Internet Communications Security/Public Key Encryption
Public Key Encryption
Add or edit subsection:
|Section of||Internet Communications Security|
- Last modified: 6 August 2013 17:18:20
- русская версия
- Russian version: Шифрование с использованием открытых ключей
- Last modified: 6 August 2013 17:18:21
Explain the public key encryption process and its application to email. Discuss key validity and fingerprints, as well as the need to distribute the public key and fingerprint by different channels.
Trainer's notes: Try to use props in demonstrating the public/private key methodology. Keep the principle as simple as possible without reverting to complex explanations and terminology. In essence, the need to distribute the public key freely and the ability to check the validity of someone else's key are the only topics that need to be concrete in the participants' minds to proceed further. Leave digital signatures to a later session if everything else goes well. Refer to the documentation to help prepare for this session.
The most important message is that all communicating parties need to understand this process and have swapped keys in advance for this type of communication to be effective. Participants must understand how to teach others (their colleagues and contacts) the methods you have just explained.
Creating a key pair
Trainer's notes: Since we will use PKE only for email encryption, you will need to install the Thunderbird + GnuPG + Enigmail package and set it up to Internet_Communications_Security/Email_over_SSL read an email account, before proceeding further.
Lead the participants through creating a key pair via the Enigmail interface. Make sure to go slowly and explain expiration dates, private key storage and backup. Upload the public key to a keyserver (e.g. http://keys.mayfirst.org/) and set the trust options on the private key as required.
Advanced Key Management & Digital Signatures
Explain and demonstrate the process of digitally signing a message with a private key. Explain why it is needed and when to use.
Demonstrate key signing and verification. Ask participants to verify and sign each other's key, using a keyserver as the reference point to upload keys verified. Explain the PGP Web-of-Trust model (http://en.wikipedia.org/wiki/Web_of_trust).
Encryption in Outlook
Optional If all participants are using Outlook (2003 and lower), demonstrate how to install http://www.gpg4win.org paying attention to include the GPGol extension. Note that this plugin works only up to Outlook 2003 and does not encrypt/decrypt attachments or PGP/MIME.
Trainer's notes: GPG4Win does not automatically integrate with Outlook when using MS Exchange. Email content must be d/encrypted using the PGP tray icon and the Clipboard or Current Window functions. In fact, you may use any email or webmail client to demonstrate PGP security.
The http://gpg4usb.cpunk.de/ tool and relevant guide http://gpg4usb.cpunk.de/ can be used to encrypt/decrypt text messages directly from a USB stick without the need to install an email client. This is a useful option for those who wish to continue reading and sending webmail.
- Ask the participants to exchange their public keys with each other by or through the keyserver. Stress the importance of key verification and communicating the fingerprint via an alternative channel.
- Ask the participants to encrypt an email message to the entire group. Follow up by showing the options of encrypting attachments
- Set up Enigmail to successfully verify people's digital signatures (this will involved the recipient of the message to set the sender's key trust to maximum)