MelonLand Wiki

Trace:
no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


pgp [2025/11/23 17:30] (current) – created TheFrugalGamer
Line 1: Line 1:
 +====== PGP Encryption ======
 +PGP is a type of encryption that is used for keeping messages secure all over the internet. The mathematics behind how it works are fairly complicated, but its use is not once you know the basics. This page is taken from a Melonland forum post in which one user needed a primer on how the system works, and another user stepped up and offered a wonderful explanation with instructions on how to use it for various things.
  
 +[[https://forum.melonland.net/index.php?topic=4984|Click here to read the original thread.]]
 +
 +===== Let's start by understanding symmetric encryption =====
 +
 +Most encryption is //symmetric//. That means that both parties - let's call them Alice and Bob - share the same //key//. Like: if Alice wants to send a ZIP file to Bob, but doesn't want Eve to be able to intercept it... then Alice creates the ZIP file and chooses a password for it, then sends it to Bob. Bob enters the same password, and he's decrypted it. Brilliant!
 +
 +Symmetric encryption is pretty easy to understand: you probably played about with it when you were a young child! If you have a substitution cipher (swapping letters for symbols) that you shared with a friend, or if you agreed to "rotate" the letters 6 spaces through the alphabet to encode and then wind then 6 spaces back to decode... that was symmetric encryption. Humans have been doing it for millennia.
 +
 +The big problem with symmetric encryption is that we have to agree on the key, without it being intercepted. Like: Alice and Bob probably want to get together in the same room to agree what their ZIP file password will be, right? If Alice //phones// Bob to tell him the password, there's a chance that Eve is listening on the line. If Alice //emails// Bob the password, there's a chance that Eve intercepts the email. This means that traditional symmetric encryption isn't so good to use on the Internet: you don't want to have to go and visit every company in-person to agree on an encryption key before you can talk to them securely online, do you?
 +
 +===== The solution? asymmetric encryption =====
 +
 +The solution to this is //asymmetric encryption//, also known as //split-key// or //public-key// encryption. There are several different kinds, and you use them every day (that padlock in the address bar? that relates to a kind of asymmetric encryption being in use right here on Melonland!).
 +
 +Asymmetric encryption exploits one of several mathematical phenomena that mean that //some mathematical operations are easy to prove, but hard to do//. For example, prime factorisation: the prime factors of a number are the lowest prime numbers that you can multiply together to get that number (if there are none except 1 and the number itself, you're looking at a prime). If I give you a large number and ask you to find the prime factors of it... that's a hard job. But if I tell you the prime factors of it, that's really easy for you to check. Hard to do, easy to verify.
 +
 +Prime factorisation is a classic example, but much asymmetric encryption nowadays uses elliptic curves instead (not least because prime factorisation might turn out to be something that quantum computers will be amazingly good at, thereby breaking the encryption much faster, assuming anybody ever manages to build a big one). Imagine you have a formula which draws an ellipse on a piece of graph paper. I choose a secret point on the ellipse and perform an operation that draws a line from it at a particular angle, so that my line hits another point on the ellipse. Then I do it again, and again, and again, hundreds of times. When I tell you the point that I ended up, it's insanely difficult for you to work out where I started, because you have to try many different points on the ellipse to work out where I was //last// move, and then work it back again and again. But if I //tell// you where I started, it's very easy for you to check that, yes, running the operation 100 times would have got me to where I finished. Hard to do, easy to prove.
 +
 +If you didn't understand all of that, that's fine. Just trust me when I say that there are mathematical operations that are //easy to do one way, but hard to work backwards from.// And those are the basis of split-key encryption.
 +
 +===== So what about PGP =====
 +
 +All split-key encryption works basically the same way, but you asked about PGP:
 +
 +Anybody can make a "keypair": that is - //two keys// that //together// make a cryptographic pair, following the principles described above. If the algorithm uses prime factorisation, the two parts of the keypair will be (extremely large) semiprimes. Generating a key takes a few minutes, because the maths is hard (but still many orders of magnitude easier than working out what one half of the keypair is if you've only got the //other//).
 +
 +One of these two keys is called the "private key", and one is called the "public key". Mathematically, they're interchangable, but the standards dictate how you decide which is which and that's fine. The private one needs to be kept super-secret, so you keep it somewhere safe and it usually gets encrypted with a password too. The public one can be shared: put it in your signature, put it on your website ([[https://danq.me/contact/gpg/|here's mine!]]), put it in a public keyserver "directory"; it's fine.
 +
 +The magic with split-key encryption is this: a message encrypted with one half of a keypair can only be decrypted with the other. And that means you can do two very, very clever things with it:
 +
 +  - **Encryption (sending messages so they can't be intercepted):** if you have my public key (and you do, 'cos I just gave you a link to it!) then you can encrypt a message that you know that can only be decrypted with my private key. And you reasonably assume that I keep my private key private by keeping it somewhere safe (mine lives on a pendrive in my wallet) and with a strong password to protect it. So you encrypt a message with it and nobody except me can decrypt it! (You can't even decrypt a PGP message using the key that was used to encrypt it - how amazing is that - you can only use its partner).
 +
 +  - **Signing (making sure a message was sent by its author).** Suppose I send you a message. I could send you my message, and I can send you a second copy of the message, but encrypted with my private key. You could decrypt the encrypted copy of the message using my public key (indeed: anybody can, because my public key is public!), compare it to the unencrypted version, and if they match: you know two things for sure: (1) that the message really came from me (because nobody else could have created a message that can be decrypted using my public key than the person controlling my private key, i.e. me), and (2) that it hasn't been tampered with in-transit (or else the decrypted copy wouldn't match). In reality, we don't send a whole copy of a message but encrypted, we send a hash of of message but encrypted, and we call it a signature.
 +
 +Incidentally: this is exactly what happens when you connect to a HTTPS website too. The server sends you its "certificate" (which is just a fancy word for a "public key"), and then your computer comes up with a symmetric encryption key (symmetric encryption is much faster!), encrypts it with the server's public key, and sends it back to the server... and then your computer and the server talk to each using the key your computer came up with... which can't have been intercepted because you sent it encrypted with the server's public key! (There's actually a lot more that goes on here: the certificate will have one or more "signatures" of exactly the type I described above, but made by companies that you or your web browser have said that they trust, and that helps your browser know that you're really speaking to Melonland and not to some trap website... so long as the companies you trust - your Certificate Authorities - are actually trustworthy... that's another story...)
 +
 +(PGP users can also "sign" each others public keys to say "this person really is who they say they are" to establish a "web of trust" too, but that's another story.)
 +
 +===== Okay, my head is spinning: just tell me how to do this! =====
 +
 +Want to try PGP. Cool!
 +
 +The most popular implementation of PGP is, confusingly (but for hilarious and amazing reasons) called GPG. You can install command-line tools or graphical tools for a variety of operating systems).
 +
 +I'm using a Linux command line right now, so I'm going to create a keypair. I type:
 +  gpg --gen-key
 +
 +It asks for some metadata (name, email etc., all of which is optional) and for a password to protect the key, and then soon it exists. If I run:
 +  gpg --list-secret-keys
 +
 +I can see my keyring; here's what mine looks like right now:
 +  gpg --list-secret-keys
 +  
 + sec   rsa3072 2025-11-20 [SC] [expires: 2027-11-20]
 +       B52B7F1159ECF9FD20482D32D9CC360817CAC036
 + uid           [ultimate] Tetsy McTester
 + ssb   rsa3072 2025-11-20 [E] [expires: 2027-11-20]
 +
 +I can get a copy of my public key, to share with the world, like this (note the "--armor" switch, which says "export it in ASCII", which is much more-readable that the binary version, I promise):
 +  gpg --armor --export B52B7F1159ECF9FD20482D32D9CC360817CAC036
 +  
 + -----BEGIN PGP PUBLIC KEY BLOCK-----
 +  
 + mQGNBGkfWbwBDADZD0+efWXyREGSM8yDbXGx0ObZTNsZdPBsewiI891kYVkZE4Vt
 + jqzBa4eZ7QNL9lH/zh89tm8LNBjM9l63FESIh8RnSjwXROLbRc/BssaqIa+VO90n
 + 68PRkyI20NFBm0PdmkIbdoKxWeUn3r5azhCtqhJY9dDGcpr1+XbxM74TGbT0MKXU
 + 3oEZrGzW4A/FIvJKISJOfEzCBmI4KpDEh59lWVSoR3n1A6yZvEMl6ZKetHb+CJ3x
 + uADXJixz8XtsaGy9es2iaxovM+ej+BUqwWYWXzAPspCqhq1Uq0VrnV8jre9VwROk
 + ej1Itgt3Y5KT8CCFsVC0GO0GsCJp07XRX8Bje+PfYtlydE5HXJmEOk5FasDwI9Tp
 + 2sQWscSQMIXIOIsp89K3c+5Xe2i3TwMdsVsMSzAvrUJOTw0CvEp11KFokUfCpfjb
 + jxsLrXmzvBr8H23IxhQN7HEPUGL4Ky3xwN2qifw2BDy1Kg1jkisBBFayouRfQwy/
 + oVuimn3HxegCEQsAEQEAAbQOVGV0c3kgTWNUZXN0ZXKJAdQEEwEKAD4WIQS1K38R
 + Wez5/SBILTLZzDYIF8rANgUCaR9ZvAIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgID
 + AQIeAQIXgAAKCRDZzDYIF8rANsjoC/4kIqMPDBTZSa9jMItkvPVv6gqx/bOkUOrO
 + Jx8sxXrwUpptCePXv1aJn7rlwfpsrW3Q3hPkKnXNVCmHYqVsD5aWaIIt25ygpf+G
 + nFOKCmU4yGRCCVtCmc0GTVSXD1Ut0xdABkb0rGc8pYmvMN10UDPJL7ua8Z2KK/Eg
 + LtFslrav7ZLsa2qunLUhXdgoUb4fAs4BulMYdksUCvdAHbTD09+sxTVfJy5M50wp
 + pohUSsmJL9YywFMoy8MueJ0iL4bksVIpOhp15Ye5nK+ME4asVZ2FPq1dKHgr9f47
 + eC8OBcKQmSPWbnKxZkOKQwCW9NGPRaZkMEEinonEtsnCCgAvL1vE0yuskFkWjTLH
 + MtL0dLNTEnf5f940YEq07mxnFEVeNHTKvs/Pg4Dkzwws9P6TXCxdDMkvrDpOIAY2
 + pGDnKUW5VXUiPjmDwJsHzEHenyCPceCbEwREHcibGvU44HLcs/4YRQbwCARmGicn
 + ZkCn2ezo8hkhJ+zxqMYv1Ee42h1sfZa5AY0EaR9ZvAEMAMZdsk1jlZY9MeCJzdfu
 + Jno5AwAsVh6DHptlZLjnnw6fWiqimu0k37MZUCAEgGTla7KaitIz4H/SpFVM+KFR
 + BllFk9FTmHmP4hTwQWs8+8i8sdazRctO+OmV7jQ+Rzvo5Wnza7+ZjlXeqqjRaHhz
 + 74Z9tvE3yFGvgABLbYsOn0gvuBU7hwMv5eY9X2G6/PU2ASdZwk6N1QO1tnRGbkvA
 + ddSvrHWfZsV+iRfElG02oYpuFMHADboDHUeqlrwSqcrE9UJWHSjYaqDPpxYJYZv4
 + L7570ewXF9NTSarL82Uz74p1Qvb02oy8YT9XIpjpcXM2ivesPADS6iFML8JXBVKO
 + x7LNM/y0tcMY0VAMw0Rwe6c4tRkZMDZ2D81iFsPpZy9N1X9av2rCbBTISKnKybNa
 + WHWczZYIaWjwqxlxMQvD4B75XKYq/Qaw7kd9WzVkM0hRiaM0CzMtCpP+jPSxrR6v
 + dWgG8c9m++1IhKry1RWAKxiMG0wK/hL0F7iOpDEIBiJViwARAQABiQG8BBgBCgAm
 + FiEEtSt/EVns+f0gSC0y2cw2CBfKwDYFAmkfWbwCGwwFCQPCZwAACgkQ2cw2CBfK
 + wDa0fwv+PmDUvCl1g+duLs0HBXSLL/on945wt0BYTj7iRqcgP4chc0BAQLUBgmyh
 + +EKjkA5fc4f/7XXxOBNJL2OnKd7wIct8KVHIRXRDSHw5lVFXMQibmpMobsy4/8eA
 + bJwVsGpzN5MHk3qrmwbzizIz7QlgX4gMdoG1SiIWoLkxWNhx6fO/NTdy7eQLyITB
 + pQm0KA9PwwWOapuBpXy5+adkkgZ09tJf/GE8uLAQp3rJtAmfAXuo+q1U4eT7Y0TN
 + 7MgdNuN9SGuG+t4wD2rNB0LbXTlOxM+HmwmTktaLljJisKoDfgOjbpWmevco2huJ
 + SXeA/ffQsJKioS4bAcrlqbso77hRh+Fx6sJgMxuPPh/x2uGtYbR74UwSzqpkTJn6
 + tHYoL12ZhlIEyhHqky17N9+ePGnXMIKXT0Du9C8Z97avQy1iJPEPbIzi99Moj2sj
 + knBg6I7/haWceOqBpTaNTj8c/0qtKftw21JzA72pCYesLCtO9VbEAMNGGZbtXzUS
 + Wtom7Lcm
 + =8NCK
 + -----END PGP PUBLIC KEY BLOCK-----
 +
 +
 +B52B7F1159ECF9FD20482D32D9CC360817CAC036, by the way, is my key's signature. If I'd added an email address into my metadata I could use that as an alias, but I didn't bother.
 +
 +Anybody can import that into their own keyring with "gpg --import" (or whatever their graphical program calls it). Then they can encrypt a message to me. I'll try that now:
 + gpg --armor --encrypt
 +  
 + You did not specify a user ID. (you may use "-r")
 +  
 + Current recipients:
 +  
 + Enter the user ID.  End with an empty line: B52B7F1159ECF9FD20482D32D9CC360817CAC036
 +  
 + Current recipients:
 + rsa3072/DFB6EA08D1E54F1C 2025-11-20 "Tetsy McTester"
 +  
 + Enter the user ID.  End with an empty line:
 +  
 + This is my secret message!
 + When I'm done typing it I'll press CTRL+D!
 +  
 + -----BEGIN PGP MESSAGE-----
 +  
 + hQGMA9+26gjR5U8cAQwAmHkUhdvE5GbbzbS4F3gPq61fU8F9xb8eTQ4LocYo9tn4
 + r/dahkNdmUSw3MdoJ1DVoCNqUFhjO1QOqWdzwQgYclJJ2fCE7xrV4ChfRGbTqF3n
 + Cnu9xFiKk2NXWAQ9B/NksFzU92oRhNTD2mb/EyvGGheQPnSlcsNN4ghnnLI5g8HJ
 + u7KhdO4S+Nyhe5q7eYYnWNGCrhOGxmRt7DwdlRZkBCAyUx0BI2TN5jZSD3pEycGw
 + TQ56TijZuP2510ybJ8X8wosj1Jhb+AnGm7SQwLX4xDHKrlVtI7U71SpS1daEtCz+
 + uj23SXZkB0tjoXpLd4s8lqiTSgTQsJD1z+12+FsR6O/dzHFPfAUQenY45SldqS5n
 + Kvk+t7UBVdRii5zuBxp9HD2hihQPO6fx5ya/KhZ2JVaEgZ2OYGw/mZXWPwdOFpc5
 + Z7kht0EUeiDfOE0xSEEW8ON2pyOwWWxdKUg4goiXSqUwy+h/yXp0eNp5Pf1tJyJZ
 + gPm0LNrUEZHYoBbmEvvU0n8BdFuMN8NZeWzYM53Omjdefgn4jPiCH6o/18J/5v+0
 + hk4xpeFBOF2KJK3ak2KBBpwXMBQaL3h1xo5uHIXgS09fgarRl/KlJhOlQ2Kcw1y4
 + A123sHeI+pqazjndF9uDWlQT7LRQ3iuxmFMlcWj6d5AlQ7e+/TO6wKuas3ylknO2
 + =0jDF
 + -----END PGP MESSAGE-----
 +
 +There we have it! A secret message that can only be decoded using Testy McTester's secret key!
 +
 +To try it, I put it into a file called "encrypted.txt" and then ran:
 + gpg --decrypt encrypted.txt # (it prompted me for my private key's password at this point!)
 +  
 + gpg: encrypted with 3072-bit RSA key, ID DFB6EA08D1E54F1C, created 2025-11-20
 +       "Tetsy McTester"
 +  
 + This is my secret message!
 + When I'm done typing it I'll press CTRL+D!
 +
 +If I delete my new secret key:
 + gpg --delete-secret-keys B52B7F1159ECF9FD20482D32D9CC360817CAC036
 +  
 + gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
 + This is free software: you are free to change and redistribute it.
 + There is NO WARRANTY, to the extent permitted by law.
 +  
 +  
 + sec  rsa3072/D9CC360817CAC036 2025-11-20 Tetsy McTester
 +  
 + Delete this key from the keyring? (y/N) y
 + This is a secret key! - really delete? (y/N) y
 +
 +Then there's no absolutely no way to decrypt that message any more; no way on Earth! (Good job I already read it!)
 + gpg --decrypt encrypted.txt
 +  
 + gpg: encrypted with 3072-bit RSA key, ID DFB6EA08D1E54F1C, created 2025-11-20
 +       "Tetsy McTester"
 + gpg: decryption failed: No secret key
 +
 +
 +That was a whirlwind tour of PGP/GPG, done in just about the hardest possible way. Most people using PGP for email use a plugin for their email software to do it for them, which does most of the heavy lifting. You can even use an email provider like ProtonMail who do it for you in your browser, which is pretty cool.