GBA 685 Advanced Computer Forensics
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, and help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. Gpg4win is GNU Privacy Guard for Windows and Kleopatra is the certificate manager in Gpg4win. To create OpenPGP and X.509 certificates, Gpg4win uses a key length of 2048bit by default. The default algorithm for signing and encrypting is RSA.  In RSA cryptosystem, the encryption key is public and differs from the decryption key which is kept secret. The following parts will introduce the main function of Kleopatra. 1 Create new certificate/ Import certificate
1.1 Create new certificate
We can create two types of certificate with Kleopatra: OpenPGP key pair and X.509 key pair. The differences between OpenPGP and X.509 are as follows:
In the X.509 world, the only PKI that we usually encounter is one built on a centralized CA. PGP has flourished for many years without the need to establish a centralized CA. This is because OpenPGP uses a decentralized system of trusted introducers, which are the same as a CA. OpenPGP allows anyone to sign anyone else’s public key. When Alice signs Bob’s key, she is introducing Bob’s key to anyone who trusts Alice. If someone trusts Alice to introduce keys, then Alice is a trusted introducer in the mind of that observer. I choose to create a personal OpenPGP key pair.
Click ‘File’. Then click ‘New Certificate’.
Figure 1 New certificate
Figure 2 Choose the type of key
Enter the name and Email address in textboxes. We can click on ‘Advanced Settings’ to set some details about the certificate.
Figure 3 Enter details of the certificate
We can choose the encryption algorism (RSA/DSA) and details about certificate usage in advance settings. Click ‘OK’ to complete the setting. Then click ‘Next’ to next step. The certificate creation wizard will show all parameters of the certificate. Click ‘Create Key’ to confirm and create the key pair.
Figure 4 Review certificate parameters
During the key creation process, the program will ask you to create a passphrase for the certificate. The program suggests that the passphrase should be at least 8 characters and contain both of letters and numbers. It will pop an alert to warn you if the passphrase isn’t safe enough.
Figure 5 Enter passphrase
Click ‘OK’ to complete the process. Then click ‘Finish’. 1.2 Import certificate
Click ‘Import Certificates’. The extensions of certificates can be: *.asc, *.cer, *.cert, *.crt, *.der, *.pem, *.gpg, *.p7c, *.p12, *.pfx, *.pgp. Click ‘Open’ to import the certificate.
Figure 6 Select the certificate
Note: The certificate I choose to import only contains the public key. 2 Export certificate
Select a certificate and click ‘File’. Then click ‘Export Certificates’.
Figure 7 Export certificate
If the certificate is owned by me, I can choose to export the secret key, though this is a very dangerous action. We don’t use this function very often. The default filename of certificate is the fingerprint of it. 3 Encrypt/ Sign
We can encrypt or sign a file with public key of the certificates. 3.1 Encryption
When using other’s certificate to encrypt a file, remember to add a certificate owned by us as well. Otherwise we are not able to open the encrypted file since we don’t have the private key of others. Click ‘File’. Then click ‘Sign/Encrypt files’.
Then select the file we want to encrypt. Click ‘Open’ to proceed. Select ‘Encrypt’. We can also choose to remove unencrypted original file when done if we want. Then click ‘Next’.
Figure 8 Encrypt files
We can select multiple certificates.
Figure 9 Select certificates
I chose two...
References:  http://www.gpg4win.org/features.html
Please join StudyMode to read the full document