I’ve read a ton of stuff about asymmetric encryption/public keys. I’ve seen a ton of public key servers. I see message boards/blogs/wikis offering to post my public key.
BUT HOW THE HECK DO I ESTABLISH PGP/PUBLIC KEY ON MY COMPUTER? :smack:
I admit to being a real computer nerd, and I want to explore new technology in security. So I’d like to experiment with public key encryption even if it’s overkill. Where to start? All the Google references point to theoretical/reference stuff or an explanation of how it works, and not how to get it working.
Thanks in advance. Even a link to a good website/document would be useful.
Download the software. Note there is a serious security concern with public keys being posted on message boards, etc. How can anyone know it really is yours? Read about man in the middle attacks. This is a major issue with public key cryptography. Hard to know if a key is yours unless you personally hand it on disk to someone. Most practical workaround under ordinary circumstances is if you have a website that is obviously yours that has been on the Net for a while. Then you can post your private key there. Of course, if your site gets hacked…
Anyhow, I tried it for a while, but it really wasn’t worth the hassle and no one on the other end wanted to download a program just so they could read my email.
This link is just what I was complaining about! I ran exactly the same search. I do appreciate your help, but all of this stuff just tells you how to get hold of the software and store your key. There isn’t much practical information about how to use it. I certainly didn’t see anything about using it with existing e-mail clients.
In any event, I wouldn’t use it with most people anyway. I’m just experimenting. I’m the type that doesn’t feel he understands the stuff until he knows how to use it.
Your private key is secured by the passphrase, which only you should know, and NOT have written down. Physical security of the private key isn’t that important. If a burglar steals your computer, or the disk with your private key, it is useless without the passphrase.
I eventually went to GNUPG (http://www.gnupg.org/ ) which provides distributions of both source and binaries. GNUPG does not distribute the documentation with the binaries; the binaries just contain man pages. The GNUPG site does have a separate documentation area which includes a link to Brendan Kidwell’s Practical Introduction to GPG in Windows. I skimmed through it, and though it’s short, it hits all the points that I was looking for. I recommend it everyone including non-Windows users.
All the Google references point to theoretical/reference stuff or an explanation of how it works, and not how to get it working.