Privacy
From RonWareWiki
Communication over the Internet is public - anyone with sufficient technical skill can monitor any communication. Email, in particular, is usually sent in a "plain text" format (even HTML mail is essentially plain text). If you want to communicate privately with others, or if you want to keep information on your computer private so that other people cannot access it, you need to use "encryption". The specific kind of encryption I am mentioning here is called "public-key" encryption, and the specific package I use to encrypt is called "GnuPG". There are other systems available, but I use GnuPG.
Why encryption?
There are a number of reasons one might wish to use an encryption package such as GnuPG:
- Protecting financial information. For example, credit card or bank account numbers. Using GnuPG it is possible to send such information over the Internet without concern someone might intercept and abuse it.
- Keeping business plans secret. One may wish to discuss sensitive or proprietary information in an email. Using GnuPG it is possible to do so without concern the competition will access it.
- Personal discussions. Anything of a private or personal nature may be discussed in a GnuPG encrypted email without worrying a person who should not be privy to the information will read it.
- Proof of sender. When an email is digitally signed with GnuPG, one may be absolutely certain the mail originated from the purported sender. The return email address is not sufficient for this purpose.
Besides these uses, it is trivially possible to encrypt documents on one's own machine so that third parties cannot access them. Similarly, one may encrypt a backup file and put it in a public storage area without concern it will be read.
Installation
How to set it up:
- Download the GNUPG package.
- Windows users: There is a Windows installer which includes everything (just run the installer).
- Linux users: consult your distribution for details on whether there is an installable package already (most distros do have a gpg package). If not, you'll have to download, compile and install it yourself.
- After you have it installed, create your own "key pair".
- Windows: start the "GPA" program, which will allow you to do all the steps mentioned here.
- Linux users: you can run "kgpg" and do things the GUI way like Windows users, or type "gpg --gen-key"
- Upload your public key to a public key-server.
- Windows: GPA has an easier way to accomplish the same thing.
- Linux: "gpg --send-keys KEYID", where "KEYID" is the eight-character ID associated with your new key. To figure out what it is, do "gpg --list-keys myname", where "myname" is the email you gave GPG to generate your key.
- Import my key to your key-ring (that is, if you want to communicate with me!).
- Linux:"gpg --recv-keys ad29415d" (That last is the "KEYID" for my key, "ron@ronware.org").
Testing
After having set up the program (which admittedly is a bit of a pain), you should test it. First thing you want to do, is send your "KEYID" to the person you want to communicate with. For example, if I wanted to communicate with you (I do!) I might send you an email containing the line: My KEYID is: ad29415d
- NOTE: My public key "fingerprint" is: 8130 734C 69A3 6542 0853 CB42 3ECF 9259 AD29 415D . If you use some other key, it is not mine!
Send an email to the person you want, using the program you prefer. There are GPG "plug-ins" for Outlook (included in the Windows installer link above), and for Thunderbird (called "EnigMail). There are other plug-ins as well, check out the GnuPG.org site for details (look at "frontends"). You will want to send the mail encrypted for the recipient you are interested in (you may also want to encrypt it to yourself so you can read it later!).
Caveats
- It doesn't matter much what key-length you use, as long as it is 1024 or higher. However, the higher it is, the slower things get - and at this point and for the foreseeable future such a key is unbreakable.
- The passphrase you use to access your keys (which you create when you generate a key pair), gives access to your private key. Make very sure it is something you will remember, but not something anyone else can guess. Longer is better, up to a point. The phrase is case-sensitive, so "DoG" is not the same as "dog". Do not let anyone else know this phrase!
- The "keyring" you created (e.g. the place where your private-public key pair is stored) is the linchpin of the encryption system. If someone gets a hold of it, and knows your passphrase, that person can decrypt anything you encrypted with that key. So be careful, and don't leave it on publicly-accessible computers. You will want a backup of it, which you should probably put on a USB key (in fact, keeping your key only on such a USB key is probably the most secure thing you can do).
Keys
Ron's public key
pub 1024D/AD29415D 19/08/2004 Ron Aaron <ron@ronware.org>
Primary key fingerprint: 8130 734C 69A3 6542 0853 CB42 3ECF 9259 AD29 415D
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
mQGiBEEj98MRBADu6bzKOrObpQpNURSLmKa/HDrsjdpgJ9tus+cVjOv00pMnzzQo
0b66Ck67gepBOMclFpOqo+E5vvK7pO0Z7EvpP6VTaIPhc7OcirDEMttSYK7nhove
o1vnUhlIfEn5rPT4H7QiO4VzKZiUYv9czdyugnk5YSb6NqbPSWnZpR5EIwCg+2Ok
HqsnlzvJa75DKHrFX7aHVHUEANgibtghMZY0SZvoasFwN9kXAb41uWs8WMoany5H
GtEi1RMYoSc0tOiaTLwGZAO5u4if50R2gbKZRcgIbGzSYqg/g+uP0pvdqucGJEPE
7/yQZVoCdVaoCyGKs8fVztyWRbqEzWahU6as1X1p1Y+nV75g+7Vvd/X04QBy0RjI
okrmBACR2W4+eA8BpKLbLpZvrvNjWXFMDyCjmyazxIoh41bTlxl3mZVgXqexuvJb
mv4n4sGjysG3XPJy8lLusG5GwetsDhMsfR49A7johbqt7Cc1hXZv0RjSaTH5oigC
mJZ26DPHdRbui2fzstW3BoQgLpfLnQGH3hocNJj8rMcQVxGQnbQbUm9uIEFhcm9u
IDxyb25Acm9ud2FyZS5vcmc+iF4EExECAB4FAkEj98MCGwMGCwkIBwMCAxUCAwMW
AgECHgECF4AACgkQPs+SWa0pQV3KmACg8m8/67Gg/kiCY3ixHVoa1Cu4NLcAnRS+
yg9zaHB5iOY3VxgdeFzMCGW+uQENBEEj98MQBADXfmpkWxYKUe16BW+A1NR+cSc+
WIHyN78VCOrHUt5fm2S9IR/YYGeqpHjkA21KC+Dk6OGjDGbngLkxt2dUH91/MVv6
Qcv9gCS4P85myvTnRZNYVD48WRLAt4GsL13sv8HWwUcyI64Q10QaHjM750XS8Rpm
CIz4LvclWGSkEoMT5wADBQQAjn3oj9T32rwl7m3OVB1bAg/mOhc8r9glq0nE6G+A
B+Om+b0PFewjmYutXsFCD4Wub6czeheG9/GOiCynIxqY7b/6shNgaHK1JyKrG6o5
WLC1XwkSasfnQV2m+ezBh/cl3cqhPq4CjepbzIlx55e/BhRznJAi78S3AcZACIw5
gVWISQQYEQIACQUCQSP3wwIbDAAKCRA+z5JZrSlBXTiyAKCkQkv85he+DiCKHYkc
7N5paAUhfgCePiqw6CBz9A8t5eY2kSxn+ld5E30=
=woj+
-----END PGP PUBLIC KEY BLOCK-----
Esther's public key
pub 1024D/7A25C70B 20/05/2007 Viviana Aaron <viviana@ronware.org>
Primary key fingerprint: 84F5 23CA 8A59 89DF 5063 334E 6B33 7F96 7A25 C70B
BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
mQGiBEZQkPwRBAChRhZdaBSCQmVLhWC/CDLMucyvC7Z2chltFYGap6ANMsn+xFZd 6vF0ypyX9s7YrHH6yVDP7d2LCENlVAE4GPp0Zll4if8GAG04IcuhA+EnHNOqsdWF eig9C86UfgdDytSAVoZCL1sJRNk+NGPZmLxcxvi4eO+5gl4yBtOSsGoyXwCgm6mq X6n3o/rb3A+wBU/O5VgRficD/2eHI9rS2ApHcPAufxpf5Gmgdemu8bjSFFDDfJR3 p/ZxmfeJMDRGszXsEkG6k5DckF1UYGQNCjnZN7vSTrDwyLaXh8SAtO7BOSYCfEsk POFwCqjczyulRpLNrNfDTW1f9gfj4jxyN06VKJE58WdMYWvDB4LbL4gqj0cb0SZ3 aF3YA/9KqYAVt2YeCwdon2TPQLExINcsDydOpamvNk/11oJJ0T3M1SpQJONTpTa/ lk0/+YKWOf5ESJvhHeJba0gzq737U688dS3hKDJyV0UrktEhrxEfagUTWqXn2ls2 a+LfGvytM3VSB/I79PdRZZmmnHg26ixBAppai7N4R+J/d7ccfrQjVml2aWFuYSBB YXJvbiA8dml2aWFuYUByb253YXJlLm9yZz6IYAQTEQIAIAUCRlCQ/AIbAwYLCQgH AwIEFQIIAwQWAgMBAh4BAheAAAoJEGszf5Z6JccLikMAn3ShOc840w4iMg8YIHSD 3wJXRy6SAKCaMHJnucnl87uP5l8tAkt3Xkz39YhGBBARAgAGBQJGUJNDAAoJED7P klmtKUFdBA4An2v+2vOXeiCcBzhbSD3R2K2lM/q9AKD4Jg6gASOmMHMa9yZrI/nv BMXLo7kCDQRGUJD8EAgAizTWX8fdsUeRrMsWMGz6SX+55tu7TIYMc0mejTi29wTJ bVFB/DEDWXBOckqWS7xuVALQGBxBOcYyiqiC7ASMh7n7Hy1dDGKRzDiBAY3KgxKC jz3Pk3sv/lOom+lljJSz0SzwSY5JauJyjZEYaT0oOobXoOf+WlTf3O5FSb5eYXSl AA4VjrWMqb44+/0y3l6iHfRCV9npPJtl9oniL1R25/YgD9BVm0EG3VDZTfntOt5Q M6oTEFIxsFR99WJLrBqMfXh6FofyqHMyLO3UVmj6TH3uum2igIjG7PWHVbec47zw vy6QhwT1pb425bMol7PGkpRH7U8zr0sGhbPfL4G+JwADBQf/bQPF2+dfUCJkkTdm 0R2xPQLKbNrI9MHjA5ZC1JxZhhC+8CX5Hmk0XadO/D5FchuEeRC/wBjnFAPSb2F3 w4nTMIogQJB30YSxRrfm9xOB1Y+FODBkDlBnJrGLOu8BKk80i4U1se8qzHdABuya RjoCE3d61iOr1UTJFXfxXMtf5euAGVGti6PUH5WbELOf/HqbMKGhfthXgDrEzqY2 o2bJgRLPf2vE68qeTEv5qt8PhYntzANooIGGNWXLIfgygYtTSEl2sxqQ/kInBhsX pubDWzagHyocZ3iGdjDCf9dj1p+PG07e3dWTyJ4frAt7u/mUajbqLxWDcQ1tr+up CsDnvIhJBBgRAgAJBQJGUJD8AhsMAAoJEGszf5Z6JccLjCMAmwdCTCEd3We0hqTL joGQ/iLdmSAuAJ0XEZeoRxgUPPg6QPGachZU+Np5IQ== =cDdx
END PGP PUBLIC KEY BLOCK-----