Decrypting Encrypted Email

No sooner had I posted my last entry on creating a GnuPG key, a visitor sent me an encrypted email. My mail client is Thunderbird, and it promptly put a message from Robert Grabowsky into my Junk folder. Thunderbird suspected the message was spam! It looked like this. Certain fields have been edited to foil email address harvesting:

Date: Sat, 23 Apr 2005 17:26:37 -0400 (EDT)
From: Robert Grabowsky rgrabowsky_at_rasecurity_dot_com
To: Richard Bejtlich richard_at_taosecurit_dot_com
Subject: test of your key



To manually decrypt this message, I saved the message body into a file called msg.txt. Then I used gpg to decrypt it.

orr:/home/richard$ gpg -d msg.txt
gpg: WARNING: using insecure memory!
gpg: please see for more information

You need a passphrase to unlock the secret key for
user: "Richard Bejtlich richard_at_taosecurity_dot_com"
2048-bit ELG-E key, ID 8BA44991, created 2005-04-23 (main key ID 752B57C7)

gpg: encrypted with 2048-bit ELG-E key, ID 8BA44991, created 2005-04-23
"Richard Bejtlich richard_at_taosecurity_dot_com"
Hi Richard,

Here's a quick test of your GnuPG key. Keep of the great work on the
blog, I check it every day!!!

Best Regards,

Robert Grabowsky, CISSP | Ra Security Systems, Inc.
rgrabowsky_at_rasecurity_dot_com | GPG KeyID 0x7932C9E3 (

An excellent alternative to manual decryption is Enigmail, a plug-in for Thunderbird and the Mozilla client. I installed the mail/enigmail-thunderbird FreeBSD package and then fired up Thunderbird. I had a new menu item called "Enigmail". When I highlighted Bob's message, Enigmail began a simple setup procedure.

It asked me to enter my private GnuPG passphrase, then it wanted to know where the gpg binary resided. I entered /usr/local/bin/gpg. With that, the message was decrypted automatically. Now when I see the message within Thunderbird, it appears as clear text.

Now I needed to send a reply. I will enter that in a future blog posting shortly.


Anonymous said…
Just tested with Kubuntu Hoary, i played with Kgpg wich allow to easily create what's needed to start with GPG.

For those who enjoy to use a GUI. It adds too a shredder link in the desktop to wipe files.

Popular posts from this blog

Five Reasons I Want China Running Its Own Software

Cybersecurity Domains Mind Map

A Brief History of the Internet in Northern Virginia