-----BEGIN PGP SIGNED WEB-PAGE-----

Noel Bell's PGP Page

http://www.pobox.com/~ejnbell/pgp.html

PGP - Pretty Good Privacy ™

Public-key encryption for the masses.

Philip R. Zimmerman, the author, describes PGP as follows:

PGP (Pretty Good Privacy) - RSA public-key encryption freeware, protects E-mail. Lets you communicate securely with people you've never met, with no secure channels needed for prior exchange of keys. Well featured and fast! Excellent user documentation.
PGP has sophisticated key management, an RSA/conventional hybrid encryption scheme, message digests for digital signatures, data compression before encryption, and good ergonomic design. Source code is free.

Read Phil Zimmerman's reasons for writing PGP (from a live radio interview).
Read the reasons why YOU need PGP.

PGP is now available for many operating systems as source code, and in most cases in a "ready to run" binary form. These include PC ( DOS & OS/2 ), Macintosh, Amiga, Archimedes, Atari, VAX-VMS, and Unix. The Generic Source Code is also available.

You will normally require your particular flavour of PGP and a "front-end" or "shell".

As most people, these days, seem to prefer a GUI interface, "Front-Ends" or "Shells" are available for DOS, Windows 3.xx, Windows 95, Windows NT, Macintosh, and OS/2. Alternatively you may prefer to use an " add-on" for your favourite mailer.

PGP is written in American English, and has been translated to many other languages.

Dependant on which version of PGP you use, it will come in American English, plus possibly two or three other languages. If your native language does not come with PGP, individual language modules are available. A translation to " The Queen's English" is now available.

Full documentation for PGP is supplied in the distribution package, and is also available in a variety of different formats.

Most countries place export restrictions on PGP. Check before you send a copy of PGP to a friend in another country. For these and other reasons, PGP is sub-divided into two basic types. MIT PGP for use in the USA only, and International PGP for use elsewhere. A quick look at the history of PGP would help to explain the reasons behind this.

In a few countries, the use and/or possesion of PGP is either illegal or frowned upon. I believe these to include Russia, the People's Republic of China, Iraq, Iran, and France. Even the European Union and the United Kingdom are considering restrictions. Yaman Akdeniz of Leeds University seems to be keeping a pretty good watch on what is happening in the UK. Get the International Cryptography Law Survey by Bert-Jaap Koops for more information specific to your country. Do not send un-solicited encrypted e-mail to your friend in a country which has banned strong encryption, or regards its users with suspicion. You could lose a friend - to a firing squad!

PGP mail can by detected by such Government organisations as NSA in the USA, or their equivalents in other countries. It is a relatively simple matter for even an amateur hacker to monitor e-mail for key-words such as "PGP". If you need to disguise the fact that you are sending and receiving encrypted mail, the simplest way is to use steganography. This is a process which turns your encrypted mail into something resembling plain text sentences and paragraphs. My favourite way of using stego is with Enhanced PGPn123, a combined PGP and Stego front-end for Windows (16 or 32 bit).

For those of you who think that making "secure" submissions of things like your credit card details, to web sites, using your favourite browser with its built-in encrypted mode, read this, written by someone with real hands-on experience.

In some ways, cryptography is like pharmaceuticals. Its integrity may be absolutely crucial. Bad penicillin looks the same as good penicillin. You can tell if your spreadsheet software is wrong, but how do you tell if your cryptography package is weak? The ciphertext produced by a weak encryption algorithm looks as good as ciphertext produced by a strong encryption algorithm. There's a lot of snake oil out there. A lot of quack cures. Unlike the patent medicine hucksters of old, these software implementors usually don't even know their stuff is snake oil. They may be good software engineers, but they usually haven't even read any of the academic literature on cryptography. But they think they can write good cryptographic software. And why not? After all, it seems intuitively easy to do so. And their software seems to work okay. (From the PGP documentation)

Useful Links

Protect your public key from Tampering

Most of us make our PGP Public Key available on our web-sites. How often do you check to make sure that it has not been tampered with ?

Let a robot do it for you! Just visit the URL-Minder and enter the WWW address where your PGP public key is published. Then if it ever changes (or, worse still, is changed for you), you will be notified by e-mail.

Protect your web-page from tampering

Have you signed your Web pages? This page is digitally signed with PGP. Download or save it to your hard drive (as HTML source code) and run it through PGP to check it's authenticity. You can learn more about signed web-pages from the tutorial.

Be a good "PGP-citizen"

Sign your own key to authenticate it.
Exercise great caution when signing other people's keys. Ensure that you have first-hand knowledge based on hard-to-forge communications that the key's fingerprint (pgp -kvc) in your keyring matches the user's real fingerprint.
Try to exchange signatures with at least two other people. If possible, exchange signatures with at least one who is in the "strong" set as described in Neal Mc Burnett's PGP "Web of Trust" Statistics Page.
Sponsor a key-signing party. Emphasize "quality" of signatures (e.g. trying to form a bridge between different communities) rather than "quantity".

Acknowlements to: Neal McBurnett http://bcn.boulder.co.us/~neal/

I update this page at irregular intervals. If you wish to be notified by e-mail each time this page is updated, type your E-mail address in the box on the right, and click on the "Notify Updates" button.
This page was last updated on: 28th December 1996

(Service provided by: NetMind.)

Comments, whinges, moans, or suggestions for improvement to: EJNBell@pobox.com.

If you wish to link to this page please use the url: http://www.pobox.com/~ejnbell/pgp.html

Return to

Lots of

Learn about

Download

The above reflects purely the author's opinions, and is not intended to endorse, or otherwise, any product, nor is it intended to be a statement of the law in any particular country. I do not endorse or recommend any type of illegal activity. If you think that anything you do may infringe the laws of your country, DON'T do it.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: You can check the authenticity of this page as follows:
Comment: Download (save) this page as source code and run PGP.
Comment: This should show a valid signature from EJNBell@pobox.com

iQCVAgUBMsOSFbZiCXUgAVudAQGlQwQAhNJbPXBrOHn6kpNul2Rbu3ZfZkiCZ/NF
zp1KfwP1v3zFbW+jEiYZZh/e+rFKWPUeYaZsDpHNPvK4HhwymXLIrS/r2dFph58e
1PhZN21WuFmzSlpXeqnwawFWb5w9p7IaZdtadvTTPkVp+xNMprzwKpjMEna3IUai
4YC4CpCrdcw=
=LfnG
-----END PGP SIGNATURE-----