Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Week 5 - Anti-Forensics Technique-2

Lab 2 - PGsP Encryption: Secure Communication Using PGP

In this activity, you will learn how to use PGP (Pretty Good Privacy) for secure data communication by generating key pairs, encrypting and decrypting messages, and applying digital signatures.

Overview

PGP was created in the 1990s and provides cryptographic privacy and authentication for data communications and file encryption.
It offers strong security and privacy for protecting sensitive data and is widely used by individuals, businesses, and organizations.

However, PGP implementation requires some technical expertise, and the Web of Trust model may require careful management to maintain trust relationships effectively.

Learning Objectives

  • Apply appropriate practices, tools, and techniques in the context of a given investigative scenario.
  • Encrypt data in flight.

Task 1: Background

Visit the following websites to familiarise yourself with the basic concept of PGP Encryption:

Setup

  1. Start the Kali Linux virtual machine. If you don't have one you can
    1. (Recommadnded)You can find a VM in your Cyberlab folder, or
    2. You can download kali vm from here then deploy. Login credentials:
    • Username: kali
    • Password: kali

Task 2: PGP Installation and Creating a Key Pair

  1. Open a terminal in your Kali VM and install the necessary packages:

    sudo apt-get install gnupg2 gpa

  2. Use the manual to learn about the tool:

    man gpg

  3. Check the version:

    gpg --version

  4. View available command-line options:

    gpg --help

  5. Generate your public and private keys:

    gpg --full-generate-key

  6. Choose key type: (1) RSA and RSA (default)

  7. Select key size: 4096 bits (recommended for high strength)

  8. Set key validity period (e.g., 1 day or forever).

  9. Enter a username, email address, and a strong passphrase (required for decryption).

  10. Export your public key to a file:

    gpg --export -a "username" > name.pubkey

  11. Export your private key to a file:

    gpg --export-secret-key -a "username" > name.privkey

  12. Import a public key:

    gpg --import name.pubkey

  13. List all keys in your keyring:

    gpg --list-keys

Task 3: Key Exchange and Encrypting/Decrypting Messages

  1. Pair up with another person and share your public keys and usernames.

  2. Import your partner’s public key into your keyring and confirm it appears in your list.

  3. Create a text file (text.txt) containing any information.
    Encrypt it using your key and your partner’s public key:

    gpg -e -u "sender_username" -r "receiver_username" text.txt

    Use the --armor option if you want to send the message in ASCII format.

  4. Send the encrypted file to your partner via private email.

  5. Decrypt a received encrypted file:

    gpg -d filepath/filename.gpg

    or

    gpg -d filepath/filename.asc

  6. Open and review the decrypted text file.

  7. Manage or delete keys:

    gpg --delete-secret-keys "username"
gpg --delete-keys "username"

Self-Study Task

  1. Using the links above and man gpg, investigate how to use gpg to create a digital signature.
  2. Identify advantages and limitations of PGP, including key management and trust models.
  3. Determine what information can be identified from PGP metadata.

Best,

Ali.

Copyright © 2026 • Created by Ali Jaddoa

Page last updated: Tuesday 03 March 2026 @ 11:22:40 | Commit: 2d70ffb