__________________________________________________________
GUIDE TO (mostly) HARMLESS HACKING

Beginners' Series Number 4

PGP for Newbies
____________________________________________________________

Do you cringe at the idea of people snooping on your email and through the
files on your computer?  Encryption is the only way to be absolutely certain
you can keep your private stuff really private.  Even if you are a newbie,
encryption can be surprisingly easy  -- if you use the free PGP program, the
encryption technique so powerful that it is illegal to use in some
countries!   The following GTMHH was written by Keydet89
, so if you want to ask questions, email him and not me!
(Carolyn Meinel).

This Guide will tell you about:
[Creating your own keys]
[Importing keys]
[Creating a group of keys]
[Making your public key public]
[Encrypting Files]
[Encrypting your email]

PGP is a personal encryption program that you can use to
encrypt files or email.

PGP is 'Pretty Good Privacy', originally created by Phil
Zimmerman.  The long and short of the story is that Phil
released his encryption program to the public and was
investigated by the federal government.  As soon as the
investigation was closed, Phil started a company based on
his product, which was later purchased by Network Associates.

You can get the freeware version of PGP from:
http://www.nai.com/products/security/pgpfreeware.asp
**Be prepared for a wait, as this is approximately a 5.5Mb
file.

Note:  All of the examples used in this Guide are performed
using PGPfreeware 6.0.  The link above is for this version.

************************************************************
NEWBIE NOTE:  How to use PGP will be described, but if you
want to make it a little easier to use, download the Eudora
email client and install PGP's Eudora plug-in.  The tools
from PGP appear as icons on the toolbar in Eudora, and
encrypting or decrypting an email is as easy as selecting
an icon.

To get Eudora freeware to use with PGP, go to:
http://www.eudora.com/products/
************************************************************

Once you have the PGP freeware program, double-click on the
icon to install it.  Just follow the instructions, they are
very straight-forward, and there are no tricks or surprises
along the way.  You will have to reboot your computer, though,
but when you do, PGP Tray should be in your Startup group, and
there will be a little lock icon on the TaskBar.

NOTE:  For the purposes of this Guide, PGP 6.0 was installed
on NT 4.0/SP 3.  However, there should be no great difference
with 95/98.

Okay, once you have PGP installed, you need to create your own
keys.  But before we get started on that, let's briefly describe
how all of this works...

Briefly, the idea is this...PGP generates strong cryptographic
keys, a public and a private key.  You keep the private key, and
distribute your public key...attach it to your email by using a
signature file, post it on a web page, whatever.  You get your
friends public keys and import them into PGP Tools.  When you want
to send an encrypted email, you encrypt the email using the public
key of whomever you are sending it to...and only that person will
be able to decrypt it using their private key.  You can also sign
the files and emails so that whomever has your public key in their
key ring will know that the file is from you, and not someone
pretending to be you.

[Creating your own keys]

Now, let's generate a key pair.  Click Start -> Programs -> PGP ->
PGP Keys.  Note:  This assumes that you installed PGP using the
default options.  You will see lots of keys already in the PGP Keys
tool...these are the keys of the folks at PGP, Inc, which is now
part of Network Associates.  Scroll down until you find Phil
Zimmerman's key...he is the creator of PGP.

To create your own pair, choose Keys -> New Key... and follow the
instructions.  The second screen of the Key Generation Wizard asks
for your full name and an email address.  If you have one of the
free email accounts from Yahoo or HotMail, you may choose to use
that email address.  The third screen asks you to pick how large
of a key pair you wish to generate...since the Happy Hacker herself
uses 3072 bits, we'll choose the same strength.

************************************************************
NEWBIE NOTE:  The size of the key determines its strength...
the larger the key, the harder it is to crack.
************************************************************

On the fourth screen, choose 'Key pair never expires'.

The fifth screen asks for a passphrase to protect your private key.
Choose something that is not at all easy to guess...and then mix in
numbers, capital letters, and punctuation.  After you confirm your
passphrase and click 'Next', there will be a way cool graphic
while PGP generates your key pair.

Next, since we're just setting this up on our own system, and not
connecting to a root server (a server that is used by companies to
manage lots of keys), do not check the 'Send my key to the root
server now' box.

You now have your own key pair!!

[Importing keys]

Okay, now what?  Hhhmmm....let's look at an example of how to
import keys.  Go to:

http://koan.happyhacker.org/~satori/satori.asc

There are two key blocks on this page...looks like two different
versions of PGP.  Great.  Look at the larger one...now highlight
it, including the lines that contain 'BEGIN (END) PGP PUBLIC KEY
BLOCK'.

NOTE:  We are only going to import the lower key block.  Do not
include the upper key block...the smaller one that says 'Version
2.6.2'.

Highlight the entire 'Version:  PGPfreeware 5.0i' block, and
press 'ctrl-c' (ie, hold down the control key, and press the 'c'
key) or choose Edit -> Copy from your browser.

Minimize the browser and open PGP Keys.

Choose Edit -> Paste, and you'll see Satori's key in the
dialog window.  The email address used is 'satori@rt66.com'.
Click 'Import'.  Now you have Satori's public key, and you can
encrypt messages to him...and only him.

PGP ships with two public key servers built in.  To see them,
open PGPKeys, and choose Server -> Search.  The drop-down box
at the top of the Search Window will list an LDAP server at
PGP.COM and an HTTP connection to MIT.EDU.  You can search for
keys by typing in the name of the user you are looking for...I
found the Happy Hacker's public key in a matter of seconds!  I
just clicked on her key, and dragged it to my PGPKeys window...

Hint:  For the search, use the UserID of 'Carolyn Meinel'.

[Creating a group of keys]

Now let's create a group of keys. What this does is keep several
keys together, so if you have several keys from friends and you
want to encrypt a file for all of them, you don't have to go about
encrypting the file for each person.

In PGPKeys, choose Groups -> New Group..., and enter the
information asked for.

Choose Groups -> Show Groups, and a lower dialog window will open
in PGPKeys, with the name of the group you just created.

To add keys to the group, highlight the key you want to add and
click 'ctrl-c' to copy the keys to the clipboard.

Highlight the group, right-click on it to open the popup menu,
and choose Paste.  The keys will be pasted into the group.

[Making your public key public]

There are a couple of ways to make your public key available.
We'll describe two methods...using a public key server, or
saving the key to a text file so that someone else can import
it.

First, as stated above, PGP ships with two public servers...one
at PGP.COM, the other at MIT.  When you are connected to the
Internet, open PGPKeys, select your key pair, and click Server ->
Send to, and choose the server you want to send your public key
to.

The other method is to save your public key to a file.  This
file can be sent to your friends, or pasted into your signature
file on your email.  To save your public key to a file:

Open PGPKeys, and select your key pair.

Click Keys -> Export, and a file dialog will open.

Choose a filename.

To save your public key into a document that already exists,
such as a signature file for your email:

Select your key pair.

Click Edit -> Copy (or hit ctrl-c).

Move to the document where you want the key saved, and choose
Edit -> Paste from the menubar for the document (or hit ctrl-v).

[Encrypting Files]

WARNING:  The next example shows you how to encrypt and decrypt
your files.  Choose a file to try the example on but do NOT
try it on a system file or other important file!!

Want to encrypt a file on your machine?  Great, let's try it.
Open up any folder, and choose any file.  Right-click on the
file, and go to PGP in the popup menu.  Choose 'Encrypt', and
choose your key pair from the dialog window.  Now, click on the
pair, and drag it into the lower window.  PGP will encrypt the
file and you'll see another icon pop up...an armor plate with a
lock on it.  Very appropriate, if you think about it.

Now to decrypt the file, make sure that you've moved or deleted
the original file (make sure that you aren't using a system or
other important file for this example!!) and double-click on the
encrypted file.  Enter your passphrase in the lower dialog window,
and BANG!, your file is decrypted.

This is a great way to protect your files.  And it's free!

To encrypt a file for the group, just follow the same steps as
above, but choose the group name instead of a single key.

[Encrypting your email]

Now, encrypting your email...if you are using Eudora or (god
forbid!!) Outlook, then you could have opted to use the PGP
plug-ins for either of them.  However, if you don't use either
of the two mail clients, then in order to encrypt your email,
can choose a couple of options.

First, using an email client such as Netscape, you can easily
encrypt the file as described above, and attach it to the email.

Another option is to type what you want into the message area of
the email, and then highlight it and click 'ctrl-c' to copy the
text to the clipboard.  Then right-click on the PGP Tray icon on
the TaskBar (the little lock) and choose 'Encrypt & Sign
Clipboard'.  The PGPKeys window will open, and you need to choose
to whom you wish to encrypt the message.  You'll be prompted for
your passphrase, as the message will be signed, so that your
friend (who has your public key) will know that it's from you.
Once the text on the clipboard is encrypted, go back to the email
(or file) and highlight the text again, and click 'ctrl-v' (hold
down the control key and hit 'v') and the encrypted message will
be pasted into the email over the original message.

************************************************************
NEWBIE NOTE:  If the PGP Tray icon isn't on your TaskBar,
check your Startup folder.  If it's not in the Startup folder,
add a shortcut to PGPTray.exe to the folder.

If at any time you are having difficulty trying to do anything
with your keys, simply open the Help in PGP.  The help documents
are very good...they are clear, descriptive, and concise.
************************************************************

Here's my (Keydet89) public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.0 for non-commercial use

mQGiBDYMk4YRBAD3QaP+/6SFBzkdZLc+iVlfRJ1q7F3axQOK3uAgEMQ41kyJVQju
Ynn+ZnVG8qgPRnvD3DkapzmWpl/lgc+ezmA9Af6pezrFKEBP9NWZN8u53qXNKPxo
CaIIikhoOcd+5YnrsezKvDN6ab8vWcYgrui3ecMu6AmAxnFAj+rCiQizvQCg/6V8
sYmhkBIqTbu8eMwZ/G7OXq8D/13LtUsoLB/Z9Wtza661GtZ/O9NLiA0qlJbDOkvf
cv9k76KvzHCshvTwM/s9sqmc5EuB4cvNNILelW0wMcQrM+NBNNxtgGf/Q4+nh0kB
11GSOOijIEDFLSb2MIu3I1wDeFLiSD30F88MjpK517bhLIPY+xt5EtIBzFx6Xh27
23EFA/9IZkLzO7fwAtjljWCyw72e4sxXDPO5v1GFBG+TZF9DM+Zzbfext9Wkw5MW
DMStICIaCYAsq5ywaQUrzPe2WJfeQqNbSOi9QULnri7dg0jBOxHHPkMDy4wxKqmu
dS4txrCedXKWALKVnFfDy2bfrLZ9WYP2YIqta3QoYvg5Qkpy+LQdS2V5ZGV0ODkg
PGtleWRldDg5QHlhaG9vLmNvbT6JAEsEEBECAAsFAjYMk4YECwMCAQAKCRA5IB4E
SkfiCzxJAJ9I8COJS34TOJftyPXFLHz1qpAFiwCg8c9G3jZRv4ki5MjufpPDtnOQ
5zG5Aw0ENgyThhAMAMwdd1ckOErixPDojhNnl06SE2H22+slDhf99pj3yHx5sHId
OHX79sFzxIMRJitDYMPj6NYK/aEoJguuqa6zZQ+iAFMBoHzWq6MSHvoPKs4fdIRP
yvMX86RA6dfSd7ZCLQI2wSbLaF6dfJgJCo1+Le3kXXn11JJPmxiO/CqnS3wy9kJX
twh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV89AHxstDqZSt90xk
hkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58
yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4
DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/
POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlL
IhkmuquiXsNV6UwybwACAgv+PxYBW2jJR/SP7xiaZ0TZ8E1QsgyZfN0EBHb8oogw
hpNmJzqjmTLWrPpTMRlHVkPxikunEnUIL1tBzrPGaz+CuUOhCFAVqXr/JwCF2ocQ
Zus/rtucN7PPqvkC5IMYW04MvBGE4n/7pbNFelXZb790nkyOamVh0zqMokraQtfW
mi4qQrlg0yEqiLt1JUvf/mdaSR2UdYiLMLg43oIPXmp608DjtUWXBU8nZuYLq60v
dQde2dX82cOvlswR3/z43KGrhsklQwKZoPq1IkcP3pA9Jjqq3ltLXf5A74vFCetl
JBoLUW0pCIuN1GcG4qAIeUusTuyX6QtO6pfvfYyNhyEF+ylJGyt93VSUssNF1wR/
UodXQ3NdtQAWYrNXTWwrXDN9Sm4rG/rHU/BPbd0VLC8PH8wraVluk/NzMrMdPGhj
mnxeHcBRb0WtIA6hZt+rIJBsel7In6ayl0UbnZWFkp0AZshmh0DKBy46Tr4V2UYM
NdjL9AemPh4kd64VmvJ2GHleiQBGBBgRAgAGBQI2DJOGAAoJEDkgHgRKR+IL3BwA
oIkAAwmgpFp9CLq1SX4sPj871eekAKCag3rN+zsu1dh3lBJQ4lYw7TmtAg==
=0E/c
-----END PGP PUBLIC KEY BLOCK-----
________________________________________________________
Where are those back issues of GTMHHs and Happy Hacker Digests? Check out
the official Happy Hacker Web page at http://www.happyhacker.org.
We are against computer crime. We support good, old-fashioned hacking of the
kind that led to the creation of the Internet and a new era of freedom of
information. But we hate computer crime.  So don't email us about any crimes
you have committed!
To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless
Hacking, please email hacker@techbroker.com with message "subscribe
happy-hacker" in the body of your message.
Copyright 1998 keydet89.  You may forward, print out or post this
GUIDE TO (mostly) HARMLESS HACKING on your Web site as long as you leave
this notice at the end.
_________________________________________________________
Carolyn Meinel
M/B Research -- The Technology Brokers
http://techbroker.com