Mohit Kumar dijo:
Signed and sent my public PGP key to the Enigmail person and waiting for his encrypted email reply.
This course will become read-only in the near future. Tell us at community.p2pu.org if that is a problem.
Using Thunderbird and Enigmail to receive encrypted e-mails [15 mins]
The decryption of e-mails is handled automatically by Enigmail, the only action that may be needed on your behalf is to enter the pass-phrase to your secret key. In order to receive encrypted correspondence with somebody, they will need your public key.
Entering your pass-phrase
For security reasons, the pass-phrase to your secret key is stored temporarily in memory. Every now and then the dialog window below will pop-up. Thunderbird asks you for the pass-phrase to your secret key. This should be different from your normal email password. It was the pass-phrase you have entered when creating your key-pair in the previous chapter. Enter the pass-phrase in the text-box and click on 'OK'
Decrypting email messages sent to you will be fully automatic and transparent. But it is obviously important to see whether or not a message to you has in fact been encrypted or signed. This information is available by looking at the special bar above the message body.
A valid signature will be recognized by a green bar above the mail message like the example image below.
The last example message was signed but not encrypted. If the message had been encrypted, it would show like this:
When a message which has been encrypted, but not signed, it could have been a forgery by someone. The status bar will become gray like in the image below and tells you that while the message was sent securely (encrypted), the sender could have been someone else than the person behind the email address you will see in the 'From' header. The signature is necessary to verify the real sender of the message. Of course it is perfectly possible that you have published your public key on the Internet and you allow people to send you emails anonymously. But is it also possible that someone is trying to impersonate one of your friends.
Similarly if you receive a signed email from somebody you know, and you have this persons public key, but still the status bar becomes yellow and displays a warning message, it is likely that someone is attempting to send you forged emails!
Sometimes secret keys get stolen or lost. The owner of the key will inform his friends and send them a so-called revocation certificate (more explanation of this in the next paragraph). Revocation means that we no longer trust the old key. The thief may afterwards still try his luck and send you a falsely signed mail message. The status bar will now look like this:
Strangely enough Thunderbird in this situation will still display a green status bar! It is important to look at the contents of the status bar in order to understand the encryption aspects of a message. PGP allows for strong security and privacy, but only if you are familiar with its use and concepts. Pay attention to warnings in the status bar.
Test your learning by following the instructions above to;
I also finished every possible task :
-Download Thinderbird, Enigmamail, PGP
-Generated Key into Keyring,
-Remembered my pass
-Exchanged e-mails with that "enigmamail person", I his public key
-Sent him a my public key. Well this was the last step I was little bit confused wit OpenPGP Menu in Thunderbird.
And what is next? How do I apply for badge ?
No I think this is wrong. The correct phrase IS secret key
The man page and all the options for gnupg it uses the term secret key
examples from the man page
"Use a *good* password for your user account and a *good* passphrase to protect your secret key"
Signs a public key with your secret key. This is a shortcut version of the subcommand "sign" from --edit."
" --lsign-key name
Signs a public key with your secret key but marks it as non-exportable. This is a shortcut version of the subcommand "lsign" from --edit-