Father
Professional
- Messages
- 2,602
- Reaction score
- 807
- Points
- 113
How can you share critical business information with counterparties if you are poorly versed in information security issues? Read our tutorial and set up GPG encryption on your smartphone and computer in 10 minutes.
PGP is the most famous asymmetric data encryption algorithm. We will use its open source implementation, GPG.
Why is asymmetric encryption so important?
Symmetric encryption uses a password, it can be intercepted and decrypted all correspondence. Asymmetric encryption uses a key pair instead of a password. For decryption, you must have both keys, one of which has never been transmitted through communication channels.
Why encrypt something if every messenger writes that everything is encrypted?
If you don’t see something, it’s not
Besides, you cannot store keys from encrypted data on other people's servers. Attackers can use them at any time if they break into the messenger server.
When you deal with trade secrets or personal data of people, especially top managers of well-known companies, you should make every effort to secure data transmission. Any leak can lead to irreparable reputational losses.
With this level of secrecy, any messenger or electronic service should be perceived as just a data transmission channel. Information must be encrypted in advance, and a strictly defined circle of persons must have access to decryption.
Scheme of work
We will analyze in detail the scheme of using asymmetric encryption using the example of the fictitious consulting company Forest inc. She is engaged in the selection of senior executives, that is, finds a business with a need for personnel and suitable candidates from other companies. Classic headhunting:
Setting up programs
Let's start with Owl's laptop. We will use the gpg4win program: first, download the distribution kit from the website.
Start the installation.
All you care about is GnuPG and Kleopatra. Remove GpgOL and GpgEX can be left.
The Kleopatra icon will appear on the desktop, and after launching the program, you will see the following window:
Do two things right away: add the Clipboard button to the panel and enable the permanent display of the shortcut in the clock tray.
Right click on the arrow in the tray.
Turn on the slider.
Now go to Cleopatra and drag the Clipboard button to the panel:
Drag the Clipboard from the right column to the left.
You can add Cleopatra to startup: to do this, click Start → Run or use the keyboard shortcut Win + R , and then write shell:startupand press Enter :
Right-click and drag Cleopatra's shortcut to the Startup folder and select Copy.
Setting up the program is finished Now it's time to create keys and exchange them with colleagues.
Click Create Key Pair.
It is important to understand that the public key can be published in cleartext. It is secure and allows you to start encrypted correspondence with anyone, however the public key contains the Name and E-mail fields . It is best to write fictitious data there. E-mail does not matter, and your recipients will see the name of the key in their own lists. It is enough for them to identify the owner of the key.
Cleopatra thinks sova is too short, so we added it _at the end.
Go to Advanced Options:
Specify the maximum key size, remove its expiration date and check the Identification box.
Everything is ready to create a key. Click Next, Next and set a password:
The password is needed to import and export the private key - be sure to remember it or write it down. The password itself does not decrypt any messages, but it will be required to transfer the key to other devices.
Wait:
A maximum of 15 seconds have passed.
Click Finish.
Everything, the keys are created:
Now is the time to exchange keys with Winnie the Pooh. To do this, you need to send him our public key, get the key from it and import it into Cleopatra.
Right click on the key - Export.
Save the file somewhere like downloads.
Now a text file with the extension has appeared in the Downloads folder .asc, which contains our public key.
This is what the contents of the key look like.
We remember that Winnie the Pooh is sitting on Android. The owl tells him that it is necessary to install the PGPtools application from Google Play, which costs 60 rubles. Believe me, it's worth it
How to send encrypted data correctly?
The best way to exchange encrypted texts is to use one-time memo services.
This is good for several reasons:
Public key exchange between Android and Windows
Open the file with the key in a text editor and copy its contents to the clipboard:
Then on privnote.com paste the text of the key into the note and send the link to it to Winnie the Pooh via WhatsApp. Winnie the Pooh receives it, then screenshots from his mobile:
Follow this link.
Open the note.
Select all text and copy to clipboard.
Open PGPtools and click Import:
Paste the key into the window via the Paste button and click Import.
The key was imported successfully.
Verify this by clicking Key list (you should see the Owl key in the list).
Now Winnie the Pooh must create his own key pair and send the public one to Owl.
Click Generate.
Select the maximum key length, name and e-mail, set a password, click Generate and wait 15-20 seconds.
The key has been created. Now in the Key List, click Info on the public key.
Click Copy and the key will be copied to the clipboard.
Insert the key into the window, create a note and send it to Owl.
Next, the Owl on the laptop will open the link with the key (the following screenshots are from the Owl laptop):
Copy the key text.
Open Cleopatra and click Clipboard → Import Certificate.
Click Yes.
Check two checkboxes and click Next.
Click Verify.
Owl enters his password to validate Winnie the Pooh's key.
Click Finish.
The Winnie the Pooh public key has now appeared in the Owl key list.
Encrypted messagingi
The hardest part is over. Owl and Winnie the Pooh exchanged keys: this must be done once and repeated only when changing keys.
Now the Owl must send Winnie the Pooh important information for negotiations with the Tiger. To do this, just open any text editor and write the text:
Copy the text to the clipboard.
Open Cleopatra, Clipboard → Encrypt.
Select a recipient.
The message from the buffer is encrypted and has already been copied to the buffer. All that remains is to insert it into the note.
Paste the encrypted message into the note and send the link to Winnie the Pooh.
Vinnie inserts the encrypted message with the Paste button and presses Decrypt.
Enter the key password.
And read the message.
Now Vinnie writes the answer to Owl in the same window: he simply clears everything with the Clear button , prints the text, selects Owl in the addressees and presses Encrypt .
If someone else is in the addressees, then the message will be encrypted with a different key and the Owl will not be able to read it.
Vinnie copies the encrypted message, pastes it into privnote and sends the link to Owl.
Owl opens a link from WhatsApp and copies the text to the clipboard.
The second option without opening the Cleopatra window: right-click on the tray icon and select Decrypt :
The result will be the same. Choose the most convenient one.
The message has been successfully decrypted and is on the clipboard. Just paste your text into Notepad.
Let's summarize:
After installing the programs and key exchange, you should practice a little and work out the encryption-sending-decryption skill so as not to waste time at a crucial moment.
An example of an effective use case.
All participants agree that if a link to a privnote arrives in the messenger, then there is an encrypted message. Depending on the situation, the addressee decides where it is more convenient for him to open the link and decrypt it. The sender can write an unencrypted comment in privnote before inserting the message. Let's say this: "Open it on your computer, there is a lot of text."
Transferring a key from a mobile phone to a laptop and vice versa
Go:
In the list of keys, click Info next to the private key.
In the list of keys, click Info next to the private key.
Click Copy to copy the text to the clipboard.
Open your file manager.
The ellipsis in the upper right corner is New.
Key.asc file.
Select the file with a long tap, click More → Open with Text Editor.
Click the clipboard button.
Click on the last object in the clipboard.
The key is inserted, click on the floppy disk and save the key lies in the key.asc file.
Connect your smartphone to your laptop with a cable, unlock it and select File Sharing. HiSuite (for Huawei) or similar software must be installed on the computer in order to open the file list on the smartphone.
Find and copy the file.
Open Cleopatra, File → Import.
Select the file with the key and click Open.
Confirm the import.
Winnie the Pooh can use his key from a laptop.
The owl does everything in reverse.
You can also install PGPTools on Piglet's iPhone, and if he also has a laptop on Mac OS X, there is an excellent manual for such a case.
Conclusion
Using third-party programs and a one-time memo service with messengers may seem inconvenient, but security is the opposite of convenience. If you work with data that under no circumstances should fall into the wrong hands, you cannot rely on encryption of the messenger - you will have to set up your own. We hope our manual will help you do this without unnecessary complications, even if you do not have deep knowledge of IT. In the next articles, we will discuss information security threats and additional methods of protection against them, such as encryption of drives.
PGP is the most famous asymmetric data encryption algorithm. We will use its open source implementation, GPG.
Why is asymmetric encryption so important?
Symmetric encryption uses a password, it can be intercepted and decrypted all correspondence. Asymmetric encryption uses a key pair instead of a password. For decryption, you must have both keys, one of which has never been transmitted through communication channels.
Why encrypt something if every messenger writes that everything is encrypted?
If you don’t see something, it’s not
Besides, you cannot store keys from encrypted data on other people's servers. Attackers can use them at any time if they break into the messenger server.When you deal with trade secrets or personal data of people, especially top managers of well-known companies, you should make every effort to secure data transmission. Any leak can lead to irreparable reputational losses.
With this level of secrecy, any messenger or electronic service should be perceived as just a data transmission channel. Information must be encrypted in advance, and a strictly defined circle of persons must have access to decryption.
Scheme of work
We will analyze in detail the scheme of using asymmetric encryption using the example of the fictitious consulting company Forest inc. She is engaged in the selection of senior executives, that is, finds a business with a need for personnel and suitable candidates from other companies. Classic headhunting:
- Any information leak at any stage will lead to very dramatic consequences for all parties.
- At Forest inc. there are three consultants: Winnie the Pooh, Owl and Piglet.
- Winnie the Pooh found out that Tigger was looking for a business development manager and was already on his way to a meeting to meet him, cancel the request and hold a presale.
- At this time, Owl in the office is studying information about Tigra Co. hoping to find information to help Winnie the Pooh close the deal.
- Winnie the Pooh comes to the Tigger's office, and the Owl by that time found out that Tigger loves to jump very much - this is a very important fact that needs to be safely communicated to Winnie.
- It is necessary to inform Piglet, who is on a business trip in a distant forest: he is engaged in the selection of top managers and this will greatly help him in his search.
- Winnie has an Android phone, Owl is in the office at a Windows laptop, and Piglet, like a decent pig, uses an iPhone.
Setting up programs
Let's start with Owl's laptop. We will use the gpg4win program: first, download the distribution kit from the website.
Start the installation.
All you care about is GnuPG and Kleopatra. Remove GpgOL and GpgEX can be left.
The Kleopatra icon will appear on the desktop, and after launching the program, you will see the following window:
Do two things right away: add the Clipboard button to the panel and enable the permanent display of the shortcut in the clock tray.
Right click on the arrow in the tray.
Turn on the slider.
Now go to Cleopatra and drag the Clipboard button to the panel:
Drag the Clipboard from the right column to the left.
You can add Cleopatra to startup: to do this, click Start → Run or use the keyboard shortcut Win + R , and then write shell:startupand press Enter :
Right-click and drag Cleopatra's shortcut to the Startup folder and select Copy.
Setting up the program is finished
Now it's time to create keys and exchange them with colleagues.Click Create Key Pair.
It is important to understand that the public key can be published in cleartext. It is secure and allows you to start encrypted correspondence with anyone, however the public key contains the Name and E-mail fields . It is best to write fictitious data there. E-mail does not matter, and your recipients will see the name of the key in their own lists. It is enough for them to identify the owner of the key.
Cleopatra thinks sova is too short, so we added it _at the end.
Go to Advanced Options:
Specify the maximum key size, remove its expiration date and check the Identification box.
Everything is ready to create a key. Click Next, Next and set a password:
The password is needed to import and export the private key - be sure to remember it or write it down. The password itself does not decrypt any messages, but it will be required to transfer the key to other devices.
Wait:
A maximum of 15 seconds have passed.
Click Finish.
Everything, the keys are created:
Now is the time to exchange keys with Winnie the Pooh. To do this, you need to send him our public key, get the key from it and import it into Cleopatra.
Right click on the key - Export.
Save the file somewhere like downloads.
Now a text file with the extension has appeared in the Downloads folder .asc, which contains our public key.
This is what the contents of the key look like.
We remember that Winnie the Pooh is sitting on Android. The owl tells him that it is necessary to install the PGPtools application from Google Play, which costs 60 rubles. Believe me, it's worth it
How to send encrypted data correctly?
The best way to exchange encrypted texts is to use one-time memo services.
This is good for several reasons:
- They are anonymous.
- The note is deleted immediately after opening, so if someone decides to read the link before the addressee, he will immediately know about the leak.
- In the history of the messenger, not the correspondence is saved, but links to the destroyed notes. If the keys are stolen, it will be impossible to decrypt old messages, and it is also a convenient insurance against hacking messengers.
- It is safe to store encrypted data on the service, since the service has no keys (unlike messengers that offer their own encryption).
Public key exchange between Android and Windows
Open the file with the key in a text editor and copy its contents to the clipboard:
Then on privnote.com paste the text of the key into the note and send the link to it to Winnie the Pooh via WhatsApp. Winnie the Pooh receives it, then screenshots from his mobile:
Follow this link.
Open the note.
Select all text and copy to clipboard.
Open PGPtools and click Import:
Paste the key into the window via the Paste button and click Import.
The key was imported successfully.
Verify this by clicking Key list (you should see the Owl key in the list).
Now Winnie the Pooh must create his own key pair and send the public one to Owl.
Click Generate.
Select the maximum key length, name and e-mail, set a password, click Generate and wait 15-20 seconds.
The key has been created. Now in the Key List, click Info on the public key.
Click Copy and the key will be copied to the clipboard.
Insert the key into the window, create a note and send it to Owl.
Next, the Owl on the laptop will open the link with the key (the following screenshots are from the Owl laptop):
Copy the key text.
Open Cleopatra and click Clipboard → Import Certificate.
Click Yes.
Check two checkboxes and click Next.
Click Verify.
Owl enters his password to validate Winnie the Pooh's key.
Click Finish.
The Winnie the Pooh public key has now appeared in the Owl key list.
Encrypted messagingi
The hardest part is over. Owl and Winnie the Pooh exchanged keys: this must be done once and repeated only when changing keys.
Now the Owl must send Winnie the Pooh important information for negotiations with the Tiger. To do this, just open any text editor and write the text:
Copy the text to the clipboard.
Open Cleopatra, Clipboard → Encrypt.
Select a recipient.
The message from the buffer is encrypted and has already been copied to the buffer. All that remains is to insert it into the note.
Paste the encrypted message into the note and send the link to Winnie the Pooh.
Vinnie inserts the encrypted message with the Paste button and presses Decrypt.
Enter the key password.
And read the message.
Now Vinnie writes the answer to Owl in the same window: he simply clears everything with the Clear button , prints the text, selects Owl in the addressees and presses Encrypt .
If someone else is in the addressees, then the message will be encrypted with a different key and the Owl will not be able to read it.
Vinnie copies the encrypted message, pastes it into privnote and sends the link to Owl.
Owl opens a link from WhatsApp and copies the text to the clipboard.
The second option without opening the Cleopatra window: right-click on the tray icon and select Decrypt :
The result will be the same. Choose the most convenient one.
The message has been successfully decrypted and is on the clipboard. Just paste your text into Notepad.
Let's summarize:
- Owl and Winnie the Pooh exchanged keys and can now exchange encrypted messages in a couple of clicks.
- Winnie the Pooh uses PGPTools on his mobile phone, and Owl uses Kleopatra on his laptop.
- The principle is one: both write text in the editor, copy it to the buffer and encrypt it using their program.
- They upload the encrypted result to privnote.com and send the link to the addressee.
- Upon receipt of the note, the addressee copies it to the clipboard and decrypts it using his program.
After installing the programs and key exchange, you should practice a little and work out the encryption-sending-decryption skill so as not to waste time at a crucial moment.
An example of an effective use case.
All participants agree that if a link to a privnote arrives in the messenger, then there is an encrypted message. Depending on the situation, the addressee decides where it is more convenient for him to open the link and decrypt it. The sender can write an unencrypted comment in privnote before inserting the message. Let's say this: "Open it on your computer, there is a lot of text."
Transferring a key from a mobile phone to a laptop and vice versa
- Winnie the Pooh has a laptop, and Owl has a mobile phone. We need to provide them with comfortable work on both devices.
- Winnie the Pooh went to a cafe, opened his laptop and wants to transfer the key to Cleopatra, and Owl is going home and wants to work with encrypted correspondence on the way.
- Winnie the Pooh needs to save the private key to a file on his phone, connect it with a cable to his laptop, copy the file and import it into Cleopatra. This will require a file manager or text editor that allows you to paste text from the clipboard and save the file. For example, we used "File Manager +" from Google Play.
Go:
In the list of keys, click Info next to the private key.
In the list of keys, click Info next to the private key.
Click Copy to copy the text to the clipboard.
Open your file manager.
The ellipsis in the upper right corner is New.
Key.asc file.
Select the file with a long tap, click More → Open with Text Editor.
Click the clipboard button.
Click on the last object in the clipboard.
The key is inserted, click on the floppy disk and save the key lies in the key.asc file.
Connect your smartphone to your laptop with a cable, unlock it and select File Sharing. HiSuite (for Huawei) or similar software must be installed on the computer in order to open the file list on the smartphone.
Find and copy the file.
Open Cleopatra, File → Import.
Select the file with the key and click Open.
Confirm the import.
Winnie the Pooh can use his key from a laptop.
The owl does everything in reverse.
You can also install PGPTools on Piglet's iPhone, and if he also has a laptop on Mac OS X, there is an excellent manual for such a case.
Conclusion
Using third-party programs and a one-time memo service with messengers may seem inconvenient, but security is the opposite of convenience. If you work with data that under no circumstances should fall into the wrong hands, you cannot rely on encryption of the messenger - you will have to set up your own. We hope our manual will help you do this without unnecessary complications, even if you do not have deep knowledge of IT. In the next articles, we will discuss information security threats and additional methods of protection against them, such as encryption of drives.
