Saturday, April 23, 2005

Decrypting Encrypted Email

No sooner had I posted my last entry on creating a GnuPG key, a visitor sent me an encrypted email. My mail client is Thunderbird, and it promptly put a message from Robert Grabowsky into my Junk folder. Thunderbird suspected the message was spam! It looked like this. Certain fields have been edited to foil email address harvesting:

Date: Sat, 23 Apr 2005 17:26:37 -0400 (EDT)
From: Robert Grabowsky rgrabowsky_at_rasecurity_dot_com
To: Richard Bejtlich richard_at_taosecurit_dot_com
Subject: test of your key

-----BEGIN PGP MESSAGE-----

hQIOA+vNZOSLpEmREAf/XTL0KqQAnwOIkONZGgZMsyEFD00O7O8qzNRmv7A/IVwg
o95VmxSoUXDIwNtQG1QpSbTY217k/HmUEKup0n2laON49SGKj1H76SwS0BVNG8Xj
...edited...
ADc/eiJOmnZuhDhTYMJoqziAilKf9Y7ChHKKjtil2WTrnNL3qfwX5636Sb3sjFMg
f1Q+WCHWMr9LOQG3JGmGfjNZe6iMzp+Wl5y7m/j+7HMwiVp+J2sHyx1pffnGtFgP
=Xa7M
-----END PGP MESSAGE-----

To manually decrypt this message, I saved the message body into a file called msg.txt. Then I used gpg to decrypt it.

orr:/home/richard$ gpg -d msg.txt
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information

You need a passphrase to unlock the secret key for
user: "Richard Bejtlich richard_at_taosecurity_dot_com"
2048-bit ELG-E key, ID 8BA44991, created 2005-04-23 (main key ID 752B57C7)

gpg: encrypted with 2048-bit ELG-E key, ID 8BA44991, created 2005-04-23
"Richard Bejtlich richard_at_taosecurity_dot_com"
Hi Richard,

Here's a quick test of your GnuPG key. Keep of the great work on the
blog, I check it every day!!!

Best Regards,
Bob

Robert Grabowsky, CISSP | Ra Security Systems, Inc.
rgrabowsky_at_rasecurity_dot_com | GPG KeyID 0x7932C9E3 (pgp.mit.edu)

An excellent alternative to manual decryption is Enigmail, a plug-in for Thunderbird and the Mozilla client. I installed the mail/enigmail-thunderbird FreeBSD package and then fired up Thunderbird. I had a new menu item called "Enigmail". When I highlighted Bob's message, Enigmail began a simple setup procedure.

It asked me to enter my private GnuPG passphrase, then it wanted to know where the gpg binary resided. I entered /usr/local/bin/gpg. With that, the message was decrypted automatically. Now when I see the message within Thunderbird, it appears as clear text.

Now I needed to send a reply. I will enter that in a future blog posting shortly.

1 comment:

bistouri said...

Just tested with Kubuntu Hoary, i played with Kgpg wich allow to easily create what's needed to start with GPG.

For those who enjoy to use a GUI. It adds too a shredder link in the desktop to wipe files.