I know what it means, I know it's a key. Past that, I don't..

can someone explain (in more detail than "yes" or "no"):

1. What's the purpose of it if you post it on your webpage or on the public?

2. Are there special programs to give you only email messages with your PGP key in them or something to eliminate bulk mail?

3. What are other methods of email privacy?

thanks in advance-

~kyle

www.thawte.com (http://www.thawte.com)

http://www.linuxnewbie.org/ubb/eek.gif

PGP is a system where you actually have two keys; one private or secret key, and a public key. You only post your 'public' key for others to use. Never ever let anyone else access your private key(s). The idea is that if If I send you an email encrypted using your public key and my private key, the only way to decrypt it is using your private key and my public key. That way a) you are the only one who can read it, and b) you know it was from me. Similarly, if I 'sign' a document, or file, w/ my key, you can use my public key to verify that it really was me that signed it and that it hasn't been altered in any way.

Some links to good information can be found here:
http://web.mit.edu/network/pgp.html

A lot of people in the Linux world are switching to Gnu Privacy Guard, or GPG, which is intended to be a patent-free replacement for PGP. I think if you learn pgp first, then GnuPG shouldn't be a problem.

Monte

milanuk is generally right, except for 1 thing. To send an encrypted email to Bob, you only need Bob's public key (your private key is not necessary). For Bob to decrypt the mail, he only needs his private key (your public key is not necessary).

Of course, it's probably a good idea to the sender to both sign and encrypt the email to Bob. In that case, the sender needs his own private key and Bob's public key, and Bob needs his private key and the sender's public key.

Did that make sense?

More general info: you can get lots of public keys from servers called 'keyservers'. When you've generated a keypair, submit your public key to one of the internet keyservers (e.g. keyserver.net, IIRC). It will make it easier for someone else to find your public key.

You can get your MUA (i.e. mail client) to automatically sign all your outgoing email (for example, mutt does this).

------------------
- Klamath
Get my GnuPG Key Here (http://klamath.dyndns.org/mykey.asc)
Looking for an open source project to contribute to? Check out the Better Bulletin Board (http://bbb.sourceforge.net)

[continuing your example]

I don't understand how Bob is going to "decrypt" the mail - (this is the part I can't really find answers on) When I see PGP "transmissions" posted on archives and such, I see the "start pgp key" then it displays the key.. then the message - but it's in plain text.. has it already been "decrypted"? -

when I send an email to Bob, I would cut and paste his public key into my email message, then type him a message, then click send.. but when Bob gets it, well.. I really am lost :}

would I use some program to encrypt it specially *based* on his public PGP key?? then his private PGP key would *know* how to decrypt it (based on the public PGP?)

that makes a little more sense to me thinking about it logically.. hmm.. is that how it works? :}

thanks for your guys' time - I hate to just not know about PGP so I'm trying to learn about it ;b

There are 2 primary uses for PGP - encryption and digital signatures. I'll assume we're talking about encryption.

when I send an email to Bob, I would cut and paste his public key into my email message, then type him a message, then click send

No - what you do is: find Bob's public key (either ask him for it, get it off the web or a public keyserver, meet Bob in person and get it, etc). Then you would create a new message for Bob using your email app. When you go the send the message, your app should give you the chance to use PGP encryption. This basically takes the public key of the person you're emailing (Bob in this case), and encrypts the message using it. Now your message is just a garbled block of letters and numbers -- that is, to someone other than Bob (including yourself). When Bob gets it, he uses his private key (+ passphrase) to filter the encrypted text through a PGP program (like GnuPG or PGP), and produce the original plaintext.

Does that make sense?

------------------
- Klamath
Get my GnuPG Key Here (http://klamath.dyndns.org/mykey.asc)
Looking for an open source project to contribute to? Check out the Better Bulletin Board (http://bbb.sourceforge.net)

crystal clear now. thanks mang. hmm, does hotmail offer this feature? I haven't seen it..

No, but it would be quite difficult to do with webmail anyway. You'd need to store your secret key on the remote site, which would be insecure. And unless you were using SSL, the web page would be sent back to you in plaintext, defeating the whole purpose of encryption.

You can try www.hushmail.com (http://www.hushmail.com) if you're interested in secure email over the web. Or just use a regular mail client.

------------------
- Klamath
Get my GnuPG Key Here (http://klamath.dyndns.org/mykey.asc)
Looking for an open source project to contribute to? Check out the Better Bulletin Board (http://bbb.sourceforge.net)

btw PGP Stands for Pretty Good Privacy and was released as by Phil Zimmerman several years ago. This promptly landed him in jail as an arms dealer. At the time congress was considering outlawing the private use of this kind of technology. Fortunately, the FBI, NSA and other government agencies have been very unsuccessful at prohibiting the spread of this kind of technology

Question: a number of people who use PGP have moved to GPG due to possible patent issues... The RSA patent covering an asymmetric cryptosystem just expired. Is there other IP issues facing PGP?

LAstly, if you did want to use this with web based email, it would be simple, just a lot of cut and paste.

First, via email exchange public keys..

When you want to send someone an encrypted message type the message in a text editor and then encrypt to that persons public key. Then cut and paste the cyphertext to hotmail and send the message.
Then to read mail sent to you copy and paste the ciphertext to an editor and decrypt.


Lastly, I'm not sure when or how it's going to be implemented but yahoo just signed a deal with zixmail to offer yahoo mailers some kind of encryption.

More questions?? Post awawy

Kinjana

Is there other IP issues facing PGP?


Well, some of the ciphers (e.g. IDEA) are still patented/restricted in some places.

LAstly, if you did want to use this with web based email, it would be simple, just a lot of cut and paste.

Right, I wasn't thinking. I'm used to mutt handling my encryption for me.

------------------
- Klamath
Get my GnuPG Key Here (http://klamath.dyndns.org/mykey.asc)
Looking for an open source project to contribute to? Check out the Better Bulletin Board (http://bbb.sourceforge.net)

Ah, wow, this is so cool.. but now two more questions arise:

1. where can I get a crypter for PGP (and GnuPGP)

2. where can I get a decrypter?

http://www.pgpi.org

It's all included in the PGP/GnuPG app you use. I'd strongly recommend GnuPG - http://www.gnupg.org

------------------
- Klamath
Get my GnuPG Key Here (http://klamath.dyndns.org/mykey.asc)
Looking for an open source project to contribute to? Check out the Better Bulletin Board (http://bbb.sourceforge.net)

I followed the NHF we have here about gnuPG's and I get this far:


We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
..+++++.++++++++++.+++++++++++++++.+++++++++++++++ ++++++++++...++++++++++.++++++++++.+++++++++++++++
..++++++++++...++++++++++.+++++.+++++..+++++.+++++ .++++++++++.+++++>++++++++++....>+++++............
..............................+++++^^^
gpg: keyblock resource `/root/.gnupg': file open error
gpg: can add keyblock file `/root/.gnupg/pubring.gpg'
Key generation failed: file create error
gpg: can't create `/root/.gnupg/random_seed': No such file or directory
[root@Server public]#


what did I do wrong? :}

also, with gnupg-1.0.4 I can basically write up an email in a text file, then I encrypt with with the person who I intend to send it too (their gnuPG public key) then I edit the file, cut and paste it into a regular hotmail email, and send it away, right?

in retrospect, if someone sends me a garbled email (to my hotmail acct), i can assume they probably have used my gnuPG so I could just cut and paste it to a file and then run some command line argument for gpg, right?

thanks for your help :}

in retrospect, if someone sends me a garbled email (to my hotmail acct), i can assume they probably have used my gnuPG


I think there will be a header and footer telling you it's encrypted. Something like:

-----------BEGIN PGP ENCRYPTED MESSAGE-------

And a similar thing for the end of the message.

what did I do wrong? :}

Why are you doing this as root? It should be done as your regular user account. It's strange it can't create ~/.gnupg - try creating it manually. Also, what are the permissions on the $HOME directory? Make sure that you own it, and you have write, read, ane execute permissions (i.e. octal 7).

------------------
- Klamath
Get my GnuPG Key Here (http://klamath.dyndns.org/mykey.asc)
Looking for an open source project to contribute to? Check out the Better Bulletin Board (http://bbb.sourceforge.net)

blah, i really know how to install stuff, i swear! =)

my home directory is set to /home/public (don't ask, hehe) basically because that's where i have samba hooked up to share to the network and when i save stuff i hate cd'ing over there so i just set it as my default - but anyways, i *know* it has proper permissions..


++++++++++.+++++.+++++.+++++...+++++.+++++.+++++.. +++++..++++++++++++++++++++++++++++++.++++++++++++
+++++++++++++.+++++.++++++++++++++++++++..++++++++ +++++++.+++++>+++++...+++++>+++++>+++++...>.+++++.
.................................................. ..................................................
.................................................. ..............+++++^^^
gpg: keyblock resource `/home/public/.gnupg': file open error
gpg: can add keyblock file `/home/public/.gnupg/pubring.gpg'
Key generation failed: file create error
gpg: can't create `/home/public/.gnupg/random_seed': No such file or directory
[kdavis@Server public]$


sneef, what now? should i try another program or something? it compiled fine, i guess i'm just an idiot =)

mkdir ~/.gnupg

try that then run the proggy again http://www.linuxnewbie.org/ubb/smile.gif