Slashdot Mirror
An Introduction to GNU Privacy Guard
An anonymous reader writes "This is a great article about GnuP . . . "In the first half of this article David Scribner discussed the various uses that GNU Privacy Guard could bring to your business or personal life in enhancing security of your digital documents and files, as well as the basics in getting started with GnuPG. As there is so much more to public-key security than command-line operations, in this second half I will continue with importing and exporting keys, building (and keeping) your 'web of trust' sound, and a few of the more popular GUI front ends available for GnuPG . . ."
"the first half of this article David Scribner discussed ..., in this second half I will..." (emphasis mine).
Gee, could the "anonymous reader" be David Scribner giving himself a shameless plug? See the above quote.
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
I know new systems and apps create a bit of a chicken-and-egg situation.. but what about this:
Today, I use GnuPG for a variety of tasks. Whether it's to sign and encrypt documents and contracts submitted to businesses, encrypt local files, or merely sign email and files to ensure others that no modifications have occurred to its content, I have found GnuPG to be a 'must have' utility kept close at hand when using my PCs.
Documents submitted to businesses? Signing e-mail and files?
Signing these sorts of things is a good idea, but just how many businesses are going to have GnuPG at this time. And, since you can get the files out of the e-mail without HAVING to use GnuPG (GnuPG just checks the authenticity), it doesn't really encourage people to go get it either.
Considering most people are Joe Schmoes using Windows, I can't see how using GnuPG (or even PGP, for that matter) to sign things is going to help anyone at this stage.
Outlook Express is the most common e-mail client out there today and from all the e-mail I get.. I'd say that far less than 1% of its users actually use the signing and encryption features that are BUILT IN! GnuPG is an add-on, at best.. so can we really see millions of people using this?
Until the public learn more about security, how it works, and why it should be used, I think not.
mogorific carpentry experiments
Now, how do I keep my passphrase a secret while the CIA is bashing my toes with a hammer?
I guess my point is that public/private key encryption is only as good as the passphrase which is often not good enough, and that the ecryption is way stronger than your personal torture threshold anyway.
There are a number of applications GPG is good for besides cryptography -- I use it to verify Linux kernels from kernel.org, for example -- but I know several people that think that once you figure out how to encrypt mail you're secure. It's probably good to keep in mind that there are a number of other points at which an attacker can read the mail (swapfile, keyboard logger, trojan, net sniffer, tempest, emp, and buffer overflows) even if the application itself is bugfree and Open Source, so remember that this is just supposed to be a component in a system of security.
If your family and friends insist on using Outlook or Outlook Express, try pointing them at G-Data's, GnuPG Pluginfor those MUAs. One downloadable Win32 .exe and a simple installation puts buttons to sign/verify and encrypt/decrypt on the toolbar.
/we/ all know how to encrypt our email. But until "Your Mom" (TM) can do it, it's not useful.
Because let's face it,
--
E_NOSIG
sorry if this is a repost..
why run from Vincenzo?
Well, there's your collection of bestiality porn.
Why is it that people assume that anyone who wants to communicate in private has something to hide?
Boobies never hurt anyone. - Sherry Glaser.
the "original" handbook does the job much better.
I've been interested in GPG and encryption for a couple of years, but I can't convince any of my friends to be interested. So all my communications with them must be unencrypted.
:(
I know you can get it as easy as typing in a password when an email gets sent, but that's too much effort for my parents and most of my friends.
An actual method of attacking encryption listed in a text book on it in my university library listed the "Rubber-hose" method. The point is to remind people that if you are protecting something of value, monetary or other to someone else, you can not just rely on encryption. Beating you and/or your loved ones,ie. wife, children, pets is an effective means of getting access to something protected by encryption. Luckily I never tell my wife any of my passwords, and last time I checked my cat wasn't talking.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
GnuPG is definitely, certainly, and really the way to go with secure encryption and security systems, here's why..
The simple and undisputed -- and often argued -- fact is that we've come a long way, and the majority of large businesses are now using Linux as both a desktop and server OS which means these things are efficient to do.
GnuPG's (shouldn't that be GNUPG since GNU is an acronym?) ease of use and its (almost) seamless connectivity with most Linux communications applications allows the average workplace user to encrypt documents and files, preventing PR-disasteresque leaks -- such as the recent leak of the salary details of Lycos' staff to InternalMemos.com..
The seamless and very good encryption and decryption system allows staff of lots of big and small companies to simultaneously access and also work on their valuable and secure data as usual, but means that even if sites like F**kedCompany get hold of it, it's no use to them. Copying and pasting will just result in goobledygook being produced.
GnuPG's automated hyperencryption routines also mean that it could have some extremely useful and oblique military functionality, allowing our brave patriots to fight terrorism around the world.
One such example is in the encryption of numeric data such as numbers like digits between 0 and digits under 9. These encyrption routines can improve the efficiency of this by 24%.
mogorific carpentry experiments
I use gpg all the time, and I know a lot of other people that use it, it is a great program.
However, a problem is that people just aren't good enough at getting their public-keys out. I hope this article enlightens them on the lovely export option. Which I believe to be one of the most important parts. I receive email from a lot of lists everyday, LUGS, development lists and so on. A lot of this email is signed, but a lot of these people obviously don't get the points of signing completely since they haven't got their public key available in anyway (of course some may not believe in the keyservers and so on, and want to be contacted in other ways for key-exchange, but not all are that pre-cautious, some just don't understand), and thus I cannot verify their signature.
Crypto is not necessary about hiding, but can be (as coined Ayn Rand I believe), the minorities protection against the oppression of the majority. And this is something that is vitally important.
What are you doing that you don't want the government to know about?
How about you? When you snail mail, is everything on postcards? Or do you use envelopes, you terrorist?
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
I don't believe most people with 'nothing to hide' will be convinced by this argument for privacy. So, can anyone come up with a concise line of reasoning that will work?
If there is hope, it lies in the trolls.
It's all about hiding, actually. Cause that's what cryptography does.. is.. uh.. hide stuff.
Like the example the writer gave, if your ISP tech knows you're out of town, you could come home to an empty house.
If you're just using cryptography for the sake of using cryptography, what's the point?
One of the problems I always had using pgp/gpg was client support. Getting it to work with outlook/outlook express, then finding something under Linux that would support it, having to scrap together a bunch of tools, all of which were half-written...
I've found a solution. Mozilla and Enigmail. Yes, Mozilla/Netscape mail used to be putrid. It's better with Mozilla 1.0+, honestly. It has progressed to a competitive state, and I switched over totally about a month ago.
Enigmail is a plugin for Mozilla that handles signing, encrypting, decrypting and verifying mail for you.
GnuPG, Mozilla and Enigmail all work on Windows as well as Linux, so I have the same tools no matter what I'm running.
You still need a key manager, but getting what mozilla+enigmail provides is a great step forward.
I run it on Windows, so rightly it should be the GNU/Windows XPrivacy Guard...
One small success story for our small e-commerce company. We need a method of securing credit card numbers for long-term storage after the sale (yes we needed to do this). To do this we used GNUPG to create a "data vault" that ensured that credit card numbers in storage would be safe even if a hacker gained complete control over the machine.
We used GNUPG to split the public key and private key across two machines. The first machine is our public web server and can encrypt and store the credit card numbers with the public key but not decrypt the them. The second machine (very secured and locked down) can encrypt the data but doesn't have access to the stored credit card numbers. A third machine (in this case a browser) shuttles the between the systems when it is needed. Since the machines are widely separated it makes any successful attack much harder.
We chose GNUPG because it already had robust public/private key encryption built in and used an open standard for representing data so that data recovery would be possible even 10 years from now. The only complaint is that there was no API available so we had to create a COM wrapper for it (yeah I know it was a IIS/ASP site).
If anybody is interested in the source code for the COM wrapper it can be downloaded here:
http://www.i15.com/video/gpg2.zip
Normal disclaimers apply. I take no responsibility for what it may do but we have used it without complaint. Only works when GNUPG is in batch mode. It is one of those things that I always meant to release under the GPL but didn't get around to it because I never did documentation. BTW here is how it works:
Set gpg = Server.CreateObject("qwerksoft.gnupg")
gpg.SetPath %Path%
gpg.SetRecipient %Recipient%
s = "Text to be encrypted"
Response.Write s + vbNewLine
s = gpg.Encrypt(s)
Response.Write s + vbNewLine
s = gpg.Decrypt(s)
Response.Write s + vbNewLine
Maybe if a few more people use this it will reduce the number of stolen cards floating around.
After reading Crypto, and now this Slashdot post, PGP has really heightened my interest.
I'm particularly curious about how secure the GnuPG key-gen process is. How "pseudo-random" is it? What's the likelihood that I could generate a private key matching someone else's?
Should I be concerned?
-jc
GPG only runs from the command line meaning apps that wish to call it have to construct a command-line, invoke gpg and parse the results in a pipe. It desperately needs a LGPL lib to relieve this burden. The only lib so far is gpgme which is GPL making it pretty useless for this task.
There's an excellent system called rubberhose that solves the problem of 'rubber hose' cryptography (ie. beating the key out of someone.)
You give it a certain amount of space to play with and then can encrypt "aspects", sets of files, to it. Each aspect is protected with a passphrase and there isn't any way to show how many or few there are. If tortured, the user has no way to prove they've given up all the keys - making it possible for them to hold out.
It's also possible to use it to give people some information and limit disclosure - the documentation has an excellent example using safehouses.
Yes, we can at times convince companies to use it. I work for "a small hardware manufacturer in the Valley" that has/had a licensing arrangement for the commercial PGP application - that cost a fair amount of money per seat. Many of our Engineers adopted GnuPG for thier Solaris and Linux boxen and use it daily. I (and several of my co-workers) use it in our department, and we actively promote it's use throughout the company.
It can work quite well, especially when you get a couple of tech-savy executives clued into the concept of using digital signatures on their documents.
Never attribute to malice what can as easily be the result of incompetence...
So I suppose you use postcards for all of your mail. Love letters, hate mail, whatever... you have nothing to hide so why should you use an envelope?
Or when you do get mail that's in envelopes (hmmmm, why do they presume your need for all that secrecy?), I suppose you take all the bills and letters out, scan them, and post them on the internet? No?
Then just what is it that you're trying to hide? You're clearly either a terrorist or a pornographer (both are generally held in approximately the same regard in most places). Or could it be that you just want the smallest amount of privacy? Could it be that it's not the damn business of every postal worker who comes in contact with your letters to read them?
Yes, indeed it could. It's called privacy. And the public will continue to insist on more internet privacy once they begin to understand it. The problem right now is that they actually THINK that nobody can read their e-mail but the person they're sending it to. Boy are THEY in for a surprise.
RP
Chance of Slashdotter having a girlfriend: 1 in 10.
Chance of that girlfriend being HOT: 1 in 214
Chance of a HOT girlfriend studying Computer Science: 1 in 4,735,286
Oh no, all your combined probabilities have lead to the world's lowest probability and have caused the inprobability drive from 2217 to go into a spasm and cause a quantum paradox! WE'RE ALL GOING TO DIE AND IT'S ALL YOUR FAULT!
mogorific carpentry experiments
Yes it does follow (which I'll explain below), but their brief reasons are not doing a lib are pretty weak. Requiring each client to write a shim that constructs a command line argument, executes the gpg command and parses the data through a pipe is not going to makes things any safer. Writing such a shim and safe is hard. There are just so many extra potential extra points of attack that any benefit of running gpg in a seperate process are totally lost. Not only that, but stuff runs much slower which might not matter.
This makes it seem like your objection has to do with the license chosen, not whether the program is an executable or a library. And yet I see no argument supporting your desire to switch the license to the Lesser GNU GPL.
I could live with a shim if it was one hardened by countless clients hammering on it and developers. Unfortunately gpgme won't get that because it is GPL. What the hell is the point of a GPL library? It might be great for GNU zealots but even other open source projects such as Apache can't link to it.
Widespread adoption needs an LGPL library. It is that simple. I like GPG and I want to see it used pervasively but that's not going to happen while it's threatening to infect everything it touches.
A key aspect of GPG's success is to increase its adoption by users of Windows. For those of you wishing to give GPG a whirl, I suggest you get WinPT, an easy-to-use, open-source frontend.
Here are four easy steps to get you up to speed:
If you use Outlook Express, you would definitely want to get GPGOE, a GPG plugin that seamlessly integrates with Outlook. You need to install and configure GPG for this - the easiest way is to install WinPT as described above [WinPT also makes key management very easy, so there's a bonus]. Then you can download and install GPGOE, and enjoy all the goodness of integrated GPG functionality within OE.
Play around with the different options available; make a key for fun; experiment and learn. Spread the word. But most of all, have fun and be excellent to each other
Good luck.
Use ISO 8601 dates [YYYY-MM-DD]
Fair enough but consider the alternative which is to invoke the command line gpg and read the results from a pipe. If the app is exploited then it can run gpg any way it please and furthermore all those command-line args, pipes and parsing provides lots of extra points of attacks for the hacker to exploit the app in the first place. So there is no significant reason to do it this way, it just makes stuff run slower and adds a big layer of complexity.
My girlfriend is HOT and so are the GPG messages she sends me when she knows that nobody else can read them...
...there is no sig...
Question..
If you have girlfriends, why the hell are you on this site? This site is for sad assholes like me who have nothing better to do than troll to get some attention in our pathetic little lives (I'm not joking, and I'm not going to post this on Anonymous Coward for once).
mogorific carpentry experiments
If you're just using cryptography for the sake of using cryptography, what's the point?
Let's assume that GnuPG has a bug; on one level, it could be an incredibly stupid one, so the kid with the box down the street can decrypt your messages, or it could just be the NSA has enough resources/special hacks to do a brute-force on it. Or even someone's willing to do rubberhose decryption on you. If you encrypt everything, it's harder to tell what's worth decrypting. If you encrypt one thing, then everyone knows which message is the valuable one.
If I encrypt all my messages, the fact that my message to someone@sharif.edu.ir is encrypted tells no one anything - it could just be random programming stuff. If I only encrypt that message, I may be looking a rubberhose decryption, or more subtle and reliable forms of interigation. (And just might, in RL.)
Tell me, how is it easier for a library routine to check its arguments than it is for a program to check its command line?
There is *less* of a security boundary between an application and a library than between two applications, not more. Programs can only talk to programs using argv[], envp[] and pipes -- well-defined interfaces enforced by the OS, while talking to libraries can be done using any random ad-hoc set of function calls and global variables. Also, a library can never shield its own data structures; it shares its heap with the application.
There's only a parsing issue if the actual email application can't handle gpg's textual output and barfs; gpg itself already has to consider its input untrusted anyway. But gpg's private data won't be exposed in either case.
Perhaps gpg could use a more computer-readable output format, but that's all. I think data-based interfaces as opposed to library calls are *good*. The less language binding the better. Less chance of pointer errors or code slowly turning into callback spaghetti that way.
Oh, and you saying that fork(), dup() and exec() are fundamentally hard tells me that I wouldn't trust you with a gpg.so.1 either. Sorry.
All generalizations are false, including this one. (Mark Twain)