Sending Glenn Greenwald A PGP Encrypted Message

GPG is a great program that allows you to utilize the PGP protocol, very easily. Some great features of the GPG library are as follows.

  1. the ability to easily manage keys.
  2. encrypt and sign messages.
  3. verify the identity of an individual you never met.

During some independent research, I took some notes, and aggregated some links. I will paste the information at the bottom.

But for now, I will just give some overview as to what GPG/PGP is, and summarize it in a fashion that is easy to understand.

The Scenario

You want to send Glenn Greenwald a letter. And you need to send him information that even your ISP (Comcast) can’t know about.

You are also in an PC where you have no access to a Desktop environment, and only have command line access.

The first thing you’d want to do, speaking in terms of GPG, is search key servers for his PGP key.

gpg --keyserver keyserver.ubuntu.com --keyid-format short --search-keys GlennGreenwald

This command searches a key-server for any public listing with the text “GlennGreenwald” listed in the associated email or key name. That command will return results that look like this.

(1) Glenn Greenwald <Glenn.Greenwald@riseup.net>
2048 bit RSA key 6E531619, created: 2016-05-19

Since the key is indexed at (1), go ahead and type 1 into your terminal to download Glenn’s public key.

This will import the public key into your GPG keyring.

God I hate adding car keys to that small round thing you have to pry apart in an attempt to coerce your key onto the ring.

Me

With the key imported from the key-server, you need to identify the Key ID, and check the key’s finger print.

The first command will return the key id in a short fashion. In this instance, the KeyId in this output is A693055C

gpg --list-keys --keyid-format short
> pub 2048R/A693055C 2019-04-01

Now use that Key Id to get the key’s fingerprint so you can verify with the key owner that everything matches.

$ gpg --fingerprint A693055C
> Key fingerprint = 79F7 3ABB 0055 3470 A957 C52C AD78 8423 6E53 1619

Now you can take that fingerprint and ask the owner to read you their fingerprint, or you can drop it in Google to see if you can cross reference the numbers. Lots of times, individuals will share their fingerprints on their websites so people can easily verify.

The GPG finger-print is a 32 bit unsigned int that is unique to each key, so you can trust that this short hand representation is truthful.

GPG finger-printing: basically like asking for the first few lines of a file, instead of opening the whole thing.

Showing the Glenn’s public key thumbprint, and the one he has posted on his site.,

Now we can sign the public key which will allow our system to trust Glenn Greenwald’s public key. And with that public key, we can encrypt messages.

gpg --sign-key GlennGreenwald@firstlook.org

And the syntax of encrypting a message with Glenn’s Public key would look like this.

gpg --encrypt --sign --armor -r Glenn.Greenwald@theintercept.com encrypted_message.txt

The original contents of encrypted message.txt were, “HELLO PLEASE ENCRYPT ME” and after encryption, it was a GPG message that can only be read by Glenn Greenwald.


Original contents of encrypted_message.txt
Contents of encrypted_message.txt after encryption.

You could tweet this PGP message, post it on a billboard, or even paint it in graffiti, if you really wanted to. But the only person deciphering that message is Glenn Greenwald.

Now, to send the encrypted message, you’ll want to install the Linux program postfix, if its not already installed on your machine.

sudo apt install postfix

And if it’s already installed but not working, run the reconfiguration option allowing you to enter in your correct information.

sudo dpkg-reconfigure postfix

With postfix, we can now send Glenn a email directly from our Linux machine, whether it resides on a remote server, or within in our home.

mail -s "Secret Message" Glenn.Greenwald@theintercept.com < encrypted_message.txt.asc

This will send him the newly created encrypted message that only he can decrypt. And it will show up in his email like so.

Here is a GIF of the whole process in action.

If on mobile, turn to panoramic. Right click, open image in new tab for Desktop.

Cleanup

So that’s how you would send a PGP encrypted message via the Linux command line.

It doesn’t seem like a perfect system until you implement it yourself since there’s a fair amount of theory involved, but I tried to trim that down the best I could into pointed information that cover’s vast topics in a short time frame.

The exact commands executed in the gif can be found here.

gpg --keyserver keyserver.ubuntu.com --keyid-format short --search-keys GlennGreenwald
gpg --list-keys --keyid-format short
gpg --fingerprint 69CD6E44
gpg --sign-key GlennGreenwald@firstlook.org
gpg --encrypt --sign --armor -r Glenn.Greenwald@theintercept.com encrypted_message.txt
mail -s "Secret Message" Glenn.Greenwald@theintercept.com < encrypted_message.txt.asc

And some notes along with links and images can be found here.

You Might Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *