FAQ #20


What is PGP Security, can I use it to protect my emails and files?


Pretty Good Privacy (PGP)

What is it?

This decription from Wikepedia.org describes the PGP perfectly.

Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991 while working at PKWARE, Inc.

How Secure is it?

If you use a 2048 bit RSA key the estimated time to crack the encryption would take you more time than the universe has currently existed assuming the universe is a little over 13.75 billion years old. So the govermental agencies would have a hard time trying to use a brute force attempt. In fact they most likely expend all efforts to get your private key that try to crack the encryption. Source http://www.digicert.com/TimeTravel/math.htm


You can find the concepts in this mini guide GPGMiniHowto I will elaborate with illustrations to help you grasp the concepts explained as this always helps.

Traditional Encryption

The traditional method to encrypt and decrypt any secret message is to use a key for the encryption, the key could be a cipher or any other routine that is used to scramble the message. The encryption key is given to the recipient of the message to enable decryption. The following illustration illustrates this method of encryption.

encrypydecrypt.png Traditional encryption, using a key to encrypt and decrypt a document.
With this basic method the main security concern is the encryption key, should it fall into the wrong hands your encryption is useless and all messages will be decoded by the persons with the copied or stolen key.

PGP Encryption

With PGP you generate two keys, one key is your private key that you must keep secure, not a good idea to keep this key on your PC/Laptop, mine is kept on a USB stick. The other key is a public key that you can freely distribute, it is impossible to generate the private key from the public one. The public key is used to encrypt any message that is to be sent, when the message is received your private key is used to decrypt the message. You can reply to the message by encrypting it with the public key of the sender who will then use his private key to decrypt the reply you sent. The following illustration shows the sequence of events.

The only weakness with this method is the exchange of the public keys, should your public key get intercepted and your identity get mimicked the person in the middle will be able to start sending and receiving with an invalid key. To prevent this the public key can be signed by by other people that know you to verify its authenticity.

GPG (Open Source Implementation)

The open source free implementation of PGP can be found on the GnuPG website it includes a full package that also includes key management (signing etc..) but you will find most Linux distros allow installation using a package manager.

The following demonstrates how to create your PGP keys, encrypt and decrypt a file.

gpg --gen-key
Creates a new key-pair, you may choose an encryptioni algorithm, DSA/ElGamal (not patented) is recommended. Key length decides the integrity of the keys, 1024 bits is standard size, 2048 is maximum for GPG.

The key-pairs are stored by default in the users home directory ~/.gnupg/ but you can change this by editing the file ~/.gnupg/gpg.conf.

homedir /media/petersnr/peter_goudmansnr/.gnupg
keyring /media/petersnr/peter_goudmansnr/.gnupg/pubring.gpg
secret-keyring  /media/petersnr/peter_goudmansnr/.gnupg/secring.gpg

GPG in Action

Encrypt a file..

gpg -e -r petersnr@inivitiv.com somefile.txt
Decrypt a file..
gpg -d somefile.txt
(Enter your passphrase)

Announcement, inivitiv.com will soon be offering an email hosting service that will offer you a personal email account on the inivitiv.com mail server with all email stored using PGP keys so that your mail cannot be snooped upon by anyone! Please mail the author petersnr@inivitiv.com if you are interested, there will be a nominal yearly fee for this service, please come back regulary for updates as to when this service will be available.
Date Entered2014-05-31




Not comments found