The post that you will read next was sent to me Lazarus, a user of GUTL via email. It has been a personal guide that, according to what he tells me, has worked perfectly for him.
The typical user who says:
the PGP that sounds to me but .. I don't even know that?
That is nothing more than «Pretty Good Privacy»And it is a mail encryption system to transmit with privacy over the Internet.
It is speculated that there is a secret sect that intends to take over the world. One of these members decided that his email should not be read out there, or that his emails would not be used for social engineering, or that nobody cares what his girlfriend is talking about.
Those are the good logical reasons but do not lose sight that in many countries, this can be declared as illegal, not welcome or prohibited. You are already warned, if you do it is at your own risk and check this:
Buuuuuuuuuuuu ... I already scared you enough and I complied with the tax. Let's keep "doing science"
The principle is simple.
1- Create a PGP key.
2- Send a public key to someone.
3- That someone encrypts it with YOUR public key.
4- You decrypt it with your password.
First thing's first. Create one Personal password, yours the one that nobody has. We do this by generating a "pair of keys" (a pair because there are two) the personal and the public, but it is generated through the command:
# gpg --gen-key
There a process will begin where you will generate a key. If you intend to plan how to bring down Capitalism by mail, I recommend that you make a password as God commands.
Done! Password created for the address tuusuario@yourdomain.org
Now let's try encrypting something, a good text file for example. We run this command:
gpg --armor -r tuusuario -o monografia.asc -e malvado_plan_B.txt
Now the explanation of the parameters.
«–Armor»Generates a form called«ASCII love data»Or ASCII armor ready to go by mail. Of course this is a botch because it carries all the MIME information that says it is a GPG encrypted email. But good for you to understand the principle.
Now, in this case we use our own public key but if we were to write to:
accomplice@domain.org
We need that person's password, not ours. I remind you that we receive messages encrypted with our own public key.
Let's see how this business would be:
We send our public password to our accomplice. We do it so.
gpg --export --armor -o clave_publica.asc
The parameter «–armor» is very important, without the ASCII armor, we would only send a binary garbage stream, good for nothing at the mail level, but very useful at the file level.
Now the file will appear public_key.asc and this is the public key that we send to the accomplice.
He will run the command:
gpg --import clave_publica.asc
and will add our key to your key repository. Now you are ready to create an encryption that even he will not be able to see; only its creator (you) with the key.
So, our accomplice executes:
gpg --armor -r frater -o monografia.asc -e malvado_plan_B.txt
and the file monograph.asc It will be ready to be sent encrypted with our key so that only you can see it.
So he deletes the file evil_plan-B.txt with Gudman method of 7 passes and sends you the encryption.
YOU on the side here decipher it with the command:
gpg -o planes.txt -d monografia.asc
And it will ask for YOUR password. Complicated right?
Using MUTT
mother (an email client in the terminal) makes your life VERY easy, let's see how it behaves and its special abilities. I use version 1.5.20 which is the most stable as of this writing.
In the file .muttrc we will put the following.
set pgp_decode_command = "gpg%? p? - passphrase-fd 0? --no-verbose --batch --output -% f" set pgp_verify_command = "gpg --no-verbose --batch --output - - verify% s% f "set pgp_decrypt_command =" gpg --passphrase-fd 0 --no-verbose --batch --output -% f "set pgp_sign_command =" gpg --no-verbose --batch --output - - -passphrase-fd 0 --armor --detach-sign --textmode%? a? -u% a?% f "set pgp_clearsign_command =" gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --textmode --clearsign%? A? -U% a?% F "set pgp_encrypt_only_command =" gpg --output - --armor -r% r -e% f "set pgp_encrypt_sign_command =" gpg - passphrase-fd 0 --batch --quiet --no-verbose --textmode --output - --encrypt --sign%? a? -u% a? --armor --always-trust -r% r - -% f "set pgp_import_command =" gpg --no-verbose --import -v% f "set pgp_export_command =" gpg --no-verbose --export --armor% r "set pgp_verify_key_command =" gpg --no- verbose --batch --fingerprint --check-sigs% r "set pgp_list_pubring_command =" gpg --no-verbose --batch --with-colon s --list-keys% r "set pgp_list_secring_command =" gpg --no-verbose --batch --with-colons --list-secret-keys% r "set pgp_autosign = yes set pgp_sign_as = youruser set pgp_replyencrypt = yes set pgp_timeout = 1800 set pgp_good_sign = "^ gpg: Good signature from"
Pay attention to the 4th line from bottom to top, it says:
set pgp_sign_as=tuusuario
There replace "youruser" with your password or better with the ID. To find out the ID list your keys.
gpg -k
and it will have something like this:
pub 1024D/DE1A6CA5 2010-05-28 uid chicho <frater@gran_logia.org> sub 2048g/0C914E56 2010-05-28
In this case your password is «Pub» DE1A6CA5
Now Mutt is ready to become the ultimate tool for your conspiracy of world conquest.
Send your public password to your Illuminatis friends, this is done on the Mutt main screen by pressing the key combination
Escape + K
Then you will receive the "input" where you put the address of your accomplice and the subject:
"Hey everyone ... I'm sending my password to my accomplice"
But the doubt arises.
"How do I encrypt?"
Well that is already being more complicated. First he asks his friend the accomplice for his public password and when he has it, Mutt will know what to do with it. Let's look at an example.
When your friend sends their public key, Mutt will give you the option to "import" it. You import it and then compose a NORMAL message.
After putting all his most intimate secrets and the horns that he puts on his girlfriend, save the text and close the editor.
When the pipe breaks, it will land on the Mutt screen where it tells you to press "y" to send. DO NOT press it.
There you press k and it will give you several options. One of them is the e by Encrypt. If all is well Mutt detects the public key with the address of his accomplice that matches the address of the destination of the message and BOOM! encryption for the accomplice.
You may remember that "msmtp-listqueue.sh" has the parameter "Content-Type:" with that you will know if it says something like "application / pgp-ecryptes" that the mail is encrypted.
Beyond the evil, is the signature PGP. This is used as a sealing wax for authenticity and does NOT encrypt the message.
To do this on the screen where I press k instead of pressing the e solo
press the s de Sign and generate the authenticity signature nested to the email.
Sure! Evolution he does it all alone and Thunderbird has a plugin.
Excellent article elav ... although the "funny" parts did not fall in grace
Well, the article is not really mine and I tried to respect the original article as well as possible, which is a bit more raw.
Please @elav, my question is off topic, but I would like to know what happens that we cannot connect to the GUTL website.
Thank you very much if you could answer my question.
The ISP that provides Hosting for GUTL and other websites is having problems .. 😉
To encrypt online and process encrypted emails online, we can use this:
set pgp_replyinline = yes
set pgp_autoinline = yes
However, decrypting inline is still a bitch. If you see the official documentation, it is all witchcraft with procmail, but this is simpler:
message-hook '! ~ g! ~ G ~ b «^ —– BEGIN PGP (SIGNED)? MESSAGE»' 'exec check-traditional-pgp'
Another thing, you might want to add a header to tell everyone where it is; to your signature:
set my_header = »X-PGP-Key: h ttp: //tuserver/~user/clave.asc»
I've been trying to decrypt attachments from mutt for a long time but I can't, for example to see an attached photo I open the email I enter my PGP password then I press the letter v I get the image foo.jpg.gpg and when I want to open it I don't know can it tell me: There is no corresponding entry in the mailcap file. Viewing as text. that only happens with any attachment that comes encrypted, in my muttrc I have the following
set pgp_sign_as = 0xXXXXXXXX
set pgp_timeout = 3600
set crypt_replysign
set crypt_verify_sig = yes
set crypt_autopgp = yes
set pgp_auto_decode = yes
set pgp_sign_command = »gpg –clearsign»
set pgp_replyinline = yes
set pgp_autoinline = yes
message-hook '! (~ g | ~ G) ~ b »^ —– BEGIN \ PGP \ (SIGNED \)? MESSAGE»' «exec check-traditional-pgp»
I find the post very interesting, thank you very much. I'm trying to do it tomorrow.
Mutt is very fast compared to Pine. What I really need is
friends or contacts who want to try it. It would be nice to have tools in
gmail, hotmail, etc that allowed to do so.