AuthorTopic: How to do End-to-End Encryption using GPG4USB (Part 2)  (Read 2060 times)

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
How to do End-to-End Encryption using GPG4USB (Part 2)
« on: November 22, 2015, 01:44:16 AM »
How to do End-to-End Encryption using GPG4USB (Part 2)

by Palloy

Part 1 described how to use the basic functions of GPG4USB - the minimum to get up and running. However the application can do more than that, including coping with situations where some other entity is trying to interfere with things.

The problem

Suppose someone sends an email to you, purporting to come from me, but actually coming from them and giving incorrect information. (Faking the From field in an email is easy - it is the basis of much spam and phishing attacks, as I'm sure you already know.) So how do you know the message actually came from me (the holder of my Private Key)?
And how do you know that the message hasn't been tampered with on its way from me?

The solution

The solution is to add something to the message before encryption that is based on my Private Key, so only I have access to it.

That "something" is called my Digital Signature, and GPG4USB generates it for you at the same time as your Private and Public Keys. I won't try to explain how it does it, because it would probably make your head spin (it does mine) - just be assured that it is foolproof so long as you don't lose the privacy of your Private Key.

And because the signature is wrapped around (and effectively includes) the message, it also ensures the message hasn't been changed from the original.

So the process starts off like before, you type your message into GPG4USB:



Then make sure your checkbox is checked, and click on Sign.
This wraps your Digital Signature around your message:



Then continue as before with: check the Recipient, Encrypt, Select All, Copy, Paste into email, Send.

When the Recipient gets the email, as before, they Select All, Copy, Paste into GPG4USB, Decrypt,
and seeing the message is signed, they will click on Verify:



The green verification message at the bottom indicates that I really sent the message, it hasn't been changed along the way, and that the Recipient isn't going to find themselves mugged by The Mob out the back of the Silhouette Club and sent to sleep with the fishes.

On a more mundane level, this is the way that you can be sure that a software update is the real thing, from the real software developers. All Linux software has this Digital Signature Verification process built in automatically for every component of the system.

Encrypting Files

Another thing GPG4USB can do is encrypt files.

Check the box for the Recipient, and Click on File > Encrypt File, and a new window will open where you can either type in the location of the input (clear text) file, or you can click on the "..." button and navigate to the file. If you leave the output (encrypted) filename blank, the new filename will be the input filename plus ".asc". This might not be such a good idea if the file is called "leaked_government_doc.pdf" as "leaked_government_doc.pdf.asc" is still a bit of a giveaway, even if it can't be decrypted.

The encrypted file can be sent as an email attachment, or by any other means.

I think you can guess what the Recipient has to do with the file, yes, File > Decrypt File.

Steganography

Steganography is the art/technology of sending/receiving encrypted messages without appearing to do so.

I mean a message that starts with "-----BEGIN PGP MESSAGE-----" is obviously a seriously encrypted message. While it is not possible to decrypt it without the Private Key, just sending/receiving or even being in possession of a highly encrypted message might become illegal soon.

GPG4USB has a default setting hidden away under Edit > Settings > Advanced > Show steganographic options = unchecked .

If you change that to checked, (and I recommend you do), another item appears on the Menu Bar called, amazingly enough, Steganography, and when you click that, a sub-menu drops down with Remove PGP Header and Add Header. Try it.

So if someone sends you a message containing something that looks like a PGP message but without the headers, click Steganography > Add Header and then Decrypt it in the usual way.

Hmmm, that wasn't all that clever. If it "looks like a PGP message", it's probably still going to get you into trouble. What we need to do is make the message appear like something else entirely, something completely innocent. "Honest, your honour. It's just a picture of my cat!"

continued in Part 3
« Last Edit: December 11, 2015, 12:40:13 AM by Palloy »
The State is a body of armed men

Offline RE

  • Administrator
  • Chief Cook & Bottlewasher
  • *****
  • Posts: 39790
    • View Profile
Re: How to do End-to-End Encryption using GPG4USB (Part 2)
« Reply #1 on: November 22, 2015, 02:24:48 AM »
You haven't yet gone over encryption of non-text  based files, aka images, audio & video.

I found a few open source encryptors for this stuff, but haven't downloaded them or tried them out as of yet.

RE
Save As Many As You Can

Offline Petty Tyrant

  • Cannot be Saved
  • Sous Chef
  • *
  • Posts: 4573
    • View Profile
Re: How to do End-to-End Encryption using GPG4USB (Part 2)
« Reply #2 on: November 22, 2015, 02:49:41 AM »
http://www.siliconbeat.com/2015/11/16/after-paris-attacks-a-renewal-of-calls-against-encryption/
ELEVATE YOUR GAME

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
Re: How to do End-to-End Encryption using GPG4USB (Part 2)
« Reply #3 on: November 22, 2015, 06:11:42 AM »
Quote
You haven't yet gone over encryption of non-text  based files, aka images, audio & video.

It doesn't matter what is in the files - text, images, audio, video. You can just encrypt them with GPG4USB.  Maybe some limit at 2GB file size on some computers.

The problem with all this stuff is keeping the software up to date.  GPG4USB uses the GnuPG library, which now comes in 8 modules.  GPG4USB v3.3.1-1 is only 6 months old and already every module in the library has been updated, some several times.  I'm thinking of joining the team and getting updated releases out quicker.
The State is a body of armed men

Offline RE

  • Administrator
  • Chief Cook & Bottlewasher
  • *****
  • Posts: 39790
    • View Profile
Re: How to do End-to-End Encryption using GPG4USB (Part 2)
« Reply #4 on: November 22, 2015, 06:22:47 AM »
Quote
You haven't yet gone over encryption of non-text  based files, aka images, audio & video.

It doesn't matter what is in the files - text, images, audio, video. You can just encrypt them with GPG4USB.  Maybe some limit at 2GB file size on some computers.

How do you do that?  You can't paste a video into the text box.

RE
Save As Many As You Can

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
Re: How to do End-to-End Encryption using GPG4USB (Part 2)
« Reply #5 on: November 22, 2015, 12:42:38 PM »
Read the section about Encrypt Files above.
The State is a body of armed men

Offline jdwheeler42

  • Global Moderator
  • Sous Chef
  • *****
  • Posts: 3338
    • View Profile
    • Going Upslope
Re: How to do End-to-End Encryption using GPG4USB (Part 2)
« Reply #6 on: November 22, 2015, 04:12:40 PM »
Hmmm, that wasn't all that clever. If it "looks like a PGP message", it's probably still going to get you into trouble. What we need to do is make the message appear like something else entirely, something completely innocent. "Honest, your honour. It's just a picture of my cat!"
Quote
Dear Friend , Thank-you for your interest in our newsletter
. We will comply with all removal requests ! This mail
is being sent in compliance with Senate bill 1623 ,
Title 1 ; Section 305 . This is different than anything
else you've seen ! Why work for somebody else when
you can become rich as few as 60 weeks ! Have you ever
noticed most everyone has a cellphone plus more people
than ever are surfing the web . Well, now is your chance
to capitalize on this ! We will help you process your
orders within seconds and SELL MORE ! You can begin
at absolutely no cost to you . But don't believe us
. Mr Anderson who resides in Alaska tried us and says
"Now I'm rich, Rich, RICH" . We are licensed to operate
in all states ! Don't delay - order today . Sign up
a friend and your friend will be rich too ! Thank-you
for your serious consideration of our offer ! Dear
Friend ; Especially for you - this amazing news ! If
you no longer wish to receive our publications simply
reply with a Subject: of "REMOVE" and you will immediately
be removed from our mailing list . This mail is being
sent in compliance with Senate bill 1625 ; Title 1
, Section 302 . This is not multi-level marketing .
Why work for somebody else when you can become rich
within 75 weeks ! Have you ever noticed people love
convenience and society seems to be moving faster and
faster ! Well, now is your chance to capitalize on
this . WE will help YOU decrease perceived waiting
time by 140% & use credit cards on your website ! You
are guaranteed to succeed because we take all the risk
. But don't believe us . Mr Simpson of Virginia tried
us and says "Now I'm rich, Rich, RICH" ! This offer
is 100% legal ! We BESEECH you - act now . Sign up
a friend and your friend will be rich too . Thanks
! Dear Web surfer , This letter was specially selected
to be sent to you . If you are not interested in our
publications and wish to be removed from our lists,
simply do NOT respond and ignore this mail ! This mail
is being sent in compliance with Senate bill 1619 ,
Title 6 ; Section 303 ! This is different than anything
else you've seen . Why work for somebody else when
you can become rich inside 55 days ! Have you ever
noticed how long the line-ups are at bank machines
and how many people you know are on the Internet !
Well, now is your chance to capitalize on this . We
will help you SELL MORE & process your orders within
seconds . The best thing about our system is that it
is absolutely risk free for you . But don't believe
us . Mr Jones of New York tried us and says "I was
skeptical but it worked for me" . We assure you that
we operate within all applicable laws ! If not for
you then for your LOVED ONES - act now ! Sign up a
friend and you'll get a discount of 80% ! Thank-you
for your serious consideration of our offer .
http://www.spammimic.com/decode.shtml
Making pigs fly is easy... that is, of course, after you have built the catapult....

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
Re: How to do End-to-End Encryption using GPG4USB (Part 2)
« Reply #7 on: November 22, 2015, 06:12:37 PM »
Quote
http://www.spammimic.com/decode.shtml

 :D
The State is a body of armed men

 

Related Topics

  Subject / Started by Replies Last post
10 Replies
2113 Views
Last post June 06, 2017, 01:54:29 AM
by Palloy
2 Replies
976 Views
Last post November 22, 2015, 06:19:59 PM
by Palloy
0 Replies
69 Views
Last post October 03, 2019, 02:10:38 PM
by RE