Linux Today: Linux News On Internet Time.

Linux World: How to install GnuPG

Sep 22, 2001, 12:00 (1 Talkback[s])
(Other stories by Joe Barr)

[ Thanks to proclus for this link. ]

"Traditional cryptographic schemes use secret keys. This is called symmetric-key cryptography since both the encoding and decoding use the same key. One problem with secret-key cryptography is that everyone must have access to the same key. Not only are there logistical problems getting the secret key to all concerned, but there is always the chance that it will be compromised. A relatively new type of encryption, based on public keys, largely avoids those pitfalls.

PGP and its clones (like GnuPG) use public key cryptography. Actually, they use both public and private keys to handle the encryption and decryption of messages. If you want to send an encrypted message to someone, all you need is his public key. Messages encrypted with a public key can only be decrypted with the private key associated with it. Public keys can appear anywhere, and in fact there are a number of public "keyring" servers that make them available for the asking. Private keys are kept private, and they are further protected by the requirement that a password (or pass phrase) be provided each time it is used to decrypt or sign a message.

Another popular use of encryption technology like PGP is to "sign" data. This adds a cryptographically secure signature block to a message or file. The signature represents a hash total of the data being signed and your public key. Thus others knowing your public key can verify that the message or data came from you, and that it has not been altered since you signed it."

Complete Story

Related Stories: