EnigMail/GPG Tutorial

This is a brief overfiew of what I have been doing to try and get secure e-mail running for myself. I have not got everything running yet, but in time as I learn, I will report my lessons here.

This is a newbie tutorial. Some things have been oversimplified to protect the uninitiated. See the GnuPG website for more complete information on GnuPG.
Check the Enigmail/Mozilla developers site for more information about how to install Enigmail. This tutorial is written because (IMOHO) there is not much information at the Engimail site about how to USE Enigmail if you are not already familiar with PGP/GPG.

Install GPG.
- Generate a keypair for yourself:
```
               gpg -gen-key
```
  You can use several algorithms, etc... but the defaults will be fine. If the defaults are not appropriate for you, this tutorial is probobally below your level of expertses anyway ;-)
- You can now check that your key was properly generated by listing it:
```
               gpg --list-secret-keys
```
- Take a look at the ASCII version of your key, it should look familiar if you have seen keys included in other people's mail...
```
               gpg --export --armor username@domain.com
```
Install Enigmail for your Mozilla mail reader.
Make a directory like /home/username/.mozilla/EnigLog
Through Mozilla, go to the Enigmail Adcanved Preferences, and set the log directory to the above directory.
Set the default send option to "no encryption". If you are a beginning user, like me, you will want to be sending cleartext e-mail MOST of the time anyway. No reason to clog up the key servers for typical, boring e-mail.
You should note when composing mail that Enigmail-->Insert Public Key will insert the public key for your desired e-mail address.
You may need to update your gpg options (~/.gnupg/options). Most of the changes I made, i don't THINK were necessary except perhaps the following. Let me know if these changes for v1.0.6 seem reasonable...
- Define a keyserver:
```
        keyserver horowitz.surfnet.nl:11371
```
- Allow the import of secret keys
```
        allow-secret-key-import
```
I also did:
```
        no-greeting
        default-recipient-self
        honor-http-proxy
```
But I'm pretty sure that they were unnecessary.
When reading mail with Mozilla, it will be pretty informative to view the Enigmail Console (Enigmail-->View console).
I find the logfile viewer less useful. When learning your way around, try running
```
           tail -f ~/.mozilla/EnigLog/enigdbug.txt
```
and watch what happens.
It looks like Enigmail is adding public keys to my ring from a keyserver as it automagicly verifies signatures on e-mail that I read. From the documents, it looks like I could import a public key from a file with:
```
           gpg --import publicKey.txt
```
It looks like this will also work from a saved mail message, folder, or any file with an armored ASCII key in it. My best guess is that <Enigmail-->Import public key> will parse the currently displayed e-mail message for a public-key and import it.
You can check your list of known public keys with:
```
           gpg --list-keys
```
You should have a revocation cert., in case your private key is comprimized. this can be generated with
```
           gpg --gen-revoke <key-id>
```
print this out, and put it in a fire safe. I don't know how to use it yet... but I can find out how if/when i need it.

At this point, you should note that Enigmail is automagicly verifying signatures.
I think it will decrypt automagicly also... but I have not excercised that yet.
I still need to learn how I would encrypt mail to somebody whose key was just provided to me as ASCII (not on a server).
I will put a key on a server once I know what I'm doing, and am ready to publish a "golden" key.

Aaron Birenboim

Last modified: Wed Nov 23 08:15:58 MST 2005