April 8th, 2005
I’ve known about the GNU Privacy Guard for a while now, as I use Linux quite a bit. So I played around installing it on Windows XP and it does basically the same thing. I don’t like feel like writing up a massive post about trust and key signing — wholly because I don’t know a lot, or want to know a lot, about what to me seems rather a tedious subject. But I do want to take advantage of bringing a little GPG goodness to the average person who runs Windows, and that’s a lot of people.
GPG is a program used to create a web of trust so that you can share encrypted files with people safely. It works by using a public key encryption system. I vaguely remember Dan Brown using an example of this in “The Da Vinci Code”. In the book Professor Langdon wants to open a device that Leonardo himself had invented; a delicate vial that could only be opened by twisting its segments so that the symbols would match up to the given password. Inside the vial was a delicate papyrus scroll along with another glass vial filled with vinegar, so you couldn’t just smash it open as the vinegar would dissolve the secret message near immediately.
This is a rather good analogy to use when describing public key encryption. The first thing you can do with GPG is to create a secret key that you have to keep hidden. From this secret key you can create a public key that you distribute using a keyserver or just plain old ASCII text, an abbreviated example from the GPG website shown here:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.3.92 (GNU/Linux)
mQGiBDWiHh4RBAD+l0rg5p9rW4M3sKvmeyzhs2mDxhRKDTVVUn
3No/coPajDvhZTaDM/vSz25IZDZWJ7gEu86RpoEdtr/eK8GuDcgsWv
G2dx39ME7DN+SRvEE1xUm4E9G2Nnd2UNtLgg82wgi/ZK4Ih9CYD
RvZ/MREJmQq1+SjJgDx+c2sEAOEnxGYisqIKcOTdPOTTie7o7x+ne
N+wRWxhGPIxsOdueMIa7U94Wg/Ydn4f2WngJpBvKNaHYmW8j1Q
...
-----END PGP PUBLIC KEY BLOCK-----
You would have to make sure that everyone from whom you want to receive encrypted information has this public key. For instance, your paranoid friend Fred is terrified of industrial espionage, and wants to send you the price of a carton of orange juice in the staff canteen via email. What he would do is encrypt the text file with the price using your public key, creating a file that only you can decrypt with your secret key. He can then send the file over the internet safe in the knowledge that no one else can view the secret information; all they would get is seemingly random bytes. Using our analogy; it would be Fred putting in all the hard work creating the special vial with vinegar and the price written on the papyrus, and all you are doing is agreeing with Fred on the password that he is designing the vial to be opened by.
Nevertheless I can’t see the average Windows user going to all the trouble or propagating a public key through the internet. Probably all most people want is a way to encrypt and decrypt a file for themselves, just using a password. Especially if you are running a (!!) shared Windows machine with only one username, you probably want a bit of privacy to protect your files. You can use GPG to do this easily.
First up, grab the GPG program from the download site –you should find it under “Binaries”; make sure it ends with just an “.exe”. Once you’ve got the file make sure you install it to the C:\ folder, alongside WINDOWS. You don’t want to normally be installing things directly into C:\, but this is an exception. Once you have got it up and running you will have to edit the Windows environmental variable so that the command prompt can find the program “gpg” wherever you are in the directory tree. You do this in Windows XP by right clicking “My Computer” clicking “Advanced” “Environmental Variables” then scrolling down the system variables until you get to “Path”, click edit, and append:
;C:\gnupg
You don’t have to change the variable as long as you know that you’re going to have to do all your encrypting from the directory that your .exe is in (C:\gnupg), or you’ll have to keep on typing that path every time you want to use the program. For ease, I’ll show the example from the directory of C:\gnupg so it’ll work whatever you do. Create a text file called “passwords.txt” in C:\gnupg and write into it whatever you want to be encrypted. GPG uses a command line interface, so load up the Windows “Command Prompt” (under “Accessories”). It’ll probably dump something like this on your screen:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Alex>
You’ll be in the wrong directory. So first off change directory into C:\gnupg:
cd C:\gnupg
Enter in the following command to encrypt your file, you’ll be prompted to enter in a password:
gpg -o encryptedfile.gpg --symmetric passwords.txt
This will give you an encrypted file called “encryptedfile.gpg”, ready to be decrypted using the password you entered. Obviously you’ll want to delete the passwords.txt file and then empty your recycle bin. You can be assured that your passwords file now is now protected by basic encryption. To decrypt you use:
gpg -o passwords.txt --decrypt encryptedfile.gpg
Just remember your password! Maybe you could encrypt the password you use to encrypt your other passwords! Quick and easy GPG. For those of you who editing the environmental variable it’s even easier as you can use the above commands in any directory.