Gnu's Not UNIX (GNU) Privacy Guard (GnuPG) is a powerful, free security tool that complies with the OpenPGP standard and emulates pretty good privacy (PGP) functionality. You can use GnuPG to create and manage key pairs, encrypt and decrypt data, digitally sign documents, and validate signed data. (For more information about GnuPG's history and functions, see the sidebar "All About GnuPG.") However, GnuPG was developed as a command-line program for use on UNIX machines, and the product's Windows port (which operates on Windows 98 and later) maintains the command-line approach. Most Windows users are unlikely to use command-line tools for an intangible (albeit important) benefit such as increased security.
To counteract this problem, you can install Windows Privacy Tools (WinPT)—a free GnuPG Windows GUI front end. You must install WinPT locally on each user's system. I tested the software on Windows 2000, but you can also run WinPT on Windows NT or Win98 (the software should also work on Windows Server 2003 and Windows XP). WinPT is a docked applet that works with Windows Explorer to control GnuPG behind the scenes, letting users create and manage key pairs and encrypt and decrypt files. WinPT also provides clipboard functionality and keyboard shortcuts for signature, verification, encryption, and decryption tasks. The program offers automatically and manually installable plugins for most popular email programs. Another plugin is GnuPG-Relay, software that can automatically sign or encrypt all outgoing email messages. Table 1 lists the supported email programs and plugin download locations.
With WinPT and GnuPG, users can easily improve the security of their files and email messages; managers especially prize the ability to digitally sign messages. As an administrator, I often digitally sign software that I send to users. You can use these free tools to create, publish, import, and validate keys as well as to encrypt, decrypt, sign, and verify files. Each user creates a public key and a private key, collectively known as a key pair. Each user can freely share his or her public key through Web pages, email messages, or special public databases known as keyservers. The private key must remain solely in the possession of the user who created it. When you use a public key to encrypt a file, that file can be decrypted only by using the corresponding private key. You can also use a private key to sign files or messages; anyone with possession of the corresponding public key can verify that you signed the data. GnuPG supports many encryption algorithms, including Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES), so many experts consider GnuPG to be secure. GnuPG can verify and decode signatures and encrypted files made with PGP, and vice versa. After you understand the basics of how the tools work, you can put them to use—and teach your users to do the same.
Installing WinPT and GnuPG
If you download WinPT from http://winpt.sourceforge.net, the software installs GnuPG for you. For simplicity's sake, I'll refer throughout this article to WinPT, even though WinPT carries out functions through GnuPG running in the background. WinPT supports numerous languages, including English, French, German, Italian, and Spanish (the WinPT system tray application supports a half-dozen others, including Chinese and Russian). Download the WinPT - Windows Privacy Tools complete package (as of this writing, the most recent version is WinPT 1.0rc2, a release candidate—RC). After the download is finished, verify the download's success, as the sidebar "Verifying the Download" explains.
Next, double-click the WinPT installer executable to start the installation process. Be sure to read the GNU General Public License (GPL) agreement carefully before accepting it. After agreeing to the license, the program prompts you to choose an installation path and the WinPT components that you want to install. In addition to the WinPT system tray application, you can install a copy of the WinPT handbook, email plugins for Microsoft Outlook Express and Qualcomm Eudora, language files, and WinPT Explorer extensions, which enable Windows Explorer context-menu options for GnuPG functions. The installation program then prompts you to choose the startup options and program language that you want WinPT to use.
Next, the program presents advanced installation options, as Figure 1 shows. You can choose between two GnuPG versions: the Official GnuPG build, which is the recommended option and which the information in this article deals with, or the Nullify build. Either build is interoperable with other OpenPGP software, but the Nullify build includes three additional algorithms—International Data Encryption Algorithm (IDEA), Tiger, and Secure Hash Algorithm-2 (SHA-2)—and is compiled with a native Visual C++ (VC++) compiler, increasing efficiency and speed. However, IDEA is patented in the United States and Europe, so you can't use the Nullify build for commercial purposes. After you choose the GnuPG version, select a secure, backed-up folder in which to keep your key pairs. Then, click Install and let the installation wizard do its magic.
After the installation is finished, you need to start WinPT. When you do so, the WinPT icon, which looks like a key combined with the at (@) symbol, will appear in the system tray. The WinPT system tray application controls all GnuPG functions.
Creating and Publishing Keys
To begin using WinPT, double-click the system tray icon. This action opens the Key Manager window, which will be empty because you haven't yet created any keys. To create a key pair, select Key, Generate from the menu bar. In the Key Generation dialog box, which Figure 2 shows, choose a key type; the default type (i.e., digital signature algorithm—DSA—and El Gamal algorithm—ELG) is cryptographically secure and more efficient than RSA. The default subkey size in bits (i.e., 1792) is also sufficient to defend against most potential adversaries.
The next three fields—User name, Comment (optional), and Email address are self-explanatory. You can also choose an expiration date for the key; after this date, you'll no longer be able to use the key to sign or encrypt data (although you'll still be able to verify and decrypt data you encrypted before the expiration date). The default is to never expire. (I typically set my keys to expire after 1 year, but this option is easier to use in small companies. When a key expires, you must create and distribute a new key—a process that can be time-consuming in a large organization.) Last, enter and verify a passphrase. Note that the field specifies a passphrase, not a password. The key pair is the weakest link in the GnuPG system, so advise users to devise a phrase that will be invulnerable to a brute-force attack—for example, a few sentences that contain special characters and numbers.
After you complete the key-generation information and click Start, the program computes a public-and-private key pair. Depending on the computer's speed and amount of available entropy (i.e., randomness), this process can take a few minutes. Moving the mouse, typing, or any other use of the system's disk all increase the amount of entropy in the system and speed key generation. After the program completes the computations, it prompts you to back up your key pair. Click Yes and store the backup copy somewhere safe (e.g., a CD-ROM in a locked box). The Key Manager window should now display your public key, as Figure 3 shows. If the key doesn't appear, select Key, Reload Key Cache from the menu bar. Keep in mind that your public key is meant to be shared so that others can encrypt to you; your private key is meant to be kept secret.
Immediately after creating a key pair, create a revocation certificate. That way, if a key is lost or compromised, you can revoke the key and prevent any further use of the key pair (you can still verify signatures made before the revocation). To create a revocation certificate for a key, right-click the key, choose Revoke from the context menu, then enter the necessary information. The certificate is a short text file, which you should place in a secure location (you might want to print the revocation certificate). Should the need arise, you can revoke the key simply by selecting Key, Import from the menu bar, then choosing the certificate.
After creating a key pair, you can distribute the public key through email or a Web page or you can publish the key (or revocation certificate) to a public keyserver. To see a list of available keyservers, right-click the key and select Send to Keyserver from the context menu. All the listed servers mirror one another, so you can select any server (you can identify the location of some of these servers according to their names). You can also export an ASCII-formatted public key by selecting Key, Export from the Key Manager menu bar, then selecting an export location. You then can post the key on an Internet or intranet site, from which other users can import the key back into WinPT.
You can also use WinPT to import other individuals' public keys. Selecting Keyserver from the menu bar opens the Keyserver Access dialog box, which Figure 4 shows and which lists available keyservers. When you enter an email address or Key ID in the text box at the bottom of the dialog box and click Search, WinPT attempts to locate the specified public key. (The Key ID is an eight-digit hexadecimal string beginning with 0x—for example, 0x132DE069. You can find your own keys' Key ID in the Key Manager window's Key ID column.) To download a key, select it, then click Receive; the key appears in the Key Manager window.
Another way to import keys for which you know the Key ID or email address is to run a search on that information at http://www.pgp.net/wwwkeys.html. Doing so returns an ASCII-formatted version of the key, such as the (abbreviated) one that Figure 5 shows. Select the key text, including the BEGIN and END lines, and copy it into the clipboard. Then, you can right-click an existing key in the Key Manager window and select Paste Key from Clipboard. A verification dialog box appears; when you click Import, the imported key appears in the Key Manager window. This process showcases WinPT's handy clipboard functionality. To import a public key from a plain-text file (e.g., a saved email message), simply select Key, Import from the Key Manager menu bar, select the appropriate text file from the Key Import dialog box, click Open, then click Import. The text file can include text other than the key text.
Validating Keys and the Web of Trust
After you import a key, you should validate and sign the key. Although these steps aren't strictly necessary, validated keys are more trustworthy and sending encrypted messages to individuals whose keys aren't validated will prompt a warning from WinPT. Signing a public key with your private key indicates that you trust the key and its owner, and you can use signed keys to create a web of trust with other trusted individuals.
To validate a public key, right-click the key in Key Manager and choose Properties from the context menu. The Key Properties dialog box displays the key's fingerprint, which is a 40-digit hex number, broken into 10 blocks of four digits, as Figure 6 shows. You need to speak with the key's owner face-to-face or over the telephone to confirm the fingerprint's validity. If the fingerprint doesn't match, someone has falsified your copy of the key. If the fingerprint is correct, close the Key Properties dialog box, right-click the key, and choose Sign. In the resulting dialog box, enter your passphrase, then clear the Sign local only check box so that you can export the key's validation to others. After you click OK, a dialog box opens and asks you to choose the appropriate veracity level. This level lets others know how much trust you have in the individual's verification of key fingerprints.
To determine whether others have validated a public key, you can right-click the key in Key Manager and select List Signatures. This action displays a list of all the keys (including the public key owner's private key) that have signed the public key. (Any listed keys that don't belong to you contain the text User ID not found in the User ID column.) This list can help you decide whether to trust—or sign—the key.
Encrypting and Decrypting Files
After you create a key pair and import at least one other public key, you can encrypt files. Suppose you have a text file named secret.txt; this sample file contains the words confidential information. Right-clicking the file in Windows Explorer opens a drop-down menu that includes WinPT as an option. Select this option, then click Encrypt to open the Encrypt Files dialog box, which Figure 7 shows. This dialog box lists the User IDs of all the public keys that you've obtained. You can select as many of these IDs as you want; all selected individuals will be able to decrypt the file. Keep in mind that you must select your own UserID as well if you want to be able to decrypt the encrypted file yourself.
To encrypt the file in ASCII format (e.g., to make the form suitable for email transfer), select the Text Output check box. The encrypted file will have the same name as the original file, with .asc appended to the name (e.g., secret.txt.asc), and will appear in the same directory as the original file. If you choose typical (i.e., nonASCII-compatible) encryption, the encrypted file's filename will end in .gpg (e.g., secret.txt.gpg).
If you want to securely delete a file by repeatedly overwriting the file's sector on disk, select the Wipe Original check box. (You can accomplish the same task by right-clicking an item in Windows Explorer and selecting WinPT, Wipe from the context menu.) Be aware, though, that the deletion process is time-consuming and disk-intensive, especially for large files.
To decrypt an encrypted file, right-click the file in Windows Explorer and select Decrypt/verify to open the dialog box that Figure 8 shows. After you enter your passphrase and click OK, the decrypted file appears in the working directory under its original filename (e.g., secret.txt).
You can also use WinPT's clipboard functionality to encrypt and decrypt data. To encrypt data, copy the data to the clipboard, then press Ctrl+Alt+E. WinPT prompts you to select a public key, then encrypts the data, which you can then paste into any application. To decrypt or verify encrypted data, follow the same process but press Ctrl+Alt+D. (To change these hotkeys, right-click the WinPT system tray icon, then select Preferences, WinPT and enter the hot key values you prefer.)
Another great use for GnuPG is authentication of files and email messages. When you sign data with your private key, any user who has your public key can verify your signature. This feature works wonderfully when sending software to users.
To sign a file, right-click it in Windows Explorer and select WinPT, Sign from the context menu. Select a signing key and enter your passphrase. The two available signature options are Text Output and Detached Signature. The Text Output option creates an ASCII-armored signed file. This file has the same name as the original file, with .asc appended to the filename. The Detached Signature option places the signature in a separate file (as opposed to the standard practice of amending the file to include the signature); this separate signature file has the same name as the original file, with .sig appended to the filename. This option is useful when the file isn't plain text and removing the file's headers and footers would be difficult. When the detached signature file and the associated original file are in the same directory, you can double-click the signature file to determine the original file's validity. Otherwise, you can right-click the signature file and choose Verify from the context menu.
To use the clipboard functionality to verify a signature file, copy the signature data into the clipboard and press Ctrl+Alt+D. To use the clipboard functionality to sign data, copy the data to be signed into the clipboard, then press Ctrl+Alt+S. Doing so automatically uses the ASCII-armor format for the signature. For example, to sign an email message (in any email client), copy the entire typed message from the email client window into the clipboard. Press Ctrl+Alt+S, then paste the clipboard contents back into the message window. The message will be sandwiched between a header and signature. To verify your signature, a recipient with your public key can simply copy the message into the clipboard and press Ctrl+Alt+D.
WinPT and GnuPG are powerful tools for both users and administrators. And because GnuPG is 100 percent compatible with the OpenPGP standard (and backward-compatible with PGP), you can rest assured that GnuPG will interact well with other privacy software. To get the most out of GnuPG, I encourage you to read the documentation available at http://www.gnupg.org (if you have access to a UNIX box, consult the man page for plenty of good information). For more information about WinPT, visit http://winpt.sourceforge.net, http://www.nullify.org, or http://www.nullify.org/openpgp.html.