui3fz8ymeG2yxL vcl3/neq3mvkzhqLPPjqF9AWLYDBP0Z6l43IpAKpPTtwsoU+lY8L0Qk0mJZSuaef nYkAVQIFEC4DyWVVBWb6TQxO4QEBSJ8B/jjZ5HTyh3erVBTZ+GuPE7clIfs5YEH/ g2j8eMLTk0gWirUKfwL61RZaD8oIObahsjT0YknEm98py8gvI2tiAXmJAJUCBRAt yxNVZXmEuMepZt0BATVSA/wLyVgn7mCDITuhT9771JHFMwkUaW7s2hb888Wi4P8u +tUpoQl9vkmNBQtk/iH5uGBBJIKBLAW5NgA6ixUPDgudXPfDx/G3XG6pHfiH2Sjo AUVzjHdXUa4+9+Sx5lsx/ZKyg2b6w9eg01iCnHpoEBPIW6l4NbuzI3k7ysbZ9mUd sQ== =KKAa -----END PGP PUBLIC KEY BLOCK-----
Assume that this is in a file called warlord.asc. This file can then be added to the public key ring using the command:
~> pgp -ka warlord.asc Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses. (c) 1990-1994 Philip Zimmermann, Phils Pretty Good Software. 11 Oct 94 Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc. Distributed by the Massachusetts Institute of Technology. Export of this software may be restricted by the U.S. government. \ Current time: 1995/11/19 05:36 GMT Looking for new keys... pub 709/C1B06AF1 1992/09/25 Derek Atkins <warlord@MIT.EDU> Checking signatures... Keyfile contains: 1 new key(s) One or more of the new keys are not fully certified. Do you want to certify any of these keys yourself (y/N)? No
Now the public key ring looks like this:
Type bits/keyID Date User ID pub 709/C1B06AF1 1992/09/25 Derek Atkins <warlord@MIT.EDU> pub 1024/D0C6326D 1995/11/14 Ruth Thomas <tara@mail.Free.NET>
When someone elses key is on the key ring, it is simple to encrypt a message to that user. If the file message, for example, contains the plaintext to encrypt, you can encrypt the file to the user warlord by using this command:
~> pgp -eat message warlord Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses. (c) 1990-1994 Philip Zimmermann, Phils Pretty Good Software. 11 Oct 94 Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc. Distributed by the Massachusetts Institute of Technology. Export of this software may be restricted by the U.S. government. Current time: 1995/11/19 05:39 GMT Recipients public key(s) will be used to encrypt. Key for user ID: Derek Atkins <warlord@MIT.EDU> 709-bit key, Key ID C1B06AF1, created 1992/09/25 WARNING: Because this public key is not certified with a trusted signature, it is not known with high confidence that this public key actually belongs to: Derek Atkins <warlord@MIT.EDU>. Are you sure you want to use this public key (y/N)? yes . Transport armor file: message.asc
The dot (.) on a line by itself is printed by PGP to inform the user that the RSA encryption has proceeded. Because RSA is a slow operation, PGP prints the dot to inform you that it is still processing the message. Otherwise, users might incorrectly believe that PGP is not working. After PGP has finished with the RSA encryption, it writes the output file, message.asc, which can be sent to your recipients:
-----BEGIN PGP MESSAGE----- Version: 2.6.2 hGUDOHQrXMGwavEBAsMEKW8MfmgAA+wLjeQMbWBlQtVTMo9xR/eo3bRODbqcJsZ8 mkNfbGFAXibtP165WI+xNAwjFSYNVZdaH7nFURDd00Aw4wNUzMhEGHQzTjTpYfI6 dnPfurDTjqYAAABwiNTwYTHzmuXJLWUEQSIWIvxfG48uCPgBYQXrSlmf8eRl5RME F7K8SRs09opqZQwUyLxGEVkwffIiMuvdpezvr4QCSPtBl9OT/Yj34HwYTKQcDOJw rrAKdtXmU0PglMn8vmudo8VcaRcVL2OpY1aB9g== =Vmuz -----END PGP MESSAGE-----
Previous | Table of Contents | Next |