Site contents

• Home
• Blog : All Unkept
• Software projects:
  • Kio-Sword
  • Django Validator app
  • CCIW source code
  • Bible verses web app
  • Flatfile
  • CodeExporter
  • VBA Modules
  • Web site code
  • Sylpheed-Claws
• Articles
• Fractals
• Personal info
• Web sites:
  • cciw.co.uk
  • z squared plus c
  • life2002.org.uk
• GPG/PGP key

GnuPG/PGP information

Current e-mail systems are like sending all of your mail on postcards - in fact, it is much worse than that, as it is much easier to collect and store copies of people's e-mails. There is good evidence that in some countries, including the US, it is already common practice for government agencies to intercept and store copies of many people's private e-mails without their knowledge. Also, when receiving e-mails, you generally have no guarantee that it is really from the person it claims to be from. If either of these concern you (they should!), you might be interested in GnuPG/PGP.

GnuPG and PGP are two pieces of software that implement the OpenPGP public key system, which is now a standard for encryption and digital signing of e-mails. More and more e-mail clients are supporting it, making it very convenient to use. GnuPG stands for 'GNU Privay Guard' and PGP stands for Pretty Good Privacy.

How it works

For someone else's explanation, see Why I use GnuPG, but here is my brief attempt.

The PGP standard uses a public key system. This involves each user having two keys: a secret key (which they reveal to no-one) and a public key (which is usually distributed to those who need it or uploaded to a 'key server'). To explain the system, I'll use 3 characters commonly used in descriptions of these kind: Alice, who sends a message, Bob who receives it, and Charlie, a generally unscrupulous fellow who may be able to intercept messages in between.

Alice uses the GnuPG or PGP software to generate two keys, her public and private keys. These keys form a special pair, such that if you use one to encrypt some data, only the other one will be able to decrypt it. Bob also has his own key pair. A key pair allows for two things:

• Encryption: If Alice wants to send a message (or any data) to Bob that she doesn't want the whole world to see, she can encrypt it using Bob's public key. Since Bob is keeping his private key very secret, only he will be able to decrypt it. It is safe to send the encrypted data even through untrusted systems (such as sending e-mail over the 'net).
  
  
• Digital signing: When sending the message, Alice can use her secret key to add a digital signature to it. Bob, or anyone else, can then use Alice's public key to check the signature against the data it accompanies, and can ensure that it has in fact come from Alice. If anyone tampers with either the data or the signature on the way, the checking will fail.

Of course you can also use a combination of these two, to both sign and encrypt data.

Key trust

For either of these, you have to be asbolutely sure you have the correct key, otherwise the system is useless.

For example, suppose Charlie has uploaded a public key to a key server under Bob's name and e-mail address. If Alice then uses this key to encrypt some data to send to Bob, not only will Bob be unable to 'open' it, Charlie will be able to read the secret message (if he can intercept the message somehow).

Similarly, suppose Charlie has uploaded a public key under Alice's name. Charlie could then use the corresponding secret key to digitally sign a message, and send it to Bob. When Bob checks the signature, it will have Alice's name on it, and he could be fooled into thinking it really came from Alice.

Because of this, you have to set a 'trust' level for every key in your keyring. In order to know whether to trust a key, you have to check with the owner. The key 'fingerprint' is a good way of doing this. If you have obtained a public key with my name and e-mail attached, your GnuPG/PGP program will be able to show you the fingerprint. To be sure the key is genuine, you need to check the fingerprint with me, either in person or by phoning me. My key fingerprint is also on my key page for convenience.

Key signing

Another way to work out whether keys are genuine or not is to use 'key signing'. This uses the digital signing method described above. One person attaches his or her digital signature to someone else's key, to say in effect "I believe this key is genuine". Normally this signature is then uploaded to a keyserver, and it will be distributed with the public key from then on. For example, suppose you already have Alice's key, and know for sure that it is hers (you spoke to her in person and checked the fingerprint). Then you get a key claiming to belong to Bob, and it's got Alice's signature on it. If you trust Alice sufficiently, you might decide that Bob's key is in fact genuine on that basis alone. In fact, you can configure your software to set an 'Owner trust' level for each key. This is the level of trust you place in the owner of the key (e.g. Alice) in terms of her reliability in signing other people's keys. This is different from whether you believe a certain key belongs to her (which is called 'Key trust').

If you're absolutely sure that a key is genuine, and you have your own key pair, you might consider signing it yourself, and uploading it to a key server.

Software

GnuPG is available for free on a wide variety of platforms.

E-mail: A growing number of e-mail programs now support GnuPG/PGP, including high quality free software such as Mozilla Thunderbird. Check this list for starters. These make it very convenient to use encryption and digital signing from your e-mail program.

Instant Messaging: There are some IM clients that now support GnuPG! If you have one, you can encrypt your IM messages to communicate securely with no possibility of eavesdropping. The one I use is Kopete, which is part of KDE.

Outlook Express: without a plugin, Outlook Express doesn't support PGP signing. But worse than this, it has a bug such that instead of just showing the digitial signature as an attachment, it shows the whole message as an attachment (or so I'm told). Since there are plenty of other good reasons to stop using Outlook Express, that's what I suggest you do!