PGP & GPG

Book description

PGP & GPG is an easy-to read, informal tutorial for implementing electronic privacy on the cheap using the standard tools of the email privacy field - commercial PGP and non-commercial GnuPG (GPG). The book shows how to integrate these OpenPGP implementations into the most common email clients and how to use PGP and GPG in daily email correspondence to both send and receive encrypted email.

Publisher resources

View/Submit Errata

Table of contents

  1. BRIEF CONTENTS
  2. CONTENTS IN DETAIL (1/2)
  3. CONTENTS IN DETAIL (2/2)
  4. ACKNOWLEDGMENTS
  5. INTRODUCTION
    1. The Story of PGP
      1. OpenPGP
      2. How Secure Is OpenPGP?
    2. Today’s PGP Corporation
      1. What Is GnuPG?
    3. PGP Versus GnuPG
      1. Ease of Use
      2. Support
      3. Transparency
      4. Algorithm Support
    4. OpenPGP and the Law
    5. What This Book Contains
    6. Stop Wasting My Precious Time. What Do I Need to Read?
  6. CHAPTER 1- CRYPTOGRAPGHY KINDERGARTEN
    1. What OpenPGP Can Do
    2. Terminology
      1. Plaintext and Ciphertext
      2. Codes
      3. Ciphers
      4. Hashes
      5. Cryptanalysis
    3. Goals of PGP’s Cryptography
      1. Confidentiality
      2. Integrity
      3. Nonrepudiation
      4. Authenticity
    4. Encryption Algorithms
      1. Symmetric Algorithms
      2. Asymmetric Algorithms
    5. Public-Key Encryption
    6. Digital Signatures
    7. Combining Signatures and Asymmetric Cryptography
    8. Passphrases and Private Keys
      1. Choosing a Passphrase
  7. CHAPTER 2- UNDERSTANDING OPENPGP
    1. Security and OpenPGP
    2. Web of Trust
    3. Trust in OpenPGP
    4. Where to Install
    5. Your Keypair
      1. Key Length
      2. Key Expiration Date
      3. Name, Email, and Comment
    6. Revocation Certificates
    7. Storing Your Keypair
      1. Storing Your Revocation Certificate
    8. Photo IDs and OpenPGP Keys
    9. Key Distribution
      1. Keyservers
  8. CHAPTER 3- INSTALLING PGP
    1. Downloading PGP
    2. Installing PGP
      1. Key Type
      2. Key Size
      3. Expiration
      4. Ciphers
      5. Hashes
    3. PGP Key Backups
      1. Important Installation Locations
    4. Revocation Certificates and PGP
      1. Disabling Keyserver Updates
      2. Revoke the Key
      3. Re-import Your Private Key
      4. Key Properties
      5. Using the Revocation Certificate
    5. Keyservers and PGP
  9. CHAPTER 4- INSTALLING GNUPG
    1. Downloading GnuPG
    2. Checking Checksums
      1. Calculating Checksums Under Windows
      2. Calculating Checksums Under Unix
    3. GnuPG Home Directory
      1. gpg.conf
    4. Installing GnuPG on Windows
      1. Command-Line GnuPG Win32 Installation
    5. Graphical GnuPG Installation
      1. WinPT
      2. Creating Keypairs in WinPT
      3. Key Manager
      4. WinPT Revocation Certificate
      5. Sending Your Key to a Keyserver
    6. Installing GnuPG on Unix-like Systems
      1. Randomness and GnuPG
    7. Building from Source Code
      1. Installing GnuPG
      2. Configuration Options
      3. Setuid Root GnuPG
      4. Don’t Run GnuPG as Root
    8. Command-Line GnuPG Keypairs
    9. GnuPG Revocation Certificates
    10. Publicizing Your Key
      1. Text Exports
      2. Keyservers
      3. Web Forms
  10. CHAPTER 5- THE WEB OF TRUST
    1. Keyservers
      1. subkeys.pgp.net
      2. keyserver.pgp.com
      3. Searching for Keys
    2. Signing a Key
      1. Signing Keys of Friends and Family
      2. Signing Strangers’ Keys
      3. What to Do with Signed Keys
      4. When You Get New Signatures
    3. Keysigning Parties
    4. Key Trust
    5. Avoiding the Web of Trust
  11. CHAPTER 6- PGP KEY MANAGEMENT
    1. Adding Keyservers
    2. Adding Keys to Your Keyring
      1. Searching Keyservers
      2. Importing from a File
      3. Fingerprint Comparisons
    3. Returning the Signed Key
    4. Viewing Signatures
      1. Updating Signatures
    5. Adding Photos to Your Keys
  12. CHAPTER 7- MANAGING GNUPG KEYS
    1. Keyservers
      1. Keyserver Options
      2. Keyservers and WinPT
    2. Adding Keys to Your Keyring
      1. Command-Line Key Fetching
      2. Command-Line Key Viewing
      3. WinPT Key Viewing and Fetching
      4. Command-Line Key Imports
      5. WinPT File Imports
    3. Signing a Key
      1. Checking Fingerprints
      2. Signing Keys on the Command Line
      3. Signing Keys in WinPT
      4. Viewing Key Signatures
      5. Command-Line Exports
      6. WinPT Exports
      7. Importing New Signatures
      8. Pushing Signatures to Keyservers
    4. Updating Keys
    5. Deleting Public Keys from Your Keyring
    6. GnuPG and Photos
      1. Adding Photos to Your Key
      2. Viewing Photos with GnuPG
      3. WinPT and Photos
    7. Building the Web of Trust with GnuPG
      1. PGP
      2. GnuPG
      3. Command-Line Trust Configuration
      4. WinPT Trust Configuration
  13. CHAPTER 8- OPENPGP AND EMAIL
    1. Message Encoding
      1. Inline Encoding
      2. PGP/MIME
    2. Email Client Integration
      1. Proxies
      2. Plug-Ins
    3. Saving Email—Encrypted or Not?
      1. Saving Unencrypted Email
      2. Encrypt to Self
    4. Email from Beyond Your Web of Trust
      1. Expanding Your Web of Trust
      2. Tracing the Web of Trust
    5. Repeatable Anonymity
    6. Unprotected Email Components
  14. CHAPTER 9- PGP AND EMAIL
    1. PGP and Your Email Client
      1. Identifying OpenPGP Mail
      2. Email Storage
    2. PGP Policies
      1. Opportunistic Encryption
      2. Require Encryption
      3. Mailing List Submissions
      4. Mailing List Admin Requests
      5. Creating Custom Policies
      6. Sample Custom Policy: Exceptions to Default Policy
      7. Sample Custom Policy: Overriding the Defaults
      8. Custom Policies Order and Disabling Policies
  15. CHAPTER 10- GNUPG AND EMAIL
    1. Microsoft Mail Clients and GnuPG
    2. Outlook Express and GnuPG
      1. Configuring Outlook Express for OpenPGP
      2. Sending OpenPGP Mail
      3. Receiving and Verifying Signed and Encrypted Mail
    3. Outlook and GnuPG
      1. Installation
      2. Configuring the Plug-In
      3. Sending OpenPGP Mail
      4. Receiving OpenPGP Mail
    4. Decrypting PGP/MIME Messages with Microsoft Mail Clients
    5. Thunderbird and GnuPG
      1. Installing the Thunderbird GnuPG Plug-In
      2. Configuring Enigmail
      3. Sending OpenPGP Mail
      4. Reading OpenPGP Mail
      5. Upgrading Thunderbird and Enigmail
  16. CHAPTER 11- OTHER OPENPGP CONSIDERATIONS
    1. What Can Go Wrong?
      1. Poor Usage
      2. Poor Signing
      3. Hardware Compromise
      4. Software Compromise
      5. People Compromise
      6. Fake Keys
    2. OpenPGP Interoperability
    3. Teams and OpenPGP
    4. OpenPGP and Shared Systems
    5. Other Software Features
      1. Passphrase Caching
      2. Shredding
  17. APPENDIX A- INTRODUCTION TO PGP COMMAND LINE
    1. PGP Command Line Configuration
    2. Testing and Licensing
    3. Creating a Keypair
      1. Setting the Key Type
      2. Assigning a Passphrase
      3. Setting an Expiration Date
      4. Generating Revocation Certificates
      5. Exporting Your Public Key
    4. Viewing Keys
    5. Managing PGP Command Line Keyrings
      1. Searching for Keys
      2. Importing Keys
      3. Signing a Key
      4. Updating Keys on a Keyserver
    6. Encryption and Decryption
      1. Signing and Verifying
  18. APPENDIX B- GNUPG COMMAND LINE SUMMARY
    1. GnuPG Configuration
    2. Output Control
    3. Keypair Creation, Revocation, and Exports
      1. Revoking a Key
      2. Exporting a Key
      3. Sending a Key to a Keyserver
    4. Managing Keyrings
      1. Viewing Keys
      2. Adding and Removing Keys
    5. Key Signatures
    6. Encryption and Decryption
    7. Signing Files
    8. Output Formats
  19. INDEX (1/4)
  20. INDEX (2/4)
  21. INDEX (3/4)
  22. INDEX (4/4)

Product information

  • Title: PGP & GPG
  • Author(s): Michael W. Lucas
  • Release date: April 2006
  • Publisher(s): No Starch Press
  • ISBN: 9781593270711