Jump to content

Encrypted/Signed Emails and Attachments


V.T. Eric Layton

Recommended Posts

Guest LilBambi

Here's my new one:

 

 

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: GnuPG v1.4.12 (GNU/Linux)

 

mQMuBFIgt6ERCACbVC2wZXMrgayMp404GNtbbP50bH+jTx+vTnCscNAXTqifF9nj

0IyJzSCDrZpbv5z4MaLFrKntFDEMo9DjVrzR2TziAngmihbub9RWZmuCPFiqv+j8

xf9HjaK7yRlHDtGgwDNpvLUTJSNgwXqDMZkDmd4a6UrMNHhoZijS4IUN9Jn9EWqf

qpeyyiE2dVBFRfeodasmZ+kC8vnXqQ1xWScldthaIBYWFwMrkUx2BUfYBuVEnVev

PUQiExiTYyhTQTZ8SmTuDMMn2NwmHz0NIngv2NUECLGzUPzGjSJVCVJGsrVFvsAf

PJmETosSL/5YDLSki+J2yta8n7IP/mnj++TzAQC/EXr15PBb6rQJVdwk2w7b2yys

vpzSdHLQZb8pjfoXhwf/fQNb38q2sJrCarFaLl4Xaco7pXXVeX/YJ09UFLGKpf/J

P+ljHGpZvSKVyjuJn0HvQthLX3CaIKTo+6OmO3EcRrBjLNtFDzgRDScr5oNOs++x

G3HO1J+irZcGhqMmAhnuQmzZaoZzklWspqFxPcLabEFOD2tWfDHxSQw8Wx9dKze4

0a8xma5PdqplhlxVJV8y0XnGGaef+9EBYeZgr2xgei36RC4JNKOh7iqLDkWdrvoh

dJqihYFcO9LuXXIl0uLIkvKlGM0dlXpH0P7N1fndHgGsrP4PJ0uR4KSX0srLPSrs

WczE3m+MrsR7I+VilXoufbFGbi55QnlZhqebYDsPaAf+JjdZXVdRjhVAsW0RoasY

WLHFB4pW2CgC37hnWaicjNak+6Zc7GEtUm2eawb3Fxrt/H0K5ioia+2zKvI7usgY

g4s02T+NpKuj+qGU5locpi0Tet2iQ6XM5dTCRGAGvZK542Jk7B1ASLcVgs1Xvoc+

NsiLo0NpjqTJ/rjZJhfL+2+LqHUqn6boFsrzB0kAq9wjyhTNc0pDEGlafbJvaEdS

M5aIuTGq+WMxJqrJHd2R/Ea6hg+AC+fH+cCDU8aWvLAhy7a2M8x4yHK0mHcDbpGS

KOgNFbyjaSETmYfFFC3BdPyEWjYSiIj7Wm4ZwrlqYDOdHaR7v4OYfswu2w2uC8kT

oLQ4RnJhbiBQYXJrZXIgKEZyYW4ncyBsaWxiYW1iaSBnbWFpbCkgPGxpbGJhbWJp

QGdtYWlsLmNvbT6IgAQTEQgAKAUCUiC3oQIbIwUJAHanAAYLCQgHAwIGFQgCCQoL

BBYCAwECHgECF4AACgkQxro86Ya3T5smPQD7BSM94kgKUzU3i8YVAat7x0Vs8XI3

YTyIhl7rX6QKrNMA/34rNN9tasz4QLpoMHiBU4bqPVFbXgicfi6RqSYyIyXhuQIN

BFIgt6EQCAC7b1/Ss0s2qsQ2wdQbU/BcIVEyH5+sthkCLv+l8RO3Nb9pBLhf9x8D

5Caur8Fr1I8h6pyP5Lc+eUtZ3af32WIxm5O63ZquJyjQy7O9z1+9Py7uhEdqGdGA

Qq9zdCW1X8Ia7wVEifi7WkvTkgji7S9omoeH9hjE8hx5KR0oWJHsyxeWdudLy6nT

L4AYCmWQu5YDvLvTq9j4AZi9p1N6rAtuWw9NmcQLUp+/DgfYyMiMpRwu9+1x+y5e

sdh0bBtKxbgsQCD6nfBW/d7A82seZ2aB1+p/0a97EqcCm4dxlaVj8brWPE/GT5PD

VZ8Q7zvZQbJkWkffxPNlVkvD9mhljFibAAMGB/9c4T+47I8kFiCUPiWfdkPZkchs

VgTva1yBRDdjthfv6s7i94Hbn4bNEagsHaDRiWt4nF8K/UfkO9Yty/EWTUFgOrIJ

S6wc2auNSY1Yni6VYXGjcEbUjYCza6vp8/YdiqvBhD1hbvUEMQz6pDTdGqCS+VDF

JWl6VpsWnVGqO0CHJtgCFTgHKdg1hdaqqX4vz/FD0M/5Bno9+4FFvJJjKtBu36yu

djgB5uEPUB0WD+1IuTuGr1MnPQsMEw7P56H+a6iwryrRZuvLe3/0tIVI5iBG0C2g

0pxP0oUZ465H0uneVIuafZTnvQeHfTRdd42F7943VMbbDMV57xnNg2ZebOg5iGcE

GBEIAA8FAlIgt6ECGwwFCQB2pwAACgkQxro86Ya3T5t2CQD+NxLLSu/Lml65LloL

AXX5Zusbrs2BMQvVNZk0mnfPy6IBALRgJmw8a7K8VCRJtzBOz1nZxBz94/QVntMp

dbowd59J

=zsz2

-----END PGP PUBLIC KEY BLOCK-----

 

 

 

It appears that Mailvelope is ok for signing with the encryption level it uses but not for actually encrypted emails.

Edited by LilBambi
Link to comment
Share on other sites

securitybreach

How do you import keys to WebPGP. It has a tab for public keys but no clickable anything to import keys.

 

Where are you importing it?!

 

You don't as it reads your keyring. Basically if you installed gpg and generated keys/added them; it will show up in WebPGP. I was having issues as the button in gmail wouldn't work half the time so I tried out mailvelope, and it worked beautifully.

Link to comment
Share on other sites

Guest LilBambi

OK, I have created one locally and will be upload to http://pgp.mit.edu

 

 

 

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: GnuPG v1.4.12 (GNU/Linux)

 

mQMuBFIgwtMRCADPP04lUB8g1Cd8EP0diafTjenlI1EaD+2xm27bOk34aHs0NWFL

d+xb8M0vLDjTKqMJdwHIyJjJmbkkaOeVvnDxXfR389uDUiMW4F2V02KZqsLE0bb5

NZ0imykyD22BQGtwlEASkQao9FWbF/qXFwuy6WMvukb3rr1651kT6y7dOoOpBleY

XEOH/ra26QwapO7wurBRGOVqiSTeesUIJEfprdQSWx69seQ1d82+r6/fEzb25HcV

pZcNjhz13c26ms4bwT6sAy2tdqPkVgrGe2JkBoz4k+5sEedAtuwQjp7MprXC982V

NnAnwIazhEXr5bmgxmkpGz49xmxfw22n2Rp/AQCV2ZVRaDs2YTrlFXD29qUWVcnt

BY3EDYtQ5gokvlFnKQf/ZfXJlB1kqqPdVgXKV5nVpfPZupiF2YhlJdlHmzpAw4r4

hjHFk6DcpzuyewuyQI6IKyx9bHE5i1Zk4K+WuHwA1jRV5FoJ9/YgZEAHt4f4ccPV

D5xenWJCEHEgdr/JJUql7FxJcTUedbJafiSB4Hmz8RC/Xd8dk7Z8P1bEjOx55rRq

gDP+pyIDz0t/ynuW7lovU0g3SWUgLPFMQTarv80HdZ+CUWyig00K0L56vlCsXwhy

k0BQMKeP/lmwS0wmo2g8koCu1go12QUnLpY2Rrkp56VPzgkF7Qs6GcQGHwZtyPVQ

6JYdyoiZr8fq5FVJQFCyl8CiV6RsXK0ZEqyWP/b81AgAtWqcc89foDZIjeHoPsEq

ZC8WeLgt4bpvw1v03pdZKw/JytZPOIE46ys9sLKs1lQwRWRUOXsFcJ42fcASLcW1

T/jpr4kiRqQOOo6ZU6FCA8C2DNzPADZOGrCWPnFXWqohNo8hqhaIOWEUiRwQVhzs

zuqsqYsSTBVFMEWnVibGEu95qR536+BuHKu5ZdTNL33l+5UEloiUzciswk/bFNz+

iuh8LfwgSDGx0jdrkwOsGfJWp9/nLtl6Mv0liYyAe8bH9VYPbvfO/xnVKeIm1O4U

JqtCGWuUe2JipUZdkh/B7FU+WqwVKwmugG6ZR7MUpYZAga2SnVTLOQQRwMfHE5QV

o7QpRnJhbiBQYXJrZXIgKEtleSAjMSkgPGxpbGJhbWJpQGdtYWlsLmNvbT6IeQQT

EQgAIQUCUiDC0wIbAwULCQgHAwUVCggJCwUWAgMBAAIeAQIXgAAKCRCYhA92hBf+

aFMyAP9/KnapV0VDKgjRl8uPAYyiW0YWaAv+FLRowAVGpg8sbgEAgzMS44/93u3h

K8oqp+nWEcu6Axp+LzLZdkhPn+EA5ky5Ag0EUiDC0xAIAN1uivrHKsFLj0uNA1rT

+GI7s5rb2Y0l5H2HDRZY44SqNnBoOfRh0WrdoFlMfXcRk73lXlIBA/G6kVSqGuJI

/DH15JcldfolgtqGJJR6LgwJAeGQlGiJclZfT0udExuUjOIvu40u+hUGd7TC61t7

2OGwhu5dK9XpLLnJJMrhmLlzKtTInK8F93ybafElnTVv4IzM53wnRUkeIDdgd2or

CMJwq1SMInJ0F5GgdyDAFn/Hwi1C2HHbGUvSsvvAcIjQ/Vul6LgrVY5DbO+xaHCi

9aKdBfd+gLiyr+EDE/X00slEDPJE55dh9hdlrHsQzB1SLR8rJrOG0f7cc/BHNA9O

pisAAwUIAJGyXJsDadOJ2nRjgd76Rv7EcFzi4CkKxMNz2ml38eMkFBMv3KJcHUH2

/4G+hYiWRiJe++vCTEWtapKdu5VdXhdt/x1XJTFkA7NS9CA+tC2iUGn2LF5RbFg/

umaY3IquQImdbpyn6+AAxd8aegXjfXpoLKJnPqQcUYfrY3oUi52nhnUGx00/jehc

zcg/dJghepFAoLrb9dJ9KskA+/SmGQLPNqHKRV4iGrXDcngXqC3IJq9a19kZi+Kl

tL/mnr1OKX9SQWebgQa+KDo2hLe5I/Mlir2IeNfzA1yaG1uH3LDDIzllLbpXTam8

CTHz6W1Y0Yel6PkGf6b0Nwu5M3TjGpOIYQQYEQgACQUCUiDC0wIbDAAKCRCYhA92

hBf+aOfHAQCDEt1DSfOLuLXrrBwWywuJvaeFvuSYdlTgDdsw336QvwD/YY2RdfDe

Mxb0pqHc31HI6LUhR7NrhnBB9y1ocMCGcwM=

=mRnz

-----END PGP PUBLIC KEY BLOCK-----

 

 

Link to comment
Share on other sites

Guest LilBambi

OK! It's working great so far! Have tested with Josh and works both ways with my new key above.

 

I finally decided to go ahead and create my key using commandline linux instead of creating one in Mailvelope.

 

I then imported my keys.

 

Then imported other's keys. And Mailvelope is working great!

Link to comment
Share on other sites

V.T. Eric Layton

I create different key sets for different purposes. For example, I have a discrete set for personal document encryption. I also have a set for email encryption only. You get the idea.

 

Fran, I dowloaded your pub keys off the server. I don't know which ones to use for email. If the one above is DEFINITE FOR SURE you pub key for email, I will store it instead of the others I have. :yes:

 

Ah... it was the key above that I already had. COOL!

  • Like 1
Link to comment
Share on other sites

Guest LilBambi

Hi Eric, the one with my name with comment key #1 is the correct new key.

 

Sorry for the confusion. I shouldn't have uploaded my key till I was sure it was working right.

 

The the last one I posted here in post #37 is the right one for email.

Link to comment
Share on other sites

Guest LilBambi

That's their problem. And won't they be surprised when it is just normal emails. :hysterical:

 

Here's a link to my Public Key ... didn't realize you could link to your public key on the server like that.

 

Very cool!

 

Thanks Josh for finding that out.

Link to comment
Share on other sites

V.T. Eric Layton

Well they did say that they monitor and collect all encrypted communication until they can crack it. http://www.forbes.co...es-to-crack-it/

 

Good luck with the cracking...

 

Security quality

 

To the best of publicly available information, there is no known method which will allow a person or group to break PGP encryption by cryptographic or computational means. Indeed, in 1996, cryptographer Bruce Schneier characterized an early version as being "the closest you're likely to get to military-grade encryption."[1] Early versions of PGP have been found to have theoretical vulnerabilities and so current versions are recommended. In addition to protecting data in transit over a network, PGP encryption can also be used to protect data in long-term data storage such as disk files. These long-term storage options are also known as data at rest, i.e. data stored, not in transit.

The cryptographic security of PGP encryption depends on the assumption that the algorithms used are unbreakable by direct cryptanalysis with current equipment and techniques. For instance, in the original version the RSA algorithm was used to encrypt session keys. RSA's security depends upon the one-way function nature of mathematical integer factoring.[2] Similarly, the symmetric key algorithm used in PGP version 2 was IDEA, which might at some point in the future be found to have previously undetected cryptanalytic flaws. Specific instances of current PGP or IDEA insecurities (if they exist) are not publicly known. As current versions of PGP have added additional encryption algorithms, the degree of their cryptographic vulnerability varies with the algorithm used. In practice, each of the algorithms in current use are not publicly known to have cryptanalytic weaknesses.

New versions of PGP are released periodically and vulnerabilities are fixed by developers as they come to light. Any agency wanting to read PGP messages would probably use easier means than standard cryptanalysis, e.g. rubber-hose cryptanalysis or black-bag cryptanalysis i.e. installing some form of trojan horse or keystroke logging software/hardware on the target computer to capture encrypted keyrings and their passwords. The FBI has already used this attack against PGP[3][4] in its investigations. However, any such vulnerabilities apply not just to PGP but to any conventional encryption software.

In 2003 an incident involving seized Psion PDAs belonging to members of the Red Brigade indicated that neither the Italian police nor the FBI were able to decrypt PGP-encrypted files stored on them.[5]

A more recent incident in December 2006 (see United States v. Boucher) involving US customs agents and a seized laptop PC which allegedly contained child pornography indicates that US government agencies find it "nearly impossible" to access PGP-encrypted files. Additionally, a judge ruling on the same case in November 2007 has stated that forcing the suspect to reveal his PGP passphrase would violate his Fifth Amendment rights i.e. a suspect's constitutional right not to incriminate himself.[6][7] The Fifth Amendment issue has been opened again as the case was appealed and the federal judge again ordered the defendant to provide the key.[8]

Evidence suggests that as of 2007, British police investigators are unable to break PGP,[9] so instead have resorted to using RIPA legislation to demand the passwords/keys. In November 2009 a British citizen was convicted under RIPA legislation and jailed for nine months for refusing to provide police investigators with encryption keys to PGP-encrypted files.[10]

 

The above from https://en.wikipedia.org/wiki/Pretty_Good_Privacy

 

No wonder NSA and FBI hate it when people use encryption. ;)

 

That's their problem. And won't they be surprised when it is just normal emails. :hysterical:

 

Here's a link to my Public Key ... didn't realize you could link to your public key on the server like that.

 

Very cool!

 

Thanks Josh for finding that out.

 

Cool. I didn't know you could do that. I have mine served on my home page (click the little house in my siggy) from my own hosting account.

  • Like 1
Link to comment
Share on other sites

securitybreach

Yeah good luck cracking PGP (GPG), especially my 4096- bit key B)

 

Cool. I didn't know you could do that. I have mine served on my home page (click the little house in my siggy) from my own hosting account.

 

:thumbsup:

Link to comment
Share on other sites

Hello,

 

I think it is very likely that intelligence services have the means to decrypt encrypted data, such as communications and files. In some cases, it might be nearly instantaneous, while at other times, it might require them scheduling computing resources to do so. Such tasking is probably done on a priority basis, i.e., "Is this a matter of national security which represents an imminent threat to the US?" "No." "Okay, go to the back of the queue.", since it delays the processing of other data.

 

You might even get an idea of when something interesting is going on by mapping the thermal output (via satellite) of intelligence agencies' data centers.

 

Regards,

 

Aryeh Goretsky

  • Like 1
Link to comment
Share on other sites

V.T. Eric Layton

Hello,

 

I think it is very likely that intelligence services have the means to decrypt encrypted data, such as communications and files.

 

I have to disagree with you here, Aryeh, regarding 2-key, random hash PGP encryption. If my understanding of PGP is accurate, there is very little possibilty that anyone can decrypt it using hacking or brute force methods. Unless Big Bro has some fabulously advanced alien technology, I don't see them breaking PGP that easily.

 

Cracking the Code

 

Zimmermann is not optimistic about the investigators' chances of success. "The very best encryption available today is out of reach of the very best cryptanalytic methods that are known in the academic world, and it's likely to continue that way," he said.

 

Sources close to the investigation have suggested that they may even have to turn to talented hackers for help in breaking into the seized devices. One of the magistrates coordinating the inquiry laughed at mention of the idea. "I can't say anything about that," he said.

 

The technical difficulty in breaking PGP was described by an expert witness at a trial in the U.S. District Court in Tacoma, Washington, in April 1999. Steven Russelle, a detective with the Portland Police Bureau, was asked to explain what he meant when he said it was not "computationally feasible" to crack the code. "It means that in terms of today's technology and the speed of today's computers, you can't put enough computers together to crack a message of the kind that we've discussed in any sort of reasonable length of time," he told the court.

 

Russelle was asked whether he was talking about a couple of years or longer. "We're talking about millions of years," he replied.

 

From http://www.pcworld.com/article/110841/article.html

  • Like 1
Link to comment
Share on other sites

securitybreach

I have to disagree with you here, Aryeh, regarding 2-key, random hash PGP encryption. If my understanding of PGP is accurate, there is very little possibilty that anyone can decrypt it using hacking or brute force methods. Unless Big Bro has some fabulously advanced alien technology, I don't see them breaking PGP that easily.

 

 

 

From http://www.pcworld.c...41/article.html

 

That is what I was thinking Eric :thumbup:

Link to comment
Share on other sites

V.T. Eric Layton

I'm not saying it can't be broken. I'm just saying that from all I'm reading, PGP is not a pushover for pimply-faced Russian hackers named Yuri. Who really knows what the NSA can and cannot do? Know what I mean, Jelly Bean?

  • Like 1
Link to comment
Share on other sites

Hello,

 

The underlying algorithms might be secure (or at least highly-resistant), but that does not mean every implementation of them is.

 

If I were trying to keep information from law enforcement, I would not rely on encryption alone.

 

Regards,

 

Aryeh Goretsky

  • Like 1
Link to comment
Share on other sites

securitybreach

Hello,

 

The underlying algorithms might be secure (or at least highly-resistant), but that does not mean every implementation of them is.

 

If I were trying to keep information from law enforcement, I would not rely on encryption alone.

 

Regards,

 

Aryeh Goretsky

 

Agreed but I imagine GnuPG is a good implementation due to it being open source.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...