Let's take an general view over the most important commands of myPGP.
If we want to encrypt, decrypt or sign something, we need to create first a pair of private/public keys to check how this works (in the near future we shall include import/export options, so you will be able to get other's public key).
Example 3.1. Creating a public/private pair
bash$ mypgp --gen-key
How many bits do you want for your keys (from 512 to 2048, 1024 recommended)?:
1024
Type keys in your keyboard to add randomness:
saj oif weoirsdfcl234
Which ID should be associated with this pair of keys?:
droggo
You need a passphrase to protect your secret key
Enter your passphrase:
droggo
Now we have droggo's private key storaged in our secret keyring (encrypted with his passphrase) and his public key in our public keyring (keyrings are, by the moment, stored in secring.skr and pubring.skr in the current directory).
We can list our keys with the options --list--keys and --list-secret-keys:
Example 3.2. Listing keyrings
bash$ mypgp --list-keys pubring.skr ----------- pub 1024/KEYID TIMEOFCREATION droggo bash$ mypgp --list-secret-keys secring.skr ----------- sec 1024/KEYID TIMEOFCREATION droggo
We are now ready to encrypt, decrypt, sign and verify data using our keys. Let's see how.
If we want to send a confidential message to droggo, we just have to encrypt it using his public key:
Example 3.3. Encrypting a message
bash$ mypgp --encrypt message.txt --recipient droggo --output message.enc
Type keys in your keyboard to add randomness:
fnsa dkjfhy4211039sdoif sdkf
In this example we had the message stored in the file message.txt. Remember that if you don't specify any file, the standard input will be used (type the message, and when you are done press Ctrl-D).
As you can see, we didn't use the --armor option. If you want to send your message as email, set it while encrypting, because the email protocol need it.
After the last command, we have an encrypted message for droggo in the file message.enc. Open it with your favourite editor. You will read nonsense junk, but don't worry. Your message is there, but it won't be readable without the proper key: the droggo's private key (which only droggo has).
If you are droggo (and in this example you are), you can decrypt message.enc (that's what PGP is all about):
Example 3.4. Decrypting a message
bash$ mypgp --dencrypt message.enc --local-user droggo
Enter your passphrase:
droggo
Message decrypted
Cool, isn't it? Well, now you know how to provide confidentiality to your messages, let's talk about authentication.
When encrypting a message you get confidentiality - nobody can read that message but the person who owns the private key.
What if you want to be sure that the sender of a message is who says to be? In this case, you have to add authentication.
To get authentication, the sender must sign the message. Then the reciever can easily verify the signature.
OpenPGP establishes the signature format. It consists of a message digest (with a hash algorithm, i.e. SHA-1) encrypted with the sender's private key. The reciever decrypts the digest with the sender's public key, and checks if it is equal to the hash of the message.
For signing a message with myPGP:
Example 3.5. Signing a message
bash$ mypgp --sign message.txt --local-user droggo --output message.sig
Enter your passphrase:
droggo
You can open message.sig with your favourite browser. Now you can see that the message is not encrypted. Instead, it includes several lines with the signature at the beginning of the file.
To verify the message, you have to perform the following:
Example 3.6. Verifying a message
bash$ mypgp --verify message.sig --recipient droggo
SIGNATURE VERIFIED: OK
Finally, remember that you can combine authentication and confidentiality, using --encrypt and --sign options together.
To get further information about the uses of myPGP type mypgp --help.