GPG (GNU Privacy Guard) community exercise

Familiarize yourself with the use and operation of GPG by performing this foundation exercise locally on your linux computer.

Create local public and private keys as studentXX for this exercise

Create a user account named after your designated "studentXX" identity in this class. For example, you may have been student02 or student13 for previous class purposes. If so adopt that number otherwise use an XX number per the instructor. If you are student03, create a user account "student03". Below, XX is symbolic; substitute your own digits.

gpg --gen-key

This command option is interactive. Accept the defaults until asked for user-specific information. Then, answer the Real name, Email address, and Comment prompts with studentXX, studentXX@bogus.com, and "studentXX" respectively. Enter "passphrase" when asked for a passphrase. Let the program generate keys for studentXX. When it's finished, examine the results:

cd
ls -la (note the presence of new directory .gnupg)
ls -l .gnupg
gpg --list-keys

You see that you now have keyring files (i.e., databases of keys) for both public and private ("secret") keys. Your database contains just your own two keys. Below you will proceed to add others' keys to your ring (but public ones exclusively, never others' private ones).

Exchange keys

To employ GPG in communicating with others, a user must obtain and store the others' public keys. First the others must "export" their keys, that is, extract relevant info from their key database and package it for somebody else to import. Then they must deliver the resulting "package." Then the recipient must "import," that is, extract from the received package and enter into his local database. The set of keys stored in a user's key database is called his keyring.

Currently you have only your own keys on your keyring. But we want each student's keyring to have the public keys of all students in the class. So you need to 1) publish your public key to the others, and 2) gather their keys and put them on your keyring. To publish your public key you need to "export" it out of your keyring into a file of its own, then put that file someplace where the others can get it. Please export, in ASCII-armored (-a) format:

gpg --export -a -o studentXXkey studentXX

Per your instructor, ftp or otherwise place the resultant studentXXkey file in the common key drop location where your fellow students can get it. That location serves as a class key repository. As well as uploading your own key to the repository, download all the others' from it as they become available. With those keys all assembled in the current directory you could load them into your keyring in a single stroke:

gpg --import student*key

or you can do them individually, for example:

gpg --import student14key

Preliminary task: sign and circulate/upload/publicize a copy of the gettysburg address

Obtain a copy of the file gettysburg.txt per your instructor. It contains the text of Abraham Lincoln's Gettysburg Address. Sign it:

gpg -o gettysburg.studentXX --clearsign gettysburg.txt

gettysburg.studentXX is now the copy you have signed. Supply it to the instructor per a mechanism he specifies.

Upcoming step, soon but not yet: the instructor will replace the students' signed files with renamed copies, replacing "studentXX" with a unique, random letter of the alphabet. For example, "gettysburg.student07" might become "gettysburg.W" while "gettysburg.student14" could become "gettysburg.D," randomly. He will make all the renamed files available to you, and ask you to figure out which is whose (below, Part 1). But that's later, for now my prerequisite is to get all your signed copies of the gettysburg address collected together. Please give them to me.

The assignment for you to perform

Part 1, signing

Your job is to identify which is the copy signed by each student, and submit a resultant list. For example if you determine it was student01 who signed gettysburg.K, student02 who signed gettysburgE, and student03 who signed gettysburgB your list would look like:

1 K
2 E
3 B

Put your list in a text file named "signers.txt" and submit it onto the remote Unix machine using these preparation and submittal instructions.

Part 2, encrypting

The instructor will use the public key you supplied to encrypt something for you. He will upload it to the repository for you to pick up. It will be named speciallyEncryptedForStudentXX.gpg. Decrypt it. (While you're at it, try to decrypt one that was encrypted for a different student to satisfy that the same procedure that works on "yours" doesn't on "theirs.")

Supply the decrypted message to your instructor. Do it by the method he requests, either printing and submitting the printout with your name on it, or emailing it to him.