PGP (Pretty Good Privacy)

Download Report

Transcript PGP (Pretty Good Privacy) 

PGP
(Pretty Good Privacy)
Oleh:
Idris Winarno
Installasi
• Pastikan repository anda
# vim /etc/apt/sources.list
deb http://kebo.vlsm.org/debian etch main contrib non-free
# apt-get update
• Installasi
# apt-get install pgpgpg
Pembuatan Keypair (1)
• # gpg --gen-key
Pemilihan algoritma yang digunakan untuk membuat keypair
gpg (GnuPG) 1.4.6; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
gpg: directory `/home/idris/.gnupg' created
gpg: can't open `/gnupg/options.skel': No such file or directory
gpg: keyring `/home/idris/.gnupg/secring.gpg' created
gpg: keyring `/home/idris/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
Pembuatan Keypair (2)
• Menentukan panjang keypair
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
• Menentukan masa guna keypair
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
Pembuatan Keypair (3)
• Memasukkan indentifikasi diri
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <[email protected]>"
Real name: Idris Winarno
Email address: [email protected]
Comment: Idris Winarno PGP Key
You selected this USER-ID:
"Idris Winarno (Idris Winarno PGP Key) <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
Pembuatan Keypair (4)
• Memasukkan passphrase
You need a Passphrase to protect your secret key.
Enter passphrase:
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++++++++++++++++++++++++++++++++.++++++++++++++++++++.
+++++++++++++++++++++++++.++++++++++++++++++++++++++++++
++++++++++++++++++++>.++++++++++...........<+++++..>.+++++...........
..................+++++
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 282 more bytes)
Pembuatan Keypair (5)
• Hasil akhir
pub 1024D/DB5D142C 2009-05-14
Key fingerprint = DC10 1573 0B58 CB52 B234 E944 6F63 3A6B DB5D 142C
uid
Idris Winarno (Idris Winarno PGP Key) <[email protected]>
sub 1024g/9F5A02B0 2009-05-14
Export Public Key
• # gpg --export -a [email protected]
-----BEGIN PGP PUBLIC KEY BLOCK----Version: GnuPG v1.4.6 (GNU/Linux)
mQGiBEoLigYRBACL86uDCXtvdULyDTc3ibBcPHUl6iKfXnQuBrqBfYbJmSM0uDns
eIbpkQYu4djY1TOc7mxHcVRgw1uue978SPTuPHeOTlmi8O3B0wd1h9b1Pts1J0W2
Hfn2l1Kfmp/7GGWmJIsmTuwY14l8WJsYeLoIqURPNoqREjjluBLxvTFZUwCgpQxz
MwJx/VlJgsmYYtsbVcXxjO8D/3LuwqIkILA9idaME5oLRk6f3pU0RP5YIGU1Mfpi
TRSNhl0PhjxwiUSy82ShPgOKxYk2DHcxfh3RZg1bEtyo5Go1te47i59KxXnUJlqU
R6A8fKfVLQB+8Rnmp7wjr4Wi95MytWV7J1ybMTbijwU68S46wsbDKnZ6mwqIJJXe
5t3gBACEvG7/PQOPXCoa1ry/PG3okCfkHoiq4q2l/jLulGiO+r8CF2H6gJSeMEBN
hnWShx4De0ojf+bwNM+u2YJElFJ+9VCC2oH67AXmcENCiiQ+RK2kCpGKIihDlFnz
K7XCsv8jL+JMAjkdgdFuUDdVLw2LdaH7cp0Tc2L/KIfaE8ezbLQ7SWRyaXMgV2lu
YXJubyAoSWRyaXMgV2luYXJubyBQR1AgS2V5KSA8aWRyaXNAZWVwaXMtaXRzLmVk
dT6IYAQTEQIAIAUCSguKBgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEG9j
OmvbXRQs2oYAoIaHKNecyck4NB+wtTgU3LHDClRTAJwO2r6jocsyWtM9AuD5ayGB
jjDy6LkBDQRKC4oLEAQAlEc9TnLYJUgZdot5qqbN+X5w5Bj3Z0M7Lsu9vivWiabD
BuQbzXq37QHlfohDjIshTrpGuHQZ8Si4LOGIoRwoS+2ebcTwwZTfhh12SWaUpdEI
EhD48Te5et7E0hzJ0be0ntG+qdd8E84hIO3T+M9sVRsUPzv6acR+7t8SW08UA5sA
AwYD/iXSOxCmz7xWNei1YAY+5g+/4wB+u0VtLMYQxdWK9iyqk/zlDTNIGFg01zzv
U/o3u9fOZl/seTiFPVjp4C7nP6v+wtN++2bHfh82a+b04QW9kC+s6uc645yYT8Pj
i1CHGEspfO6+yloc0TLqDs8kK00O2cKF5kH5r0kUZt/8e+qHiEkEGBECAAkFAkoL
igsCGwwACgkQb2M6a9tdFCz9QACfdQJUTdAXs0xkhawxX6vWvbgE47IAn2kyGA6m
bXdfWIerZgJcN0GFwnCH
=ZB8z
-----END PGP PUBLIC KEY BLOCK-----
Note: Simpan public key dengan cara:
# gpg --export -a [email protected] > idris-pab.asc
Ulangi!!!
• Ulangi langkah slide ke-3 untuk user yang
berbeda
Pertukaran data pairkey
• Lakukan pengcopian pubkey dari satu
user ke user yang lain
idris@localhost:$ cp /home/wasbib/waswib-pub.asc ~/
waswib@localhost:$ cp /home/idris/idris-pub.asc ~/
Import Public Key
• Lakukan import public dari user masing-masing
idris@localhost: $ gpg --import < waswib-pub.asc
gpg: key 5BED57A9: public key "Waskitho Wibisono (Waskitho Wibisono PGP Key)
<[email protected]>" imported
gpg: Total number processed: 1
gpg:
imported: 1
• Untuk melihat key yang terdaftar
$ gpg --list-key
/home/waswib/.gnupg/pubring.gpg
------------------------------pub 1024D/5BED57A9 2009-05-14
uid
Waskitho Wibisono (Waskitho Wibisono PGP Key) <[email protected]>
sub 1024g/170F76AF 2009-05-14
pub 1024D/DB5D142C 2009-05-14
uid
Idris Winarno (Idris Winarno PGP Key) <[email protected]>
sub 1024g/9F5A02B0 2009-05-14
Enkripsi file teks
• Cara enkripsi
$ gpg -e -r [email protected] -a pesan.txt
gpg: 170F76AF: There is no assurance this key belongs to the named user
pub 1024g/170F76AF 2009-05-14 Waskitho Wibisono (Waskitho Wibisono PGP Key)
<[email protected]>
Primary key fingerprint: CBDD 4562 A42A 1599 A17B 4C1B DBF6 BAEF 5BED 57A9
Subkey fingerprint: C0EF 9B76 8881 5A88 C464 C75B 773E F7EB 170F 76AF
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
$ cat pesat.txt.asc  kirim via email
Note: -e: encrypt
-a: plain text
-r: recipient
Dekripsi file teks
• Untuk dekripsi file adalah:
waswib@localhost: $ gpg --decrypt pesan.txt.asc
You need a passphrase to unlock the secret key for
user: "Waskitho Wibisono (Waskitho Wibisono PGP Key) <[email protected]>"
1024-bit ELG-E key, ID 170F76AF, created 2009-05-14 (main key ID 5BED57A9)
gpg: encrypted with 1024-bit ELG-E key, ID 170F76AF, created 2009-05-14
"Waskitho Wibisono (Waskitho Wibisono PGP Key) <[email protected]>"
Bagi mahasiswa PENS yang ingin mendaftarkan Microsoft MSDNAA dapat
langsung mengirim email ke [email protected] atau ke
[email protected] dengan subject: .Daftar MSDNAA. dan ISI:
.(NRP) (Nama) (Kelas).
URL MSDNAA PENS http://msdn70.e-academy.com/pensidn_infotech dan untuk
file dapat di download di http://newfs.eepis-its.edu/microsoft/
Signature (1)
• Menambahkan signature
idris@localhost: $ gpg -u DB5D142C --clearsign pesan.txt
You need a passphrase to unlock the secret key for
user: "Idris Winarno (Idris Winarno PGP Key) <[email protected]>"
1024-bit DSA key, ID DB5D142C, created 2009-05-14
• Mengecek signature
idris@localhost: $ cat pesan.txt.asc
-----BEGIN PGP SIGNATURE----Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKC5Yyb2M6a9tdFCwRAlipAJ9D2mTfMV4G9dNLY8Rf4KwLPdYFGQCgjTQ4
oZ87QfwnYr0BWrjqotHQB1Y=
=D4ea
-----END PGP SIGNATURE-----
Signature (2)
• Pengecekan signature
waswib@localhost: $ gpg --verify pesan.txt.asc
gpg: Signature made Thu 14 May 2009 10:55:30 AM WIT using DSA key ID DB5D142C
gpg: Good signature from "Idris Winarno (Idris Winarno PGP Key) <[email protected]>"
Tugas
•
•
•
•
Install DNS server (bind9)
Install mailserver (postfix)
Install squirrelmail
Tambahkan plugins PGP pada squirrelmail
Terima Kasih