CA's Wireless Site Management 4.0 Tackles Wi-Fi Security
Nov 1

Mac and Linux Not Immune to Viruses
Nov 1

Service-oriented hype to meet hard realities
Nov 1




Today's Term
key translation center: A type of key center (used in a symmetric cryptography) that implements a key distribution protocol to convey keys between two (or more) parties who wish to communicate securely.




Today's Tip
Telnet is a popular way to access a remote system, unfortunately, it is incredibly insecure.
Features 4/12/2001 14:05

Using GnuPG with Pine for Secure E-Mail

By Ryan W. Maple

Page [1]: Introduction and Key Generation
[2]: More Key Generation
[3]: Revocation Certificate and Tips
[4]: pinepgp Configuration and Usage
[5]: More pinegpg Usage and References   
[Printer Friendly]

Many people have no problems sending sensitive data via e-mail. Most of us do not know how easy it is for anybody to read it. Just because somebody holds the title of "Systems Administrator" does not mean they can be trusted. What is stopping them from reading your e-mail? Nothing. This is where PGP comes in; it is easy-to-use encryption meant for the common person.

Other Feature Stories

GnuPG is the GNU Privacy Guard. GnuPG is designed to be a free drop-in replacement for PGP (Pretty Good Privacy), created by Phil Zimmermann. PGP is the de facto standard for e-mail security and file encryption on the Internet. It uses public-key cryptography to ensure secure communication between two parties who may have never even met. GnuPG implements the OpenPGP standard as outlined in RFC 2440.

The purpose of this document is to demonstrate the steps necessary to set up GnuPG and use it with Pine, a popular mail and news client. I will not go into very much detail about the usage and responsability aspects of GnuPG (please refer to the References section for links). I will, however, go into enough detail to ensure that a reader is familiar with the relevant concepts required for sending and receiving PGP signed/encrypted e-mail.

This document also assumes that you have gpg and pinepgp installed on your machine. If you need help compiling/installing either package I would recomend visiting:


If you are using an RPM-based system, the pine RPM included with EnGarde 1.0.1 included pinegpgp. It can be found at:

To install this package, simply "rpm -Uvh <RPM>".

(Note: In all of the key generation examples I generate a new, ficitious, key. This key no longer exists and it is not valid, so please do not try to contact me using it. In the pinepgp usage examples I use my real key (0xD3292967) which can be found on the keyservers.)

Key Generation

After installing GnuPG you will need to execute the command 'gpg' one time to set up your ~/.gnupg directory:

    [ryan@mastermind ryan]$ gpg
    gpg: Warning: using insecure memory!
    gpg: /home/ryan/.gnupg: directory created
    gpg: /home/ryan/.gnupg/options: new options file created
    gpg: you have to start GnuPG again, so it can read the new options file

Now you are all set to begin key generation. To generate a new keypair, use the command 'gpg --gen-key':

    [ryan@mastermind ryan]$ gpg --gen-key
    gpg (GnuPG) 1.0.4; Copyright (C) 2000 Free Software Foundation, Inc.
    This program comes with ABSOLUTELY NO WARRANTY.
    This is free software, and you are welcome to redistribute it
    under certain conditions. See the file COPYING for details.

    gpg: Warning: using insecure memory!
    gpg: /home/ryan/.gnupg/secring.gpg: keyring created
    gpg: /home/ryan/.gnupg/pubring.gpg: keyring created


Step 1: Select Key Type

The first step in GnuPG key generation is choosing exactly what type of key you want to generate. You will be presented with a screen such as this:

    Please select what kind of key you want:
       (1) DSA and ElGamal (default)
       (2) DSA (sign only)
       (4) ElGamal (sign and encrypt)
    Your selection? 1

A DSA (Digital Signature Algorithim) keypair is used only for generating digital signatures. An ElGamal (ELG-E) subordinate keypair is used for digital signatures _and_ encryption.

If you want to send somebody an e-mail and simply sign it so they can verify your identity then the DSA keypair is used. If you want to send somebody an encrypted e-mail containing sensitive information then you would sign and encrypt it. Further explination is beyond the scope of this document so if you are interested fast forward to the "References" section.

For most people the default (option '1') is fine: it will allow you to generate standalone digital signatures and encrypt sensitive documents. You should not choose another option unless you know what you are doing. For the purposes of this document we will assume the user has used the default: option '1'.

Next Page ==>
Contact Us | Legal Notice | About Our Site
© Guardian Digital, Inc., 2000