Google Answers Logo
View Question
 
Q: gnupg - how to send PGP mail using gnupg in windows ( Answered,   4 Comments )
Question  
Subject: gnupg - how to send PGP mail using gnupg in windows
Category: Computers
Asked by: indiafin-ga
List Price: $5.00
Posted: 15 Jun 2002 08:45 PDT
Expires: 15 Jul 2002 08:45 PDT
Question ID: 27139
I need to send PGP mails to a client.

The thinks what iam looking from answers are 
1. link to download software
2. how to create keys i need exact process take my self as d@d.com and
client to send as x@x.com
3. so tool which can do the exact jobs.

the envirment on which iam working is windows 2000

Request for Question Clarification by mvguy-ga on 15 Jun 2002 10:11 PDT
Hi! Do you have to use gnupg? It may be possible to send encrypted
mail using a plugin for your current e-mail program, but not all PGP
encryption schemes use gnupg.  Here's a list of e-mail clients that
you can use with a PGP plugin:
http://www.cryptorights.org/pgp-users/pgp-mail-clients.html#windows
Answer  
Subject: Re: gnupg - how to send PGP mail using gnupg in windows
Answered By: searchbot-ga on 15 Jun 2002 14:47 PDT
 
Hi there,

The easiest way to use GnuPG under Windows that I know of would be a
graphical interface called GNU Privacy assistant. I use it myself and
have been very satisfied with what it offers. You can download it from
this URL:

http://www.gnupp.de/download/gnupp-1.1-en-installer.exe

The installer includes GnuPG for Windows (which is actually a command
line tool), WinPT - a small program that runs in the background and
connects GnuPG with your software of choice (it can be accessed via
its tray icon), a special plugin for Outlook (since I'm not sure what
program you use, I'll give a detailed step-by-step description which
can be used with any email program out there) and, eventually, the GNU
Privacy assistant, i.e. the graphical interface.

Steps for sending an encrypted email

1) First you need to create your individual pair of secret and private
keys. With the GnuPA, this is done as follows:

Click on Keys/Generate Key. Follow the instructions, entering you
name, email address, possible comments and a passphrase which is used
to protect your key. You should create a backup copy of your keys as
recommended. The newly created key will now appear in the
application's main window.

2) Have your client send you his public key by email. Mark his public
key and copy it to the clipboard using CTRL-C. In the GnuPA, select
Keys/Import Key. Choose Import from clipboard. His public key is now
part of your local keyring. Alternatively, you can search for his
public key using the same command (Keys/Import Key) and then using the
"Receive from server" feature. Use your client's email address as the
KeyID.

3) Now compose the email you wish to send to your client using your
regular email application. Make sure the WinPT program is running.
Mark the text of the email and press CTRL-C (for copy). The email is
now stored in your clipboard. Right-click on the WinPT tray icon and
select Clipboard/Encrypt. In the upcoming dialog, select your client's
email address and press OK. A confirmation message will appear. Now go
to your email program again. Make sure the text of your email that you
just copied is still marked. Activate the window and click CTRL-V (for
paste). Voilą, there you have your encrypted email as the body of your
message.

4) Now just perform your regular procedure for sending email. That's
it.

In case you want to inform yourself a little bit more in detail about
GnuPG, I'd suggest you take a look at this FAQ:

http://www.gnupg.org/faq.html

The section on compatibility with the other PGP software packages
around is well worth reading.

Good luck on sending your first encrypted email, and who knows, maybe
you'll like it so much you'll even start using email encryption for
your private messages as well.

Best regards,
searchbot-ga

Request for Answer Clarification by indiafin-ga on 24 Jun 2002 14:05 PDT
i want to encript the files and than sign it , but when i sign the
files after encription , i get only the sig files , need help how do
do this , either with GNU privacu assistant, or window privacy tray

Clarification of Answer by searchbot-ga on 25 Jun 2002 03:05 PDT
Hello again,

i assume what happened for you is the following: you followed my
procedure listed above and instead of only clicking on "encrypt", you
chose "sign & encrypt". What happens then is that GnuPG performs two
seperate steps, it first signs the message and then encrypts it. Now
if you then paste the results back to your mail  window, it may appear
as if the message had only been encrypted, because the signature has
been encrypted as well. (And is now a part of the encrypted text
block.) If you go about and mark that encrypted/signed portion of text
again, right-click on WinPT and then "decrypt & verify", then paste
again, it will show you your original text and a window will pop open
telling you the signature is good, and telling you the owner of that
signature, that is, you. (The latter of which is the result of the
signing process.) So you see, everything just went fine.
Again, this is only an estimate on my part of what happened, so I may
be wrong here. In that case, please restate your clarification. Other
than that I may add, that to my knowledge the proper process is to
first sign and then encrypt a message, not vice versa as you were
saying. You CAN do it the other way round, if you so desire, but the
message will look somewhat mixed up then.

Please get back to me in case I misunderstood you.

Thanks,
searchbot-ga

Clarification of Answer by searchbot-ga on 25 Jun 2002 18:36 PDT
Hi again,

reading your comment it occurred to me that there was some deeper
misunderstanding going on between us. I thought your first request for
clarification also referred to sending mail only while you were
obviously trying to find out how to encrypt binary FILES. Alright, now
that we're clear on this, let me try help you out there as well. We'll
be using WinPT for the encryption/signing and the command line for
decryption/verifying.

About the detached signature: Here it is important to check "Normal
Signature" whenever using the Sign option. Let's just do this step by
step.

1) Right click on the WinPT tray icon. Open the File Manager. Drag and
drop the file to the window.
2) Right click the file, select Encrypt. Choose the Recipient's key.
3) The status of the file is now changed to "Encrypted".
4) Right click the file again. Select Sign. Choose Normal Signature.
Enter your Passphrase.
5) New status of the file: Signed.
6) You now have 3 files in your directory: the original file.xyz, the
only encrypted file.xyz.gpg and the encrypted and signed
file.xyz.gpg.gpg.
7) Distribute the latter to your contact.

By the way, it is also possible to first sign and then encrypt the
file. The output file name will be the same: file.xyz.gpg.gpg.

Now, to restore the original file (on your client's side), I'd
strongly recommend using the command line. For some reason I couldn't
figure out for the moment, WinPT will successfully decrypts a file
that's only encrypted without a problem; it won't, however, restore
the original file out of a signed one. Here the command line comes in
handy. Just follow these steps, and the original file is quickly
restored:

1) Open a command line by clicking Start/Run or press <Windows-Key>-R.
Enter cmd. A window will open.
2) Navigate to your GnuPG directory, i.e. enter cd <your GnuPG
directory>
3) Copy the files you wish do decode/verify there
4) Simply enter gpg <file>, so to get back to our example, this would
be gpg file.xyz.gpg.gpg
5) This will produce a file called file.xyz.gpg and tell you the
status of the signature.
6) Do the same thing again, this time on the file that was just
created: gpg file.xyz.gpg
7) You'll have to enter your passphrase (i.e. your client) and then
you'll find the decrypted file in your directory: file.xyz

I hope this was what you were looking for in addition to your original
question.

Have a good day,
searchbot-ga
Comments  
Subject: Re: gnupg - how to send PGP mail using gnupg in windows
From: flamingpenguin-ga on 17 Jun 2002 14:50 PDT
 
You should also look into mozilla (particulaly mozilla mail) at
http://www.mozilla.org and Enigmail http://enigmail.mozdev.org
which supports both PGP and the free alternative GPG  
http://www.gnupg.org

Enigmail is a plugin to the mozilla mailnews program (which comes 
with the mozilla web browser) and gives a more streamline interface 
than that suggested in the answer... it requires somewhat less copy 
and pasting ( unfortunatly it may also mean you switching mail 
clients ;-)

It allows a certain amount of automation... for instance it can be 
set to automaticaly decrypt and verify recived e-mail.

Hope that helps

  flamingpenguin-ga
Subject: Re: gnupg - how to send PGP mail using gnupg in windows
From: indiafin-ga on 25 Jun 2002 10:17 PDT
 
what i need is an entension gpg.sig which is i hope only possible if I
encript and sign , but when i do this I get the above entension but a
detached signature file as you have mentioned above, In case of sign
and encript the extension is sig.gpg , pl advised how to get this
entension ( gpg.sig)
Subject: Re: gnupg - how to send PGP mail using gnupg in windows
From: indiafin-ga on 08 Jul 2002 13:23 PDT
 
thanks for you help, in this the extension what i am getting after sig
is gpg.gpg, and the requirment is gpg.sig, I think they are using some
script , which i am sending you below , may be you can help me more
once you see this


Please name it abcdYYYYMMDDxx.gpg.sig   where xx is the document
number sent
that day (if only sending 1/day xx is not needed)
Below is part of an automated script that we use here for encrypting
and
sending.
I am using mutt instead of send mail, because I was not able to get
send
mail to work the way that I wanted.

This is a script called by crontab that checks for the presence of a
crt*
file and if that file exists it calls the process script with the
exact
name.
###### cronlab.sh script starts here
############################################
# program to check for LAB files then process them
cd /home/hp3000/LAB
find crt* -exec /home/hp3000/LAB/processLAB.sh {} \;

###### cronlab.sh script ends here
############################################

This is the process script that is called from the above cron script
if a
file crt* exists.

###### processlab.sh script starts here
############################################

echo "encrypting  file"
echo $1
/usr/local/bin/gpg --armor --output
/home/hp3000/LAB/$1.gpg --encrypt --recipient john.org( not a complete
e  mail address)_  $1
echo "signing file"
/usr/local/bin/gpg --armor --output /home/hp3000/LAB/$1.gpg.sig --sign
$1.gpg
echo sending file
mutt -s "Here is the new file." -c john@.org( not a complete e  mail
address)_ -a $1.gpg.sig
john.org ( not a complete e  mail address)_  <message.txt
echo moving files
mv $1 processed/$1
mv $1.gpg  processed/$1.gpg
mv $1.gpg.sig  processed/$1.gpg.sig
echo "Done! "

###### processlab.sh script ends here
############################################

####### message.txt begins here ##################


In view of above appreciate your help

Thanks
Subject: Re: gnupg - how to send PGP mail using gnupg in windows
From: searchbot-ga on 09 Jul 2002 19:03 PDT
 
The first idea from the top of my head is: just rename the file to
whatever your need may be. It's not going to have any influence on the
contents of the file. As you obviously need to specify the date
anyway, it's no big deal to just change the extensions while you're at
it. The script itself is not very helpful for this particular
situation we've been discussing. Mutt is a Unix client.

Hope this gets you further,
searchbot

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy