Linux Today: Linux News On Internet Time.

Linux Gazette: Secure Communication with GnuPG on Linux

Jan 01, 2001, 18:08 (1 Talkback[s])
(Other stories by Kapil Sharma)

"GnuPG is a tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG uses public-key cryptography so that users may communicate securely. In a public-key system, each user has a pair of keys consisting of a private key and a public key. A user's private key is kept secret; it need never be revealed. The public key may be given to anyone with whom the user wants to communicate."

"We must create a new key-pair (public and private) for the first time. The command line option --gen-key is used to create a new primary keypair. ... GnuPG is capable of creating different kind of keypairs. There are three options. A DSA keypair is the primary keypair usable only for making signatures. An ElGamal subordinate keypair is also created for encryption. Option 2 is similar but creates only a DSA keypair. Option 4... creates a single ElGamal keypair usable for both making signatures and performing encryption. For most users the default option is fine."

"There is no limit on the length of a passphrase, and it should be carefully chosen. From the perspective of security, the passphrase to unlock the private key is one of the weakest points in GnuPG (and other public-key encryption systems as well) since it is the only protection you have if another individual gets your private key. Ideally, the passphrase should not use words from a dictionary and should mix the case of alphabetic characters as well as use non-alphabetic characters. A good passphrase is crucial to the secure use of GnuPG."

Complete Story

Related Stories: