Digital Forensic Scientist

2 minute read

Some web-based email services don't have an encryption client available, but if you still want to be able to encrypt an email using someone's public key, you can do it in the following way.

First, get GPG.

  • There is GPG4Win: http://www.gpg4win.org/ (I've not used it, but I assume there is a command line client)
  • GPGTools for Mac: https://gpgtools.org/ (I've used, and liked very well)
  • For Linux there are few different options, so see this for more information.


Once you have GPG installed, you should be able to run the command 'gpg' from a terminal.

*note - On Windows or Mac the commands may be slightly different than what is shown here.

For this tutorial, you will be encrypting an email using someone's public key. I will not show you how to create your own keys in this single.

Once you can run gpg, we need to try to find the public key of the person you will send the message to. If they have uploaded their key to a public key server you can query the server with
gpg --list-keys email@address.com
You can then import the key you have found using --recv-keys with the key's ID. For example, my key looks like: pub   2048R/606B15C4 2013-01-09 [expires: 2017-01-09]. The key's ID is 606B15C4.
gpg --recv-keys 606B15C4 
Once we have successfully imported the key, we can use it to encrypt messages that only the holder of the associated private key can decrypt. So, for example, if you use my public key to encrypt a file, then only my private key can be used to decrypt the file.

Likewise, if I use my private key to encrypt a file, then only my public key can be used to decrypt the file. This is a good way to show that you are the originator of the information.

OK - so let's make some text to send in our email. I will create a text file as a simple file container.
echo "Question: Can security students encrypt their email?" >> encryption_test.txt
echo "Hypothesis: Security students are too lazy to encrypt their email." >> encryption_test.txt
So now I have a plain text file called "encryption_test.txt" with two lines in it.

(In Linux) I can read the contents of the file using 'cat', and pipe the output into gpg for encryption.
cat encryption_test.txt | gpg --encrypt --armor -r 606B15C4
The first command takes the contents of the file "encryption_test.txt" and send it to gpg, which encrypts the text with the public key 606B15C4. The output is as follows:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)

hQEMA999TJtS1eU1AQgAn09ngR2pGDGCfFH0aKUazQInd+HtYqqFq6UmFyszb5RX
OS5mWB3gEKMh3Ki0Qvgs2tA9nBx1+uzyxvkLoXrLwkfVg7mu821bjkh9OMsFO9hb
EeKkZjAAHHcf1rkpWKgc9mcmYyaNBEexyDJy648osWiGyDfedVMKog0k44NFf9iG
aBNsrrqmS+S6SllCgUhbMtkJYB4+BbCBIDA0laWQF+wcKGIsQfk3XxYdJUAfTFIK
vJwKyyPd9JBwG70XYaycBVIPMYhflmNB0MKVV65iQXQslN0dlTMu9CZGRYDJ4IMD
eC89NDsSVwVBWGPxo76cE19McXC5EHQvEBZk9XUIY9KQAaqZOu8vJlz5kehprSnm
OsYY24fuvsbZ4tglgQQ2FC7QLwB+rMLXNWPXor/EjUUYfeRAtbADfpFgNX/Kyzf8
9CxHSRO0ARj/caQQHCjfothIcR6J+vSGe5z+QA9IG9LhvRYOQkbyqoz9ZxRmBgrG
zD++fpC+hgv56WRHe5BzSBq4iaYJ+M1FGb5YbpCBzrPI
=Umsn
-----END PGP MESSAGE-----


If I copy from ---BEGIN PGP MESSAGE --- to ---END PGP MESSAGE--- and paste that into the body of my email, and send it to the person who owns the private key - they should be able to decrypt it.

You may also enjoy

iLEAPP and RLEAPP updates and dev thoughts

3 minutes to read

Alex (@kviddy) has been pushing some extremely useful updates to the open-source Android forensic tool - [ALEAPP](https://github.com/abrignoni/ALEAPP]. Speci...

What data can you find in RAM?

3 minutes to read

To determine if you need to collect Random Access Memory on-scene, it is useful to know what kinda of investigation-relevant data is often available in RAM.

Modular artifact scripts coming to iLEAPP

3 minutes to read

kviddy has been pushing some great core updates to ALEAPP. Specifically, artifact scripts are now self-contained. This means that script authors no longer ne...