Encryption Software - PGP

In this lab, we will see how public key encryption works by using the PGP software. If you look on the bottom right-hand of the computer screen (in the system tray) you should see an icon that looks like a lock. That indicates that PGP is running on the machine. We have installed PGP software in the lab. However, you will probably not be able to do this lab from home, because you probably do not have PGP software installed on your computer. (It can be downloaded free from www.pgpi.org.)

1. Click on the lock icon in the system tray.
   There are different versions of PGP installed in different rooms. Follow the instructions for your lab room:
   • For Room 130NE:
     Select PGP Keys. A window will pop up. Choose Keys from the menu across the top. Choose New Key ... from the drop down menu. You will be prompted to generate a key pair (public and private keys). You will be asked to respond to several questions. When there is a choice, you can just go along with the default. Make sure that you remember your passphrase - you will need it later!
   • In the WEBuilding:
     Select Open PGP Desktop. A PGP window will open. Click on File on the menu bar, and then choose New PGP key... from the drop down menu. You will be asked to respond to several questions. When there is a choice, you can just go along with the default. Make sure that you remember your passphrase - you will need it later!

2. Using Notepad, create a small file and save it. (It can be just one or two lines long.)

3. Sign the file with your private key: Make sure the Notepad window is active (the title bar should look dark blue, not gray). Click on the PGP icon. A menu will pop up. Select Current Window. Another menu will pop up. Select sign to sign your message. You will be asked for your passphrase to do this.

4. Look at the signed file which was created by the PGP software, which is now in the Notepad window.

5. Verify the file by clicking on the PGP icon, choosing Current Window, then Decrypt & Verify. A new window will open with the results of the verification. Look at the very top line. It should say that the signature status is good.

6. Now, go back to the signed file and change it very slightly (maybe change just one word, or even just one letter).

7. Verify the file again, as before, by clicking on the PGP icon, choosing Current Window, then Decrypt & Verify. A new window will open with the results of the verification. What does the top line say?

8. Now add your instructor's public key to your key ring. First find your instructor's public key or the course public key and download it and save it in a file. Then:
   • in Room 130NE:
     click on the PGP icon, and choose PGP Keys. A new window will open. Click on Keys in the menu bar on top, then choose Import.... That will open a file dialog box. Choose the file in which you saved the public key, and click on Import.
   • In the WEBuilding:
     Go to the PGP Desktop window. Click on File in the menu bar, then choose Import from the drop down menu. That will open a file dialog box. Choose the file in which you saved the public key, and click on Import.

9. Write a short message to your instructor and save it in a file. Encrypt the message with your instructor's public key or using the course public key by clicking on the PGP icon, selecting Current Window, then Encrypt. That will produce an encrypted version of your message. Look at the file to see what the encrypted file looks like. Mail the encrypted file to your instructor.

10. For this part, you will need to obtain the course public key. Download it and save it as above. Download these two files and determine whether or not they are legitimate:
    1. File 1
    2. File 2

    Send your instructor an email with your results.