Yesterday, I wrote an article on a project being funded in the UK to snoop on private netizens “just to make sure” they’re behaving themselves. I also touched briefly on some ways to protect yourself and keep your communications private. Well today, I’m going to go a little more into details on setting up a crypto system on your laptop or PC to make sure all your messages are only read by the people you want to read them.

OK – so you’re sat in front of your laptop eager to start. The package we’ll be installing today is called GPG (Gnu Privacy Guard) which is a play on the original standard, which was initially introduced by a program called PGP (Pretty Good Privacy). So first a quick outline of what PGP is, and how it works:

Public Key Cryptography

Firstly, one of the systems employed by PGP, and therefore GPG (as it’s based around the same standard), is one called “Public Key Cryptography” – also known as Asymmetric Cryptography. This form of crypto eliminates the need to transfer the key to decrypt a message from Person A (Alice) to Person B (Bob). In the traditional Private Key Cryptography, if Alice wanted to send an encrypted message to Bob, she would encrypt it with her Private key. She would then send Bob the encrypted message. The problem is that she still needs to send him her key so that Bob can decrypt it.

And there lies the problem. You could argue if Alice has a secure channel to send the key to decrypt the message to Bob, she could also use the same channel to send the message unencrypted! In steps Public Key Cryptography:

As the name suggests, there is a “public” key – a key that anybody can have – in fact the more people that have it the better. When you use a Public Key Cryptography system (like GPG) you will create a key-pair: A public key and a private key. The public key, as I’ve said, anybody can have and it has only one purpose – to encrypt messages. Once the message has been encrypted it can only be decrypted with the private key. Think about that for a second. Alice wants to send a message to Bob. She encrypts the message with Bob’s public key and sends the message. The only key that can decrypt that message is Bob’s private key. Eliminating the need to transfer a secret key between the two people. The reason it works is to do with maths, and a bit beyond this article – but needless to say the two keys are related to each other in a way that makes it impossible to derive one from the other. So where does GPG fit into all of this?

Well now you have a good handle on the concepts of Public Key Crytography, you too will need to create a key-pair when you start using GPG. You will also need to give your public key to anyone who wants to communicate with you. There are also Key Servers on the internet that act as giant repositories of public keys – searchable from within the GPG Key Manager – you can add your newly created key for the world to see a little later.

Next page – Installing the Software

Pages: 1 2 3

This entry was posted on October 8, 2008 at 5:30 pm. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Posted in Tutorial by Paul Godden View Comments