Let's take a close look at two scenarios.
Scenario 1 : you want to send an encrypted message to your friend.
In order to do so you need to have his public key. You can't use your own key for that. There are two ways to obtain the public key of your friend. He can send it to you or in case he has registered his public key at a so-called key server you can download it from there by providing the key server the e-mail address of your friend to which the public key is connected. In both cases the public key of your friend is added to a local database GnuPG uses on your PC, the so-called key ring.
After you have encrypted your e-mail with the public key of your friend you won't be able to decrypt it yourself. The only one who can decrypt it is the one with the private key that matches the public key that is used to encrypt the message and in this case that is your friend.
Scenario 2 : you want to sign an e-mail you want to send to your friend so he knows that this e-mail can only be coming from you.
In order to do so you need to use your own private key. This will add a special unique character/number sequence to your e-mail. This sequence is unique for this particular e-mail. Now how does your friend know that the e-mail is really coming from you ? Well he can use your public key (that you have sent to him or that he has downloaded from a key server) to verify that. If anyone has altered the e-mail the unique character/number sequence that was added to your e-mail won't be valid anymore and the verification will fail.
Does this all sounds very complex and confusing to you ? You don't have to fiddle with the public and private keys. The software takes care of this. So don't let this stop you to try EnigMail and GnuPG.
Not strictly necessary for EnigMail but necessary if you want to run Innotek Java plug-in with Mozilla 1.7.x and higher is the plug-in wrapper by Innotek, ipluginw.dll You can download it from http://download.innotek.de/javaos2/mozilla/ipluginw20041104.xpi
To complete the installation you have to make some modifications to your config.sys and create some additional subdirectories in the home directory.
Modification to config.sys
Add
d:\usr\binto the PATH variable (if necessary substitute d: by the drive where you have installed GnuPG). Add the line
SET UNIXROOT=d:Do not use an ending / or the software won't work.
Create additional directories
Create the directory
.gnupgin the directory the environment variable home is pointing to.
Finally reboot your PC in order to make the changes to the config.sys active.
Now close Mozilla and everything that is Mozilla related (Download Manager, ChatZilla, Email client, ...). Last thing to do is to substitute the original nspr4.dll with the patched one from David Bresolin. Close Mozilla completely and go to the installation directory of Mozilla. In my case this is d:\internet\mozilla17 Within this directory you can find nspr4.dll Copy this file to nspr4.dll.org Now copy the downloaded patch file nspr4.dll to the installation directory of Mozilla and restart Mozilla.
You should now have some additional icons and menus in the Email client.
If the new icons (Decrypt, ...) aren't displayed correctly as can be seen in the picture below
you must switch back and forth between some Mozilla themes. You can find the menus to do so under Edit -> Preferences -> Appearance -> Themes. After you have switched theme you have to close Mozilla completely and then restart it and switch back to your original theme. Then again close Mozilla completely and restart it. If the icons aren't still displayed correctly, repeat this procedure.
You can find this under the menu option EnigMail
You can then generate the keys using the menu options Key -> Generate
If you want to make it more difficult to abuse your keys you can enter a passphrase.
A Passphrase can be considered as a password that you have to enter to activate your keys each time you want to use them.
using gpg.exe on the command line
This is the way I prefer to generate my keys as it gives me more options than using the OpenPGP Key Management.
Open a command prompt and type (the options are preceeded by a double dash)
gpg --gen-key
If you just press the enter-key the default value of 1024 is accepted.
Now you are asked how long the key should remain valid.
You can just press the enter-key to accept the default value. This will generate a key that will never expire. Now you just have to confirm this and enter your name and the email address you want to use this key with (remember you have to generate a separate key for each email address you use). You can also give a passphrase if you want. A passphrase can be considered as a password that needs to be entered each time you want to use your key. This can make it more difficult for someone to e.g. sign an email on your machine with your key when you're not around. The generated keys (and the one you will import later from other people) are stored in the so-called key-ring. This is some kind of database that is stored in the directory .gnupg which can be found in the directory the environment variable HOME is pointing to so don't delete the files you find there.
First method to let someone have your public key
You can just send him your public key.
Just start to compose a new email and click on the menu options EnigMail -> Insert public key.
Another way to send someone your public key is to export the key you want and insert it as an attachment to your email.
You can do this by using the OpenPGP Key Management Window. If you have just openend the Mozilla mail client press the menu options EnigMail -> OpenPGP Key Management Window.
Now select the key you want to export and press the menu options Key -> Export to file.
The key is now saved into a file which you can attach to your email.
Second method to let someone have your public key
As an alternative to send someone your public key yourself you can also upload your key to a so-called keyserver.
Open a command prompt and type
gpg --keyserver pgp.mit.edu --send-keysYou can substitute pgp.mit.edu by any other valid keyserver.
You can of course always ask someone to send him your public key or you can search it on a keyserver. Let's e.g. search my own key. Open a command prompt and type
gpg --keyserver php.mit.edu --search-keys John.Bijnens@celkunststoffen.khlim.be
When you enter the number of the key you want and press the enter-key, the key is automatically imported and added to the keyring so it is ready for immediate use. If you open the OpenPGP Key Management Window you can see the keys that are imported.
Remember that in order to be able to encrypt an email to someone you need to have his public key first and have it imported into your keyring.
Start composing an email and when you want to sign or to encrypt the email click on the OpenPGP icon and then choose the option you want.
When you press the Send icon, Mozilla will ask you to enter the passphrase (if you have specified one).
gpg -hFor the 4OS2 users you can easily scroll through the available options with the following command
gpg -h | list /sAnd then it is up to you.
Give gnupg and enigmail a try and don't forget to send a big thank you to the porters of GnuPG (Tobias Huerlimann ) and EnigMail (Davide Bresolin ). Don't yell at them if something doesn't work as expected. Instead read the installation instructrions again and/or try to find help in the news groups.
This article is courtesy of www.os2ezine.com. You can view it online at http://www.os2ezine.com/20041216/page_2.html.