[Discuss] PGP Basics

Jerry Feldman gaf at blu.org
Mon Oct 10 19:06:28 EDT 2011


On 10/10/2011 11:14 AM, Kyle Leslie wrote:
> Hola Everyone.  With the recent talk about PGP and the growing need for its
> use at my company I have been trying to learn about it.
>
> I am having a mental roadblock with it's usage though.  I understand how
> encryption works but I can't seem get through a few of the basics.
>
> How do I get my Key(s), how do I encrypt and and send things encrypted
> (email, zip's, etc.)  I am getting closer by playing around with the tools I
> have but how do I know what are trusted sources.
>
> For instance, my company has a PGP Key server with the Symantec PGP Desktop
> application.  For what ever reason 64 bit windows is having a lot of trouble
> with the application so I decided to look else where and check out some open
> source tools.  I came across GNUPG.org, downloaded the windows version and
> have created a key.  So now I have my PGP Fingerprint (if I understand
> correctly that is my shared key so you can open my files).  Do I then need
> to get the public key from the "Trusted Sender" in order to open anything
> they send?  (I realize this is a windows app I am talking about
> specifically, but the functionality of encrypting sending and receiving
> files should be universal).
>
> Suggestions for good apps to run on linux machine?
>
> Are there separate applications/plug-ins I can download for email clients?
Basically you have 2 keys. a private key that is normally stored locally 
in your keyring, and the public key that is also in your keyring. 
Normally we upload our public keys to a public key server, such as 
subkeys.pgp.net or pgp.mit.edu.  Most Linux email programs either work 
directly with GNUPG or have plugins, such as enigmail on Thunderbird. 
One issue I have with enigmail is that occasionally when I get an update 
on Thunderbird, I need a new enigmail, but I may have to wait a day for 
it to become available on the repo.

In general, in email we either digitally sign our emails so that the 
recipient knows the email comes from us, or if we need to encrypt the 
email, it is both encrypted and signed. So, if you have an email program 
with a PGP or GPG plugin, you should detect that the email is signed, 
and if you download my public key from a keyserver you will know it came 
from me.

There are many ways to establish trues, such as an exchange of ids at a 
key signing party, or privately.

If I want to send an encrypted email to you, I would encrypt it with 
your public key so that the only way to decrypt it is with your private 
key. Same way, if you want to send me an encrypted email, you can send 
it encrypted with my public key, and I would decrypt it with my private 
key. Theoretically this should work in Windows 64-bit.



-- 
Jerry Feldman<gaf at blu.org>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90




More information about the Discuss mailing list