Using PGP with Pluto
A guide to installing and using PGP with the RISC OS 'Pluto email client.
PGP stands for Pretty Good Privacy and is the most secure and reliable program for encryption and for digital signatures.
A PGP Key has two parts - the Public Key and the Private Key. The Public Key is uploaded onto the internet and is freely available to anyone. The Private Key is strictly confidential to the user.
When you send an encrypted message, you download the recipient's Public Key and use it to encode your message. The recipient can then reply by downloading your Public Key. The Windows program does this automatically for you. Either way, the Private Key stored in your computer decrypts the message so it can be read on the screen.
One word of advice. During the installation of PGP , you will be asked to choose a 'Pass Phrase'. The choice of your phrase is extremely important. This is used to unlock your secret key whenever PGP needs it, and to re-encrypt immediately after use. This is by far the weakest link in PGP and if anyone guesses it and gains entry to your secret key, you lose all security. You use your Pass Phrase each time you encrypt or decrypt and it is something that has to be remembered. If you are not concerned about someone else 'attacking' your computer, then settle on a mix of at least eight letters and characters that you can remember. If you are concerned about your computer's security, more specific advise about choosing a Pass Phrase can be obtained from Dr Nat Queen of Birmingham University via his website (www.queen.clara.net/) or email (email@example.com).
Before starting, make sure you have the latest version of Jonathan Duddington's Pluto. If you do not have version 2.02b, then update from his website (http://home.clara.net/jsd).
1. Insert your Pluto floppy into the drive and open it. You'll see a file called 'Extra Zip'. Open this and read the README file. You're recommended to fetch a new version of PGP from Dr Nat Queen's site at www.queen.clara.net/pgp/pgp.html. The file should be pgp263i.
Once downloaded, put this into a suitable file on your desktop. I have opened a folder called 'Encryption' and put it in there.
2. Now open PGP from the Extra Zip file and read readm/1st. Much of it will not make any sense at this point, but try to get the general idea.
3. Open the Install file and follow the instructions as they have been given. Essentially
- Copy the files pgp, md5sum and pgpsort (Absolute types) to !Boot-Library
- There is no need to instal any wimp front end since Pluto will do all the work for you. The one factor you have to get right is the filepath, and this is where most installation problems occur.
The path has to refer to your downloaded program pgp263i, and if you have placed it within a folder called 'Encryption' on the desktop, you should do the following (relevant to RISC OS
- Go to !Boot-Choices-Boot-Tasks-Boot
- Enter the line
Set PGPPATH ADFS::HardDisc4.$.Encryption.PGP.pgp263i
- Re-boot the machine
You are now ready to use PGP.
- From the menu over the Pluto icon on the bottom icon bar, select Lists-PGP Keyring.
- From the window 'PGP Keyring' that coes up, choose 'Create'. You'll be asked the required number of bits. For optimum security, type 2048. When you are asked for ID, it's normal to use your name followed by your email address in the form Fred Smith <firstname.lastname@example.org
- You'll then be asked to type in your preferred security password. Having read the article by Dr Nat Queen referred to above, you'll have a good idea what you want to put in. Type this (it will not appear on your screen) and confirm it when instructed.
- You'll then be asked to generate random characters. Do so until you hear the warning beep and the computer will take over. Your keyring will thus be created.
Your key pair (public and private key) are now resident on your computer. But you need to extract your public key as a textfile in order to pass it on to other people by registering with a web server and/or by email. I recommend the latter.
- Go to the command line (press F12) and type pgp -kxa 'XXX ' after the star command where XXX is your ID such as Fred Smith. you must include the double quotes.
- PGP will ask for the name of the file into which to extract the key. Just type for example fredskey and it will name it 'fredskey/asc', adding the 'asc' automatically (this signifies it's in ASCII armoured form).
- Press 'RETURN' to get out of the command line and you will find the file 'fredskey/asc' on your desktop. Keep it somewhere safe because this is the file with which you will notify people of your public key.
- To exchange public keys via email :
- To send your key to a third party, simply send it as an email attachment from wherever you saved it before.
- To add someone's key, save it out from the incoming email onto the desktop as, say, 'key/asc'.
- If you are using a front end such as !PGPWimp, just select the 'Add Key' option and drop the file onto the PGPWimp window
- If you are using Pluto, you should be able to add the public key by simply dropping file onto the Pluto icon on the bottom icon bar
- You can perform this operation from the command line (press F12) by typing 'pgp key/asc' after the star command (leave out the double quotes). PGP will then ask you if you want to add this key to your public keyring, which you confirm.
- To upload and download public key via the web:
- Open the web and go to the UK key server at http://www.cl.cam.ac.uk/PGP/pks-commands.html. You should be able to simply drop your 'fredskey/asc' file onto the page, but for some reason this site has started to ask for passwords and ID. If this is still the case, then go to the Dutch keyfile site at http://pki.surfnet.nl and click on 'submit'. Actually, it makes no difference which site you go to because they all share the data and you'll automatically go onto all sites worldwide. Now your public keyfile is on the web and anyone who needs to send you an encrypted message can download your keyfile.
- Similarly, if you need to load someone's public keyfile, you go to the website above and type in the person's ID (I think you can bring it straight up by typing in their email address). You save the file to your desktop and follow the instructions in 4(b) above.
This is extremely easy with Pluto. You should try it a few times from the command line so you can understand what is going on, and there are links on Dr Nat Queen's website that will explain how to do this. Note that you must have the recipient's public keyfile before you send them an encrypted message.
You have the choice within Pluto of having every message sent to a particular person encrypted, or to choose at the time. Either way, it is simple
- To permanently encyrpt messages to a particular recipient, go to your address book and select that persons details. Press the menu button over the selection and go to Selection-Edit. When the window opens, tick the [Encrypt] and [PGP Sign] boxes followed by [OK]. Any message you send to this recipient will now always be encrypted. Simply prepare your email in the normal way and when you 'Send' the message, you'll be asked to confirm you want it encrypted.
- To encrypt messages on an ad hoc basis, prepare it in the usual way and when finished, click menu button, PGP-Encrypt. You'll be asked for your password/passphrase which you simply type in. Then send the message.
- If you receive an encrypted message, click the menu button over it and go to Display-Decrypt. you'll be asked for your passphrase and on entering it and clicking, your message will be decyphered.
Say you want to send an attachment as a jpeg file or as an MSWord file out of EasiWrite to a PC user with W98.
- Save the file to your desktop and go to the command line (F12) where a star will appear with a flashing cursor.
- Type pgp -seat <full filename> <recipient's e-mail address>. Note that you do NOT type in the parentheses <>, and there is a space between 'pgp' and '-seat'; between '-seat' and 'filename' and between 'filename' and 'recipient'. Press the return key and you'll be asked for your pass-phrase. Enter it, press the return key and an encrypted file will appear on the desktop.
- Open 'new mail' from Pluto, select the 'MIME/PC' option from the right hand window next to 'subject' and drag and drop the encrypted file onto the top bar of the'Write Mail' window.
- Carry on with the normal procedure for sending an email
Now the procedure if you receive an encrypted attachment
- Open the message and drag and drop the file attachment(s) onto the desktop.
- Go to the command line (F12) where a star will appear with a flashing cursor.
- Type pgp <full filename>. Note that you do NOT type in the parentheses <>, and there is a space between 'pgp' and 'filename'. Press the return key and you'll be asked for your pass-phrase. Enter it, press the return key and a decrypted textfile will appear on the desktop.
- Change the file type to MSWord or jpeg or whatever the file should be and open it
For further reading and information, you are strongly recommended to go to Dr Nat Queen's website referred to above.
Very grateful thanks are offered to David Kanareck for helping to compile the information provided on this page.