A quick guide to getting started with PGP on Athena.


How it works

If you're familiar at all with conventional cryptography systems you're probably familiar with the idea of a cryptographic key. The key is just a piece of data that is needed to encrypt or decrypt the message. Most conventional cryptography systems are designed so that a message is encrypted using the key and anyone else who has the same key can decrypt and read the message. For this reason it's very important that the key be kept a secret and only the sender and intended recipient of the message have a copy of this secret key.

PGP, however, is based on a public key cryptography system, which means that it works quite differently. Instead of having one key that needs to be kept a secret, everyone has two different keys, only one of which is a secret. One key is called your private key and one key is called your public key. Your private key is secret, known only to you. Your public key you show to the world, you give it away to everyone. Then, when you want to send an encrypted message to someone you first encrypt it in their public key (which they've let you and anyone else see). Then you give them the encrypted message and they decrypt it using their own secret key, the key that only they know about. So for example if Matthew wants to send Stan an encrypted message Matthew first encrypts his message with Stan's public key and sends that encrypted message to Stan. Stan then uses his own private key to decrypt the message and can read what Matthew sent him.

Getting started ... making keys

To use the pgp commands on athena you must first type
add pgp
at the athena prompt. You'll want to do this any time you want to read or send encrypted messages, but you only need to do it once per login session. To make yourself a set of pgp keys (a public and private key pair) type:
mkdir .pgp
echo TMP = \"/var/tmp\" > $HOME/.pgp/config.txt
fs sa .pgp system:anyuser none

pgp -kg
After that last command you'll be asked a number of questions.
Now that your keys are generated the one other thing you need to do in order to receive encrypted messages is put your public key somewhere where people can find it. Many people like to put their public key in their .plan file so that others may find it by fingering them (try finger kretch@monk.mit.edu, for example). You can do this by typing:
pgp -kxa $USER $HOME/Public/plan
cd $HOME/Public
mv plan.asc plan
ln -s $HOME/Public/plan $HOME/.plan
Another option is to place your key on a pgp public key server. There is a popular one at http://pgp.ai.mit.edu. The instructions there should explain how to use it.

Reading a message encrypted for you

So now lets say that someone has a secret message to send you, they've looked up your key and encrypted a message for you (which we'll cover in the next section) and you'd like to read it. This is pretty simple. If you have the encrypted message stored in a file called smeorb all you need to type is:
pgp -f smeorb | more
You will be asked for your passphrase so your secret key can be used to decrypt the message. (Remember not to type your PGP password over an unencrypted connection).

If you receive the file as email and you use mh (inc, show, etc.), xmh, or exmh to read your email then you may view the message by typing:

show | pgp -f | more
If you use emacs to read your mail there is a program called mailcrypt that you can use, but it is not covered in this version of this document.

Sending an encrypted message to someone

To encrypt a message to someone you need to get a copy of their public key and store it with the other public keys you use (called your public keyring). How you get the other person's key will depend on how they've stored it. You may be able to get it by fingering them, or by finding it in their home directory if they're on athena. You also may get it from a public key server or by asking them where they have their key. There is the problem that you have to have a way to trust the key that you're told is theirs. This problem can be solved by key signing which will be covered in the next version of this document. For now we'll assume you have their key stored in a file called coppetish. If you need to get their key into a file from finger information you can type:
finger kretch@monk.mit.edu > coppetish
where you substitute their username for kretch.

Their public key can be added to your keyring by typing:

pgp -ka coppetish
You will be asked if you want to certify the key yourself. Answer "no" for now -- that's the default.

Now their key should be on your key ring. You can check the contents of your key ring by typing:

pgp -kv

Let's say you've added the key for Fred F. Sipb <sipbtest@mit.edu>. Now you may encrypt the file called hoffmannesque for Fred Sipb by typing:

pgp -ea hoffmannesque sipbtest
and an encrypted version of the file will be stored in hoffmannesque.asc. For reasons described in the Athena security section you should compose the unencrypted text file on the local disk of the machine you're using and not in your AFS home directory. This means calling the file something like /var/tmp/message or /tmp/message but not /mit/user/message. The encrypted file you may store in your AFS home directory if you feel like keeping it. Do not forget to erase the unencrypted file you wrote on the local machine when you're done or others may be able to read it later!

If you wish to send the encrypted file in email you may place it in an emacs buffer with the C-x i command.

Athena Security

A couple of things you should know about the way Athena and computers in general work.

The MIT network is divided up into many subnets. Each of these subnets usually corresponds to a set of IP addresses that start with 18.xxx. For example all the addresses that start with 18.239 belong to the same subnet. These subnets are usually ethernet networks and because of the way ethernet is designed, any computer on an ethernet subnet can read the all the traffic on that subnet. This means that if I have a computer on the network in MacGregor I can read all the information that goes to or from any other computer on the MacGregor network.

Becuase many Athena services are run on servers on non-local subnets, lots of data that you use is sent across your local subnet so that it can get to you. For example, because the files in my home directory are stored on a server in building 37, they need to be sent across the MacGregor subnet for me to read them in my room at MacGregor.

Athena uses a system called Kerberos to provide security in a situation like this. Kerberos can make sure that the person who claims to be sending data is actually that person and it can also encrypt data so that it can not be read by a malicious user. Many applications however do not make use of the encryption that kerberos can provide. These include:

For these reasons it's important not to keep material that you seriously do not want seen by others unencrypted in your AFS home directory. It is however safe to store the material there encrypted, which is the reason to use pgp. Aside from encrypting messgaes to other users you may encrypt messages for yourself so that they can be stored safely. You can then go back and decrypt them when you need to look at them.

Other help and other features

You can look at help for pgp commands by typing:
 pgp -h 
and you can get help for key mangement commands by typing:
 pgp -k 
These are also good ways to find out about some of the other pgp features. You can also look at the pgp man page by typing:
 man pgp 
and there are also books available on PGP. Additionally you can stop by the
SIPB office (w20-557) to ask questions.
Written by kretch@mit.edu.
This document is: http://www.mit.edu/afs/sipb/project/doc/pgp/pgp.html
See other SIPB documents at http://www.mit.edu/sipb/docs.html