Changes between Version 9 and Version 10 of gpg


Ignore:
Timestamp:
Apr 17, 2008, 1:19:36 PM (12 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • gpg

    v9 v10  
    99GnuPG (also known as GPG) stands for Gnu Privacy Guard ([http://gnu.org Gnu] is a project to create an entirely free operating system).
    1010
    11 [http://gnupg.org GnuPG] is an implementation of the open standard called [http://openpgp OpenPGP]. An open standard means that a group of people have come together to decide on how to communicate. The OpenPGP folks have defined a way to communicate encrypted information securely. GnuPG is one program (of many) that uses this standard. GnuPG is free software and is one of the most popular implementations of OpenPGP.
     11[http://gnupg.org GnuPG] is an implementation of the open standard called [http://openpgp OpenPGP].
     12
     13An open standard means that a group of people have come together to decide on how to communicate. The OpenPGP folks have defined a way to communicate encrypted information securely.
     14
     15GnuPG is one program (of many) that uses this open standard. GnuPG is free software and is one of the most popular implementations of OpenPGP.
    1216
    1317== In plain language, what does it mean to encrypt my email? ==
     
    2327== Public and private keys ==
    2428
    25 The technology behind encryption relies on keys. Keys are nothing more than a small text file with a lot of random-seeming characters in them. [http://current.workingdirectory.net/pages/identity/ My gpg key] can serve as an example for the curious. In order to use OpenPGP you will need to generate a public/private key pair. That means you will need to keys: one that is public and one that is private. These two keys are generated together because they have a special relationship:
     29The technology behind encryption relies on keys. A key is nothing more than a small text file with a lot of random-seeming characters in them. [http://current.workingdirectory.net/pages/identity/ My gpg key] can serve as an example for the curious. In order to use OpenPGP you will need to generate a public/private key pair. That means you will need two keys (two small text files with a lot of random-seeming characters): one that is public and one that is private. These two keys are generated together because they have a special relationship:
    2630
    2731 * A message encrypted with the public key can only be de-crypted with the private key
    2832 * A message signed with the private key can be validated with the public key
    2933
    30 As the names imply, the private key should be kept private. You should never, under any circumstances, share this key with anybody else. The public key, on the other hand, should be freely given to everyone.
     34As the names imply, the private key should be kept private. It should be saved on your personal computer, preferably one that nobody else has access to. Furthermore, it is typically password-protected, meaning that every time you want to use it, you will need to enter a password. The public key, on the other hand, should be freely given to everyone.
    3135
    3236If someone has your public key, then they will be able to send you an encrypted message ''and'' if you send them a signed message, they will be able to verify your signature.
    3337
    34 It's important to note: you cannot send someone an encrypted message unless you ''already'' have their public key. In other words, it is not enough that ''you'' know how to use OpenPGP, your intended recipient must also know how to use, have it setup on their computer, already have a public key, and already have given you their public key. Similarly, you cannot verify someone's signature unless you already have the sender's public key.
     38It's important to note: you cannot send someone an encrypted message unless you ''already'' have their public key. In other words, it is not enough that ''you'' know how to use OpenPGP, your intended recipient must also know how to use it, have it setup on their computer, already have a public key, and already have given you their public key. Similarly, you cannot verify someone's signature unless you already have the sender's public key.
    3539
    3640== How do I use GnuPG with a Macintosh and Thunderbird? ==
     
    7680 * click on "Help" (File menus at the top)
    7781 * "About Mozilla Thunderbird"
     82
     83== What else should I know about GnuPG? ==
     84
     85An important concept not covered here is: how do you get other people's public keys? OpenPGP uses a decentralize model of trust called [WikiPedia:Web_of_trust web of trust].
     86
     87GnuPG only encrypts the ''body'' of your message - not the headers. Therefore, when sending email, your email address, the date of the message, the recipient and other information regarding the transport of your message may be sent in the clear. One solution to that problem is to only work with providers that use [http://help.riseup.net/security/measures/#use_secure_email_providers providers that support starttls] (note: May First/People Link, despite not being included in the list, does use starttls).