Forgot your password?
typodupeerror
Encryption Security Your Rights Online

An Introduction to GNU Privacy Guard 121

Posted by michael
from the can-never-be-too-cautious dept.
An anonymous reader writes "This is a great article about GnuP . . . "In the first half of this article David Scribner discussed the various uses that GNU Privacy Guard could bring to your business or personal life in enhancing security of your digital documents and files, as well as the basics in getting started with GnuPG. As there is so much more to public-key security than command-line operations, in this second half I will continue with importing and exporting keys, building (and keeping) your 'web of trust' sound, and a few of the more popular GUI front ends available for GnuPG . . ."
This discussion has been archived. No new comments can be posted.

An Introduction to GNU Privacy Guard

Comments Filter:
  • by wackybrit (321117) on Thursday September 26, 2002 @04:38PM (#4339321) Homepage Journal
    I know new systems and apps create a bit of a chicken-and-egg situation.. but what about this:

    Today, I use GnuPG for a variety of tasks. Whether it's to sign and encrypt documents and contracts submitted to businesses, encrypt local files, or merely sign email and files to ensure others that no modifications have occurred to its content, I have found GnuPG to be a 'must have' utility kept close at hand when using my PCs.

    Documents submitted to businesses? Signing e-mail and files?

    Signing these sorts of things is a good idea, but just how many businesses are going to have GnuPG at this time. And, since you can get the files out of the e-mail without HAVING to use GnuPG (GnuPG just checks the authenticity), it doesn't really encourage people to go get it either.

    Considering most people are Joe Schmoes using Windows, I can't see how using GnuPG (or even PGP, for that matter) to sign things is going to help anyone at this stage.

    Outlook Express is the most common e-mail client out there today and from all the e-mail I get.. I'd say that far less than 1% of its users actually use the signing and encryption features that are BUILT IN! GnuPG is an add-on, at best.. so can we really see millions of people using this?

    Until the public learn more about security, how it works, and why it should be used, I think not.
  • by Meat Blaster (578650) on Thursday September 26, 2002 @04:42PM (#4339357)
    There are a number of applications GPG is good for besides cryptography -- I use it to verify Linux kernels from kernel.org, for example -- but I know several people that think that once you figure out how to encrypt mail you're secure. It's probably good to keep in mind that there are a number of other points at which an attacker can read the mail (swapfile, keyboard logger, trojan, net sniffer, tempest, emp, and buffer overflows) even if the application itself is bugfree and Open Source, so remember that this is just supposed to be a component in a system of security.
  • GnuPGExch (Score:5, Informative)

    by Rupert (28001) on Thursday September 26, 2002 @04:48PM (#4339406) Homepage Journal
    If your family and friends insist on using Outlook or Outlook Express, try pointing them at G-Data [gdata.de]'s, GnuPG Plugin [gdata.de]for those MUAs. One downloadable Win32 .exe and a simple installation puts buttons to sign/verify and encrypt/decrypt on the toolbar.

    Because let's face it, /we/ all know how to encrypt our email. But until "Your Mom" (TM) can do it, it's not useful.
  • GPG 1.2 available (Score:2, Informative)

    by kingkade (584184) on Thursday September 26, 2002 @04:49PM (#4339409)
    sorry if this is a repost..
  • Re:GPG 1.2 available (Score:3, Informative)

    by kingkade (584184) on Thursday September 26, 2002 @04:52PM (#4339426)
    It's at gnupg.org [gnupg.org], BTW ;-)
  • by Dareth (47614) on Thursday September 26, 2002 @04:52PM (#4339433)
    An actual method of attacking encryption listed in a text book on it in my university library listed the "Rubber-hose" method. The point is to remind people that if you are protecting something of value, monetary or other to someone else, you can not just rely on encryption. Beating you and/or your loved ones,ie. wife, children, pets is an effective means of getting access to something protected by encryption. Luckily I never tell my wife any of my passwords, and last time I checked my cat wasn't talking.

  • by bourne (539955) on Thursday September 26, 2002 @05:38PM (#4339721)

    One of the problems I always had using pgp/gpg was client support. Getting it to work with outlook/outlook express, then finding something under Linux that would support it, having to scrap together a bunch of tools, all of which were half-written...

    I've found a solution. Mozilla [mozilla.org] and Enigmail [mozdev.org]. Yes, Mozilla/Netscape mail used to be putrid. It's better with Mozilla 1.0+, honestly. It has progressed to a competitive state, and I switched over totally about a month ago.

    Enigmail is a plugin for Mozilla that handles signing, encrypting, decrypting and verifying mail for you.

    GnuPG, Mozilla and Enigmail all work on Windows as well as Linux, so I have the same tools no matter what I'm running.

    You still need a key manager, but getting what mozilla+enigmail provides is a great step forward.

  • by Anonymous Coward on Thursday September 26, 2002 @06:20PM (#4340033)
    A more likely scenario (and one that I've witnessed personally) is that the recipient asks "Hey, can you please stop attaching that annoying signature thing to all your emails?"
  • by Compact Dick (518888) on Thursday September 26, 2002 @08:22PM (#4340771) Homepage

    A key aspect of GPG's success is to increase its adoption by users of Windows. For those of you wishing to give GPG a whirl, I suggest you get WinPT [winpt.org], an easy-to-use, open-source frontend.

    Here are four easy steps to get you up to speed:


    If you use Outlook Express, you would definitely want to get GPGOE [winpt.org], a GPG plugin that seamlessly integrates with Outlook. You need to install and configure GPG for this - the easiest way is to install WinPT as described above [WinPT also makes key management very easy, so there's a bonus]. Then you can download and install GPGOE, and enjoy all the goodness of integrated GPG functionality within OE.

    Play around with the different options available; make a key for fun; experiment and learn. Spread the word. But most of all, have fun and be excellent to each other ;-)

    Good luck.

A CONS is an object which cares. -- Bernie Greenberg.

Working...