lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
hpr-knowledge-base/hpr_transcripts/hpr0222.txt
Lee Hanken 7c8efd2228 Initial commit: HPR Knowledge Base MCP Server 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00

103 lines
21 KiB
Plaintext
Raw Permalink Blame History

Episode: 222
Title: HPR0222: Alpine GPG
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0222/hpr0222.mp3
Transcribed: 2025-10-07 14:15:20
---
.
.
.
This is Hacker Public Radio.
My name is Collette Two and let's see in my last episode for Hacker Public Radio.
I was talking about setting up Alpine with iMap for your email.
And Alpine of course is the text-based email client for this successor to the email client.
And so I was talking about that setting up with iMap and this time I'm going to be talking a little bit about setting up
Gnu PG which is the Gnu Privacy Guard which is the free version of the popular PGP encryption method with Alpine.
So this way if you are using Alpine and you want to encrypt your messages or digitally sign your messages then you can do that very easily.
And in fact for my money it's easier to do to manage this kind of thing in Alpine than it is in something like Thunderbird which I love.
Thunderbird I use that a lot as well on a different machine but just in terms of your GPG keys and things like that I don't know for me Alpine makes it pretty easy and just really understandable.
So even if you don't end up using Alpine on a permanent basis kind of stepping through this and getting an idea of what's going on in the back end kind of helps you understand it when you maybe go over to a more gooey centric app where the encryption isn't necessarily just built in and stuff like that.
And it's always good to have that kind of level understanding of something.
I'm going to assume that you have some familiarity with GPG or PGP that kind of encryption because this isn't really an episode about how to do that it's about how to do that with Alpine.
So I'm going to I'll just kind of briefly touch on the GPG stuff and if you need more information about that I know that Linux reality had an episode on how to do that how to set that up.
I didn't episode on it on my the bad apples podcast it's the bad apples dot info somewhere in season two there's a show where I'm talking about how to set up you know GPG on your system.
And I do a fairly good job of explaining it.
So if you need background in that just go go check out a different you know episode of a different show or something and and that'll hook you up.
Okay so you know I mean if you've got a key already if you've got your GPG key already in place then all you need to do really is import that key for each user.
On to the on to your system that you're setting up or if it's already on your system then you don't need to do anything you already have it.
Now if this is a new system and if you're new to GPG then you're just going to do the GPG space dash dash gen dash key that's G in dash key K.E.Y.
And that's going to then step you through some questions pretty simple questions about you know your your name how how long your key how many how long you want your key to be I think default is 2048 but they also have a 4096 I think available I think that's what I usually do.
And then there's comment field and all this other good stuff you it's pretty pretty basic.
And from there you you basically can that'll make a new directory in your home folder dot G in UPG and that's going to give you a private and public key.
And just to verify this you might want to type in GPG space dash dash list dash keys space and then some word some key word that you've just entered when you made your key.
So if your name is clatu or if my name is clatu then I might just type in clatu and it will show it'll list all keys that have the string clatu in it.
So if I know someone else named clatu I might see you know his name as well or his his public key as well.
But that's how to filter it down and you you don't have to do it by name you can do it by the email address you can do it by a you know part of the strings you can't remember if there was one A or two A's in clatu so you can just do KLA whatever.
So that lists all that kind of information that's fine that's good and that just kind of confirms to you that yes you do have your key set up your little key chains in your system you can look at keys you can delete them you can add to them whatever.
If you are new to this you might want to also upload your key to a key server because part of the way that this works is that the public key is public and the more people who know that you are a real person with this key assigned to you with your knowledge basically the better.
So spreading that key around the public key benefits you because it basically adds to the level of trust that people can have in that digital signature.
The other side of this is like key signing events where you meet people in person they tell you to your face that yes they have this key they know this key exists is what they use.
And then you can have them sign that key they can digitally sign it and that really boosts the level of trust because then you assume that if you get a message from them with that key associated with it you know even if someone had gained physical access to their system it would ask them for their password.
So you know I mean the chances of someone faking that at that point gets pretty slim.
So to make it public to post it onto a key server it's free it's easy need to be hooked up to the enter web and you type in GPG space dash dash key server and then equals.
And then you need to know what a good key server is the one that I've used simply because that's the one that I know about is x-hkp colon slash slash pgp.mit.edu dash of space dash a space dash dash send dash keys and then your key ID.
And the key ID is something that you can find when you list your key ring like when you do the when you do the peak the GPG space dash dash list dash keys and then the description that will show you your key ID.
So that will upload it to a key server once it's there it's going to spread you know like wildfire it'll it'll go from one key server to the next to the next to the next and then if someone gets an email from you and maybe you guys have been talking for a while and then you start using this little key and you say yeah hey I'm using a key now so if you want to import it you can they can just they can just say okay GPG dash dash import or actually they can even search keys.
And they'll find your you know the key server will look their computer will look at the key server for you know quite to and they can add your key via the key server.
Now that's not to say that they still shouldn't make an attempt like if you both are at a Linux best or something like that or a hacker con.
Then you know getting together and saying hey yeah look I'm caught to I've really been emailing you and yes that's really my key that's not a bad idea because that's just that's where the the trust level gets boosted a lot because then it's a face to face kind of thing you're aware that there's a key out there with your name attached to it and you are using it and that helps that helps the whole theory of you know just being trusted and secure.
Okay so and finding a public key is free easy but I'm not going to go into that right now because it really has nothing to do with what I said this episode is about which I will get into right now which is how to set up Alpine or Pine actually this will work with Pine as well with new privacy guard.
So you know you might know you know I mean the idea of GPG what there are two sides of it there's one where you just you sign the email which basically attaches your public key file to I think to the email and it sends it you know to someone and they get to see the key and they can compare it with the key that they have.
You know they have for you on file and if it's the same then great. Now that's that's not really encryption that's just you know kind of making your public key known and you know you're signing the message and it does require your password in order to get that on there but that's that's not really that's not encryption per se.
The way to really encrypt it is to send basically a text file or or a file through GPG and the way you do that it's pretty easy to remember GPG space dash E space dash A space dash R so it's like I always think of ear EAR I don't I mean I don't know why but that's what it spells and that makes it kind of easy so it's GPG dash E and dash A dash R
and then the description of the file that you want to the description that you want to encrypt with the the key that you want to use and then the file name.
And again the description you probably should just use your key ID but I think there's some flexibility there but I generally just use my key ID and and then you put the file name in and that generates a something called file dot dot ASC and that is an encrypted file and if you want to decrypt it that's GPG space dash D.
And then you give it the name that you want to the file to be decrypted as and then you space and then the input file file dot ASC slash GPG it will ask you for your pass phrase and then it will decrypt the message.
Okay so obviously going out writing an email not sending it yet taking all that text running it through GPG and then pasting that you know and then forwarding that encrypted file along I mean that would be really weird not very easy to use.
So what you can do is set alpine up to do all of that stuff for you and here's how you do it. So first of all you need to figure out where exactly your GPG file was installed depending on what unix box you are on what unix system you're on this may actually differ.
For instance let me see at home on Linux which I'm not in front of right now I'm pretty sure it goes into user usr slash bin could be wrong.
USR slash I think the USR bin but don't quote me on that and then on OS 10 at work which is naturally where I am right now since I love to actually get any work done here.
I would rather record hacker public radio it's going into slash usr slash local slash bin maybe that's where it goes on Linux as well.
And to find that out anyway the point of all that was you simply type in which GPG W H I C H GPG and in case you if you don't know that command that's a pretty handy one if you type in which and in the name of an application it will show you like the absolute path of where that application is so it's a pretty handy one and then you do.
And now what you can do is you're going to go into your dot G N U P G folder in your home folder and you will want to create some aliases.
The aliases should go into some sort of reasonable directory what I usually do is I just put them in my slash slash home slash class who slash bin folder so that's just you know your home folder or if you're on you know a different unique system like here on OS 10 at work I put it in you know it would be slash users with a capital U slash you know.
And then you have to work slash bin and obviously there will be no bin folder by default in your home folder you'll have to make that yourself again depending on what system you're on.
So what I usually do is I'll do I just make some aliases in here so because GPG have a couple of different functions and making aliases helps alpine sort of divide up the work.
So I do an ln da space dash s space space slash us are slash local slash bin slash GPG space encrypt and then I do a soft ln space dash s space us are local bin GPG space sign and then I do the same thing with GPG.
So we've got an alias to GPG one is called encrypt one is called sign and one is called GPG.
All right so we've established aliases in our home our home slash bin folder and now we're going to go into the GPG configuration file I mean the alpine configuration file and make some changes to that.
That should be in your home folder and at least on the systems that I'm running it is it has always been called dot pine RC.
Now I am not 100% sure if that's because I had pine installed first and upgraded to alpine later or if that's just what alpine uses but it is dot pine RC but if you don't see one of those and you've just installed alpine for instance then maybe look around for a dot alpine RC.
Now this configuration files pretty well set up already and what you will want to do like if you use for instance vim then you can just do a forward slash for a search and then just type in like display or display dash filters and that will take you right down to the section of display filters.
And for that you're going to want to type in some kind of leading sort of a header so it'll be display dash filters equals and then underscore leading all in capital letters and then parentheses quotes and you know something to indicate that this is a PGP encrypted message.
So you could put like you know PGP encrypted message or something like that you know just to indicate to the to this will show up in the email message basically.
And then you close the quotes close the parentheses and another underscore space you know slash home slash quite to slash bin slash GPG space dash dash decrypt and that's one option so then you're going to do comma and then you'll do you'll do the same thing basically it's going to be.
But this is going to be for signed for the signed message so that'll be underscore leading parentheses quote you know PGP signed message underscore and then your home directory which would be what slash home slash crap to slash bin slash GPG space dash dash decrypt so you've got one message one leading message for the.
The PGP encrypted message and you got one for the signed message and then you're going to want to do a search there and then for sending dash filters okay so the display filters is one thing and that's where you're where you're getting an email from someone that's been either signed or encrypted and you need to decrypt that information and then there's the sending filters where you're sending something out and you want to pipe your message through GPG.
So that it is encrypted okay so sending dash filters equals slash home slash plot to slash bin slash sign remember that's the alias that we had created to sign something and then space dash dash clear sign comma so that's the signing and then we're going to do the encrypting so now.
So we just did a comma so then it's going to be space slash home slash plot to slash bin slash encrypt space dash a space dash dash encrypt space dash are space underscore recipients underscore space dash are space.
Or whatever your your email address that is assigned is associated with your key you put that there and then you're going to want to do also another comma and you're going to do slash home slash plot to slash bin slash GPG space dash a space dash space dash dash encrypt space dash are you going to do that.
Space dash are space underscore recipients underscore space dash are for the recipients of the space plot to the bad apples done so and that will set up so that when you're sending a message you have a couple of different options and there'll be one for signing there'll be one for encrypting and then there's another one that I don't use but it's good to have.
So there you go now when you send email via alpine you'll be you'll go in and you'll compose the message is normal so hit C for compose and you'll type in the person's name you'll tab use tab completion to get their their email address there go down to the subject field you type in the subject and you go down to the message body and you might have it set up you know to use pico to compose your email.
You might have it set up to use them or emax whatever but you write your message and then you get back into alpine from whatever text editor you were just using to do the message and then you can you're you're going to hit control X to sign at a send it but then what's going to happen you know it confirms it says you want to you want to send this right now what you can do is you can hit either control in for next or control P for previous and you can go you can scroll through filters.
And these filters are things that we just set up and there's gpg there's encrypt and there's sign and gpg is going to encrypt and sign the email that's the one I actually do not use no that's the one I do use encrypt is the one I do not use that's the one that only encrypt and then sign that's the one that I do use that only signs it.
So the two that I generally use are gpg and sign I don't really know the purpose of just encrypting something without finding it but it's there if you need it.
So gpg you just hit control in and it'll show you the different options so just remember gpg does both encrypt just encrypts and sign just signs.
The alpine will resolve who you are sending the email to and it will use that person's public key if it is in the key ring to encrypt all the information against your information.
So receiving it is even easier there's not really anything to do when you're receiving the email alpine just it's got access to your key ring it knows who people are it knows who you are it will ask you for your passphrase to get into your gpg but other than that it's pretty transparent it's pretty simple.
And that's pretty much all there is to it it's pretty easy to do that and once you do it a couple of times you start really understanding what's going on in the background with gpg and stuff like that and I think it will help you if you don't already use it for GUI apps I think it will help a lot.
That kind of understanding what's going on in the background because the whole concept is the key ring and stuff like that used to really confuse me but once I started kind of looking through my own key ring on the on the command line and seeing how you know alpine was sending everything through filters and stuff like that that really and making those aliases myself so that I really saw okay so this is this is this aspect of gpg this is just the encryption aspect okay this is just the finding aspect.
This is both you know you just made a lot of sense to me so play around with that if you want and give it a shot in alpine and use it you know a lot it's a really good method of sort of establishing a sense of trust and belief that who you are speaking with via email is really the person that you believe you are speaking with.
So after you hit the filters you know like if I were to say okay yeah I want to I've got this message I want to send it to someone I want to send it to enigma at agripolic radio and I want to sign it then or I want to sign and encrypt it then when I when I hit return again it's going to take me to new screen and ask me for my passphrase to to make sure that I'm really me you know that not that someone didn't just come in while I was away I sat down on my computer and decided to send it.
And decided to send enigma you know hate mail with encrypted and signed by me it would be something that was that was clearly me because I needed to know you know they have they would have had to figure out the passphrase now the passphrase is the weakest link in this whole equation you know the gpg or the pgp encryption that's really strong I'm sure it's not perfect but it's I mean it was basically you know the federal government like tried to arrest the person who came up with the method.
So I mean it's pretty good if it scared them it's really it's pretty strong in fact I don't even think it's distributed I know the gpg one isn't even distributed from us soil it's it's something that you get from an FTP server not within the you know quote national boundaries of the us of a so I mean it's pretty strong stuff.
The weak link is your passphrase and your physical security.
So if your computer is like open and you walk away and you don't have like a screen saver that comes on to you know tip to lock your screen or you know you have automatic login turned on so that someone could just reboot and be in your invite you know on your computer that's bad.
And the number two if you've got a stupid passphrase you know then that's that's going to make in theory I mean that would be obviously a lot it would be a lot easier for someone to come in and pretend to be you sign and encrypt your mail your their email in your name you know and people people would be getting email thinking that well it's got their it's encrypted and it's signed by them.
It must really be quite to but in reality I just I had a stupid password you know so passphrases are important physical security is important and knock yourself out have fun it's cool new privacy guard very good application I've confirmed that it works quite well on both Linux and OS 10 pretty darn sure they have a version for windows.
So you know use it keep track of your keys to it's kind of like one of those things for once you want to kind of establish a key for yourself you want to definitely make a backup file that dot GNU PG folder in your home directory which now that I'm talking about it I think I will do after I finish recording right now.
Thank you for listening to H.P.R. sponsored by Carol dot net so head on over to C.A.R.O dot anything for all of us.
Thank you very much.
You
Reference in New Issue View Git Blame Copy Permalink