 |
 PGP: the place to be
March 16, 2005 - Part I
Preface
Sometimes, a message or a file that you send over the Internet needs to be totally secret and personal. It should reach only the person for whom it was created, and only that person should be able to read it. As Internet communications involve great complexity, and because an email message hops through numerous hosts on its route to a final destination, it can be intercepted, copied, or modified by an unauthorized party while in transit. It is generally OK if your regular email gets treated that way, but it is totally unacceptable if your highly confidential message gets into the wrong hands. The consequences could be dire if a confidential email is viewed by outside parties.
Files, too, need to be protected, as a confidential spreadsheet file, for example, could cause a lot of pain and stress for its author if it gets compromised or misused.
In cases like these, it's vital that important information be protected, and the possibilities offered by encryption to protect important information are truly amazing. When you need absolute control over the recipients of data, encryption is the place to be. It is really not a big concern how the encryption itself is done; the point is that encryption guarantees that the data is viewed solely by the designated person.
Encryption is a mechanism for scrambling data and making it undecipherable by anyone except the designated recipient of that data. Encrypted data is worthless unless it can be decrypted through a reverse process, and to be able to decrypt it, one has to be given a key, or a hint, that will provide an algorithm for unscrambling it. Without such an algorithm, it would take decades to decrypt the ciphered data. You can give this key to multiple recipients simultaneously, and all of those people will be able to decode your encrypted information.
A key can be revocable (having a limited lifespan) or permanent (working forever). The length of a key determines its quality—the strength of the algorithm used to encrypt the data.
You can give the decrypt key to people so that they can easily transform encrypted material into usable data. The fundamental thing about encryption is that even if someone gets hold of encrypted data, he cannot do much with it, because it would take eternity to decode data without this key.
A number of solutions are available to help home PC users encrypt their files and messages easily. Today's column shows how PGP Corp.'s PGP Desktop 8.1 goes about offering encryption.
Installation: preparatory steps
After you download the package (roughly 8 MB), installation completes in the blink of an eye. Windows needs to be restarted after installation, and after it's booted up again, you'll notice a PGP icon with a lock in the Windows notification area (system tray).
First, as the program's manual explains, a first-time PGP user needs to create a pair of keys—private and public—that will enable encryption to take place. The public key can be distributed freely; it allows others to send encrypted emails to you. The private key, as the name implies, needs to be kept absolutely safe and isolated from other people. The private key is actually your crown jewel; it is that hint that allows you to decrypt encrypted code in a whisk. Without it, the message or whatever data is encrypted would be absolutely useless. Therefore, it is CRUCIAL that you keep your private key at a location that's inaccessible to others and to have a backup copy, also stored in a safe place.
If you want others to be able to send you emails in encrypted form, you need to make your public key available to them. For that, you either have to distribute your public key individually to each person from whom you wish to receive encrypted correspondence (via email, CD, floppy, etc.) or to place your key in a public place where everyone can search for and retrieve it. That shared place could be your own Web site or PGP Corp.'s specialized public-key storage. Additionally, other sites on the Net offer indexing of public keys.
Creating a pair of keys takes a little time and effort, so I will tell you about it just to make sure you do everything right.
To create a pair of keys, you use the program's special wizard, which is simple and intuitive. When you select the "expert" option to create keys, you can select the strength of the key (the length of it, which is directly correlated with the resources needed to break it by staging a brute-force attack). Also, there is an option to enable the expiry of a key, in case you need it only for a short period of time—for a week, for example, to decrypt a single important message.
The next step in creating a keypair is creating a special passphrase that you will use when encrypting data. You have to create a really strong and memorable passphrase that should be kept private. If you forget that passphrase, you will not be able to encrypt (or, sometimes, decrypt) the data, so be careful how you store your passphrases. The program's Passphrase Quality scale gauges the strength and reliability of your suggested phrase, and if it scores over the middle point on the scale, you've created a fairly appropriate phrase.
After you complete these simple steps, the keys are created.
Read next:
Continue to Part II
|
|
