Quick tour

Let's take an general view over the most important commands of myPGP.

If we want to encrypt, decrypt or sign something, we need to create first a pair of private/public keys to check how this works (in the near future we shall include import/export options, so you will be able to get other's public key).

Example 3.1. Creating a public/private pair

	  bash$ mypgp --gen-key
	  How many bits do you want for your keys (from 512 to 2048, 1024 recommended)?: 
	  1024
	  Type keys in your keyboard to add randomness:
	  saj oif weoirsdfcl234
	  Which ID should be associated with this pair of keys?: 
	  droggo
	  You need a passphrase to protect your secret key
	  Enter your passphrase: 
	  droggo	  
	

Now we have droggo's private key storaged in our secret keyring (encrypted with his passphrase) and his public key in our public keyring (keyrings are, by the moment, stored in secring.skr and pubring.skr in the current directory).

We can list our keys with the options --list--keys and --list-secret-keys:

Example 3.2. Listing keyrings

	  bash$ mypgp --list-keys
	  pubring.skr
	  -----------
	  pub 1024/KEYID TIMEOFCREATION droggo

	  bash$ mypgp --list-secret-keys
	  secring.skr
	  -----------
	  sec 1024/KEYID TIMEOFCREATION droggo
	

We are now ready to encrypt, decrypt, sign and verify data using our keys. Let's see how.

Confidentiality

If we want to send a confidential message to droggo, we just have to encrypt it using his public key:

Example 3.3. Encrypting a message

	    bash$ mypgp --encrypt message.txt --recipient droggo --output message.enc
	    Type keys in your keyboard to add randomness:
	    fnsa dkjfhy4211039sdoif sdkf
	  

In this example we had the message stored in the file message.txt. Remember that if you don't specify any file, the standard input will be used (type the message, and when you are done press Ctrl-D).

As you can see, we didn't use the --armor option. If you want to send your message as email, set it while encrypting, because the email protocol need it.

After the last command, we have an encrypted message for droggo in the file message.enc. Open it with your favourite editor. You will read nonsense junk, but don't worry. Your message is there, but it won't be readable without the proper key: the droggo's private key (which only droggo has).

If you are droggo (and in this example you are), you can decrypt message.enc (that's what PGP is all about):

Example 3.4. Decrypting a message

	    bash$ mypgp --dencrypt message.enc --local-user droggo
	    Enter your passphrase:
	    droggo
	    Message decrypted
	  

Cool, isn't it? Well, now you know how to provide confidentiality to your messages, let's talk about authentication.

Authentication

When encrypting a message you get confidentiality - nobody can read that message but the person who owns the private key.

What if you want to be sure that the sender of a message is who says to be? In this case, you have to add authentication.

To get authentication, the sender must sign the message. Then the reciever can easily verify the signature.

OpenPGP establishes the signature format. It consists of a message digest (with a hash algorithm, i.e. SHA-1) encrypted with the sender's private key. The reciever decrypts the digest with the sender's public key, and checks if it is equal to the hash of the message.

For signing a message with myPGP:

Example 3.5. Signing a message

	    bash$ mypgp --sign message.txt --local-user droggo --output message.sig
	    Enter your passphrase:
	    droggo
	  

You can open message.sig with your favourite browser. Now you can see that the message is not encrypted. Instead, it includes several lines with the signature at the beginning of the file.

To verify the message, you have to perform the following:

Example 3.6. Verifying a message

	    bash$ mypgp --verify message.sig --recipient droggo
	    SIGNATURE VERIFIED: OK
	  

Finally, remember that you can combine authentication and confidentiality, using --encrypt and --sign options together.

To get further information about the uses of myPGP type mypgp --help.