Actions

Difference between revisions of "Privacy"

From RonWareWiki

 
Line 4: Line 4:
 
How to set it up:
 
How to set it up:
 
# Download the GNUPG package.  There is a [http://ftp.gpg4win.org/gpg4win-1.0.9.exe Windows installer] which includes everything (just run the installer).  Linux users will have to consult their distribution for details on whether there is an installable package already (most distros do have a gpg package).  If not, you'll have to download, compile and install it yourself.
 
# Download the GNUPG package.  There is a [http://ftp.gpg4win.org/gpg4win-1.0.9.exe Windows installer] which includes everything (just run the installer).  Linux users will have to consult their distribution for details on whether there is an installable package already (most distros do have a gpg package).  If not, you'll have to download, compile and install it yourself.
# After you have it installed, create your own "key pair".  The command-line way to do that is "gpg --gen-key", the Windows version has an equivalent way using menus.
+
# After you have it installed, create your own "key pair".  The command-line way to do that is "gpg --gen-key", the Windows version has an equivalent way using menus.  In Windows you can start the "GPA" program.
 
# Upload your public key to a public key-server.  Using the command-line, "gpg --send-keys KEYID"
 
# Upload your public key to a public key-server.  Using the command-line, "gpg --send-keys KEYID"
 
#::The "KEYID" is the eight-character ID associated with your new key.  To figure out what it is, do "gpg --list-keys myname", where "myname" is the email you gave GPG to generate your key.  The Windows GUI version has an easier way to accomplish the same thing.
 
#::The "KEYID" is the eight-character ID associated with your new key.  To figure out what it is, do "gpg --list-keys myname", where "myname" is the email you gave GPG to generate your key.  The Windows GUI version has an easier way to accomplish the same thing.

Revision as of 20:19, 20 May 2007

If you want to communicate privately with others, using the Internet; or if you want to keep information on your computer private so that other people cannot access it, you need to use "encryption". The specific kind of encryption I am talking about is called "public-key" encryption, and the specific package I use to encrypt is called "GNUPG".

Installation

How to set it up:

  1. Download the GNUPG package. There is a Windows installer which includes everything (just run the installer). Linux users will have to consult their distribution for details on whether there is an installable package already (most distros do have a gpg package). If not, you'll have to download, compile and install it yourself.
  2. After you have it installed, create your own "key pair". The command-line way to do that is "gpg --gen-key", the Windows version has an equivalent way using menus. In Windows you can start the "GPA" program.
  3. Upload your public key to a public key-server. Using the command-line, "gpg --send-keys KEYID"
    The "KEYID" is the eight-character ID associated with your new key. To figure out what it is, do "gpg --list-keys myname", where "myname" is the email you gave GPG to generate your key. The Windows GUI version has an easier way to accomplish the same thing.
  4. Import my key to your key-ring (that is, if you want to communicate with me!). "gpg --recv-keys ad29415d" (That last is the "KEYID" for my key, "ron@ronware.org").

Testing

After having set up the program (which admittedly is a bit of a pain), you should test it. First thing you want to do, is send your "KEYID" to the person you want to communicate with. For example, if I wanted to communicate with you (I do!) I might send you an email containing the line:

  My KEYID is: ad29415d

Send an email to the person you want, using the program you prefer. There are GPG "plug-ins" for Outlook (included in the Windows installer link above), and for Thunderbird (called "EnigMail). There are other plug-ins as well, check out the GnuPG.org site for details (look at "frontends"). You will want to send the mail encrypted for the recipient you are interested in (you may also want to encrypt it to yourself so you can read it later!).

Caveats

  • It doesn't matter much what key-length you use, as long as it is 1024 or higher. However, the higher it is, the slower things get - and at this point and for the forseeable future such a key is unbreakable.
  • The passphrase you use to access your keys (which you create when you generate a key pair), give access to your private key. Make very sure it is something you will remember, but not something anyone else can guess. Longer is better, up to a point. The phrase is case-sensitive, so "DoG" is not the same as "dog". Do not let anyone else know this phrase!
  • The "keyring" you created (e.g. the place where your private-public key pair is stored) is the lynchpin of the encryption system. If someone gets a hold of it, and knows your passphrase, that person can decrypt anything you encrypted with that key. So be careful, and don't leave it on publically-accessible computers. You will want a backup of it, which you should probably put on a USB key (in fact, keeping your key only on such a USB key is probably the most secure thing you can do).