!

Email: Using Your PGP Tool to Update Your Email Address Settings

Overview

The University of Pittsburgh is removing the plus sign from all “@pitt.edu” email addresses and requiring SMTP authentication for all outgoing IMAP email as of November 1, 2009. These changes provide enhanced security and make it easier to send messages from off-campus locations using email clients such as Microsoft Outlook and Mozilla Thunderbird. If you use PGP Desktop Email,  GnuPG, or other open source PGP software encryption tools with your email client, you will need to add an alternate email address to your existing key pair.

Important: You only need to take action if the email address attached to your key includes a plus sign (for example, jdoe+@pitt.edu). If the email address attached to your key does not include the plus sign, no action is necessary.

Note: You can also generate a new key for an email account instead of adding an alternate address to your existing key. However, if you choose to generate a new key, you will also have to revoke any existing key for that account.

The instructions in this help sheet involve three basic steps:

  1. First, make sure you have completed the steps in the help sheet Configuring IMAP Email Clients to Enable SMTP Authentication.
  2. Open your PGP or GnuPG application and add a new University Computing Account email address to your existing PGP key.
  3. Verify that the newly added key is displayed. When you use your email client to send PGP or GnuPG encrypted emails from your University Computing Account, select this key.

PGP and PGP Desktop Email for Windows

  1. Open PGP Desktop, click the PGP Keys Control box, and then click All Keys in the Control box. You should see a list of all your keys.

    Note: Please note how your name is listed. You will need to enter your name in this format later in the document. Your email address has a plus sign (+), which you will not provide when you add a new email address to this key.

    Encrypt PGP Email Image 1
  2. Click on the plus sign (+) next to the name of your key.
  3. Right click on the email icon (which resembles an envelope) and select Key Properties.
    Encrypt PGP Email Image 2
  4. In the Key Properties window, click the Add Email Address button.
    Encrypt PGP Email Image 3
  5. A PGP New User Name window displays. Enter your name and email address in the text fields provided, then click OK.

    Note: You should enter your name in the same format that was used to create the key (see note in step 1). When you enter your email address, do not include a plus sign (+).
    Encrypt PGP Email Image 4
  6. In the PGP Enter Passphrase for Key window, enter the password that was used to create the key. Click OK.

    Note: Unless you check the Show Keystrokes box, you will not see the password as you type it.

    Encrypt PGP Email Image 5
  7. Close the Key Properties window.
  8. In the All Keys window you will see that a new email address has been added to the key. If you click on the plus sign (+) sign next to the name, you can see the signature that is associated with it.

    Encrypt PGP Email Image 6

    Note: You can have multiple usernames or email addresses for the same key. The key signature should not differ.
  9. Close PGP Desktop.

PGP and PGP Desktop Email for Mac

  1. Open PGP Desktop. Use the mouse to control-click on your key to show the key info. Select Show Key Info.

    Encrypt PGP Email Image 7
  2. Your key info will display, as shown below.

    Encrypt PGP Email Image 8
    Note: Please note how your name is listed. You will need to enter your name in this format later in the document. Your email address has a plus sign (+), which you will not provide when you add a new email address to this key.
  3. Click on the plus sign icon (+) next to the name of your key.
    Encrypt PGP Email Image 9
  4. In the Add Name window, enter your name and email address, then click OK.

    Note: You should enter your name in the same format that was used to create the key (see note in step 2). When you enter your email address, do not include a plus sign (+).

    Encrypt PGP Email Image 10
  5. In the PGP Enter Passphrase for Key window, enter the password that was used to create the key. Click OK.

    Encrypt PGP Email Image 11

    Note: Unless you check the Show Keystrokes box, you will not see the password as you type it.
  6. Close the Key Info window.
  7. In the PGP Desktop window, notice that a new email address has been added to the key. If you click on the plus (+) sign next to the name, you can see the signature that is associated with it.

    Encrypt PGP Email Image 12
    Note: You can have multiple usernames or email addresses for the same key. The key signature should not differ.
  8. Close PGP Desktop.

PGP and PGP Desktop Email for Linux

These instructions are designed as a set of general guidelines for Linux so that you can use GnuPG to modify existing PGP key pairs. Please note that many different versions of Linux exist. Commands or operations that are unique to a specific version of Linux may not be covered in this document.

Note: You will need to know the password that you used to initially set up your PGP. If you do not remember the, then you will need to create a new key pair. If you choose to generate a new key, you will also have to revoke any existing key for that account.

  1. Make sure that you are at the root level command prompt for your computer [root@yourcomputer ~]#. Type the following command:

    gpg --edit-key " John Doe (Optional Comment) <jdoe+@pitt.edu>" adduid
     
  2. You will see user and permission information displayed for the previously existing key pair. Type your Real Name in the following format: John Doe. Press the Enter key.
  3. Type your University email address (for example, jdoe@pitt.edu). Press the Enter key.
  4. If you like, enter an optional comment that is associated with the key (for example, the University department with which you are affiliated). Press the Enter key.
  5. All the information you have entered in Steps 2 through 4 will be displayed in a single USER-ID line with the following format:

    John Doe (Optional Comment) <jdoe@pitt.edu>

    Type ‘O’ to accept your user information and press the Enter key.
  6. When prompted, enter the password that protects the previously created secret key and press the Enter key.
  7. You will see user and permission information for the account followed by information for the email accounts associated with the key pair. You may see information such as that contained in this example:

    [ultimate] (1) John Doe (Optional Comment) <jdoe+@pitt.edu>
    [unknown] (2) John Doe (Optional Comment) <jdoe@pitt.edu>

  8. At the Command> line, type Quit, then press the Enter key.
  9. When you are prompted to save your changes, type Y, then press the Enter key.