Friday, 1 May 2015

Email Encryption using OpenPGP in Evolution Email Client

In this tutorial, Batul will create a public-private key pair. And give her public key to her friend Shabbir so that he can send encrypted emails to her.

Shabbir will encrypt an email using Batul's public key and send the encrypted email to her. Batul will decrypt the encrypted email using her private key.

Since nobody else knows Batul's private key, only Batul can decrypt the encrypted email. 

Batul's Machine:

1) Install package
[batul@server3 ~]$ sudo yum -y install gnupg2

2) Generate public-private key pair. Enter passphrase to protect the private key. 
[batul@server3 ~]$ gpg2 --gen-key


3) List the key.
[batul@server3 ~]$ gpg2 --list-key
/home/batul/.gnupg/pubring.gpg
------------------------------
pub   2048R/13A3D971 2015-04-30
uid                  batul dahod (batul's encrpt key) <batul@mycompany.com>
sub   2048R/8AE3A0FA 2015-04-30

4) Save the public key in a file.
[batul@server3 ~]$ gpg2 --export "batul dahod" > batul.pub

5) The public key file 'batul.pub' is given to Batul's friend Shabbir , so that he can send encrypted email to her.

Shabbir's Machine:
1) Install Batul's public key
[shabbir@meru ~]$ gpg2 --import batul.pub
gpg: key 13A3D971: public key "batul dahod (batul's encrpt key) <batul@mycompany.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

2) Configure Evolution Email Client
    Click Applications, click Office, Click Evolution.
    In the Evolution main menu, Click Edit, Click Preferences,
    Select Account Name shabbir@mycompany.com, click Edit
    In the left tab, Click Security
    Select the option Always trust keys in my keyring when encrypting
    Save the settings and exit.

3) Send encrypted mail to Batul.
    On the Evolution main screen, click New to Compose a new mail message
    In the Compose Message menu, click Options. Click PGP Encrypt.
    Enter Batul's email id and other email details and click Send to send the message.

    The encrypted message has been sent. Batul's email client will decrypt the mail using her private key.


Part 2: Digitally Signed Email

In this tutorial, Batul will digitally sign an email  using her private key and send the email to Shabbir. Shabbir's email client will verify the signature on the email using Batul's public key.

Since nobody else knows Batul's private key, only Batul could have signed the email. So Shabbir can be sure that the email has been sent by Batul and that it has not been modified in transit. 

 
Batul's Machine:
1) List the key and note down the OpenPGP Key ID. It will be configured in the email client.
[batul@server3 ~]$ gpg2 --list-key
/home/batul/.gnupg/pubring.gpg
------------------------------
pub   2048R/13A3D971 2015-04-30
uid                  batul dahod (batul's encrpt key) <batul@mycompany.com>
sub   2048R/8AE3A0FA 2015-04-30

2) Configure Evolution Email Client
    Click Applications, click Office, Click Evolution.
    In the Evolution main menu, Click Edit, Click Preferences,
    Select Account Name batul@mycompany.com, click Edit
    In the left tab, Click Security
    Enter the OpenPGP Key ID as noted in step 1. (13A3D971 in this example)
    Save the settings and exit.

3) Send signed mail to Shabbir.

    On the Evolution main screen, click New to Compose a new mail message
    In the Compose Message menu, click Options. Click PGP Sign.
    Enter Shabbir's email id and other email details and click Send to send the message.

    The signed message has been sent. Shabbir's email client will verify the signature using Batul's public key.

No comments:

Post a Comment