Mini-guide to GnuPG and FireGPG

Submitted by madvip on Thu, 07/24/2008 - 07:52.

In this guide I will explain how to create a keypair (public/private key) and use them with FireGPG to encrypt/decrypt/verify your Gmail communications. What is GnuPG and what is FireGPG? GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440.

Before anything else, you will need to install GnuPG - if you are using a Debian/derivate Linux flavour, installing GnuPG is as simple as this:

sudo apt-get install gnupg

The next thing to do is generate a keypair:

gpg --gen-key

From now onwards you can select the defaults. You will be also asked to generate a passphrase to protect your private key in case it is stolen. Once GnuPG is done, you should see this message:

public and secret key created and signed.

Now you would want to 'advertize' your public key. You may either extract it and give it to your friends, or else, send it to your keyserver/ To extract your public key, type: 

gpg -a --export

You might also need to take a note of your key ID:

gpg --list-keys info@jamesattard.com

To send it to PGP keyserver:

gpg --send-keys --keyserver keyserver.pgp.com [keyid]

Next you'll want to generate a revocation certificate, and place it in a safe place (next to your backup of your key ring).

gpg -a --gen-revoke [keyid]

Where -a is for ascii output, --gen-revoke chooses to generate a revocation certificate, and the [keyid] PGP key number listed next to the key length in gpg --list-keys. If your hard disk dies or someone steals your keys and cracks the passphrase, you can still revoke the key. A small safe is a good place to store your floppy (or burnt CD) containing a backup of your keys and revocation certificates. Be sure to store the keys and certificates in ASCII format. Different PGP/OpenPGP implementations use different binary formats that may not be compatible.

Ok so now you have a keypair, a revocation certificate, and your public key is on a public keyserver. Now you are ready to start sending encrypted emails from Gmail. To be able to send encrypted communication with Gmail, you need to install FireGPG which is a Firefox extension (you can download it from Mozilla's site). Installation is automated by Firefox. To send an encrypted email, you will be asked to choose which private key to use to sign your email (in case you have more than one private key), and which public key to use (i.e. recipient's public key) to encrypt your email. Easy as that!

»