It's pretty amazing. PGP (Pretty Good Privacy) has been around for quite sometime now but it's only today that it caught my interest.
I have downloaded, installed then uninstalled the PGP software countless number of times. It could be perhaps I didn't exactly understand how the software worked - or I simply had too little friends or shall I say ZERO friends who are using PGP.
I have recently renewed my interest for PGP after going through a semester's worth of a Security unit. Public Key Infrastructure (PKI) was one of the main topics - in there were examples of PGP and how the entire thing worked. Sure I knew the basics of the PKI but when you study this technology in detail - it is when the beauty shows. It's amazing how simple yet complex and secure the infrastructure is with applications in a myriad of areas... ranging from SSL to signing of digital documents and the like.
With the PKI knowledge that I have gained throughout the course, I have decided to join into the world of cryptography by having a copy of PGP installed and creating my very first - OFFICIAL key pair.
Step 1: The download experience
It took sometime before I managed to get a "FREE" copy of PGP. I went to pgp.com and was a little let down to find that the entire - freeware section was gone. That would mean NO FREE PGP for me and the possibility that I might be required pay for the tool. Going through the product catalogue, I found that the cheapest version availabe, the Personal Desktop Edition costs USD 99! Converted to Malaysian ringgit, that's a WHOOPING RM 380! (approximately).
I was on a roll. I needed a copy of PGP installed and I wanted it badly - however, the idea of forking out RM 380 for satisfying a possibly temporary crave does not justify anything. I searched the web, keyed in "FREE PGP" and out comes "The PGP International" webpage with outdated links to a free version of PGP 8.0 at pgp.com. Upon clicking the link, I was brought to the "Trial version of PGP 9.0".
After a thorough reading of the page, I discovered that although they only provided a trial version of PGP 9.0, after the 30 days trial period, the product will revert to a much simpler form with some of the advance features disabled - only retaining some of the more basic functions such as creating encrypted archives, signing and encrypting text, decrypting archives / text and the maintenance of keys.
So there, downloaded the app, got it installed, selected the "stripped down" version during installation (I don't need those additional features) and whoala! It's done.
Step 2: Do you trust me?
Anyone can create a public key pair and claim themselves to be Bill Gates, Bill Clinton or George Bush. All they need is to key in "Bill Gates" during the keypair creation process. So the issue here is, how can these people verify that I am who I claim to be? PGP's solution was it's web of trust, the idea where keys can be "signed" by associates, friends and such. Once the key is signed, the key can be seen to be more "authentic". For instance, if you trust me, know that I am the real Ben and signed my key, your friends who know you would trust me because my key was signed by you.
Ultimately, if you have PGP - please sign my key. You can look me up from https://keyserver.pgp.com/ - just search for benjern@gmail.com.
Step 3: I need friends to use PGP with
No one that I know at the moment uses PGP. So if you have PGP do send me a copy of your public key to my e-mail address. Don't worry, I won't spam you or anything. It's just nice to see my PGP Key Library filled with addresses :)
If you don't have PGP, go grab a copy of PGP 9.0 from here.
Enjoy and bring on the world of ENCRYPTION...
0 comments:
Post a Comment