How to Use FireGPG for PGP Mailing

Buddies,
Its ostensible to the network security community that what is PGP !! But still to give an overall idea about what it is, i am describing it in short. Rather than writing a full history about pgp definition or origin let me finish the intro part in too short as I don’t want to write a full composition about its intro. Then later on we will jump into our main theme for which we are reading this article.

Introduction:
PGP stands for Pretty Good Privacy and in a popular encryption algorithm to encrypt or decrypt mail over the wire. which is developed by Phillip Zimmerman.Its one one the most common way to safe guard your messages as its free, effective and very easy to use. PGP encryption uses public-key cryptography and includes a system which binds the public keys to a user name and/or an email address. PGP is also used for integrity checking. Below is an image which shows how PGP encryption works over the wire and how it encrypts the plain text messages.

PGP Encryption Methodology

PGP Encryption Methodology

FireGPG:

FireGPG is a Firefox addon which is used to send PGP mails through the help of PGP key chains. FireGPG can be downloaded from the official Firefox Add-on lists. FireGPG is neither a key manager nor a sub-branch of PGP encryption mechanisms. Its just an interface which is used to use the full functionality of PGP through GnuPG.

Using GnuPG for Key Generation:

For using FireGPG add-on you need the support of GnuPG as it lets you create the PGP Key Chains (Public/Private) key combinations. As you are compelled to generate the key combinations before using any functionalities of PGP. So, once you download GnuPG just install it to your preferred location. Now inside the GnuPG Directory you will find an executable (WinPT.exe) which is used to create the PGP Key pairs.   Now navigate to Key -> New -> Choose “Expert/Normal Mode”. Now once your key pairs are generated its the time to set the ownertrust to those keys like upto what extent you trust the key pairs etc. Just right click on click on Properties and it will show you the details of your keys as well as it will ask you to set owner trust to your’s (Private+Public)/other person’s (Public) key. Now once you all set with the PGP key pairs generation now its the time to jump to FireGPG. As FireGPG relies on GnuPG so you have to finish up with GnuPG first then jump to FireGPG.

Using FireGPG:

FireGPG integrates itslef nicely with Google Mail application. However if you want then you can use it in Roundcube Webmail also. Just go through the options and you will come to know about it. I am demonstrating the steps for Gmail.
Step-by-step Instruction
a. Enable FireGPG from the FireGPG options dialog box.
b. Set the proper path to “gpg.exe” from the GPG menu. If the default path is correct then leave it as it it.
c. Now login to your Gmail account (For which you have generated your PGP key pairs else the key pairs won’t match for that id.
d. Now Write your mails text as you usually.
e. Now the important part is “before sending mail” Click on “Sign” and “Encrypt”.
f.  Now a child dialog box will open saying whose public key you want to use. Choose the Public key of your trusted friends there and then it will ask you whose Private key you want to use. Of course you know the option whose to choose ;-)
g. Then it will ask you the passphrase which you had used at the time of generating your key pairs, enter those credentials correctly. Then it may ask you to enter Gmail authentication details and there you have to put your Gmail Authentication password and you are done.

Decrypting Encoded Mails (PGP Based):

Now if you have received a mail and you see a signature header like this (below) then its an encoded PGP mail. Now to decode the encrypted text your FireGPG will automatically detect the encrypted block header. You just have to click on Decrypt and it will ask you to enter the Password (if your PGP authication session is not saved) which you had used to generate PGP key chains and later on after successful authentication it will open a windows where you can see the plain text messages which the sender has sent to you using your public key.

Begin PGP Message Block
   GnuPG Version and User-agent Details goes here.
   Encoded Msg

   End PGP Message Block

NOTE: If in case your FireGPG doesnt detect the encoded PGP block for the message then you have to Right Click on (WinPT.exe) -> Clipboard -> Clipboard Editor. There you have to put the whole block of the encoded message block. And then again right click on “winpt.exe” -> Clipboard -> Decrypt/Verify and it will finally ask you to enter the password (which was used to genearate the key pair) and it will decode that complete block and it will show you the plain text message. By the way the same method can be used to encode your message also. I dont think I need to chalk up that.

I hope this manual will be enough to drop into FireGPG. But if you have further queries/suggestions/feedbacks then please feel to write me at: admin [shift + 2] wikisecure.net

Signing off,
XyluX

Mar 3rd, 2009 | Posted in Articles
  1. Samson
    Mar 31st, 2009 at 19:49 | #1

    Sujit, I am in the middle of setting up a Blog, I want to use WordPress.ORG, don’t know if you can provide some directions in this area? Basically I would like to make use of free resources such as who is offer free domain or maybe just a subdomain, dns hosting and web hosting, etc. I know WordPress.COM can make things simple but I also want the ability to customize you know :-)

  2. XyluX
    Mar 31st, 2009 at 00:57 | #2

    I am glad that this helped you out. Well I am coming up with some more interesting articles as sometimes it takes couple of times to do the research and bring them up. I will be updating those here asap, most probably weekends…

    Cheers!

  3. Samson
    Mar 30th, 2009 at 22:08 | #3

    Sujit, many thanks for this, save my time to figure out GnuPG is required before using FireGPG! Keep up for more good article…

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current ye@r *