What about PGP (8.0) ?
Results 1 to 10 of 10

Thread: What about PGP (8.0) ?

  1. #1

    What about PGP (8.0) ?

    Guys, because i don't have enough time could anyone tell me what is PGP keys about? Not the history. Just the use and how it work. How can i make a PGP public key?
    Thanks

  2. #2
    Member
    Join Date
    May 2003
    Posts
    39
    There are two classes of key-based encryption algorithms, symmetric (or secret-key) and asymmetric (or public-key) algorithms. The difference is that symmetric algorithms use the same key for encryption and decryption (or the decryption key is easily derived from the encryption key), whereas asymmetric algorithms use a different key for encryption and decryption, and the decryption key cannot be derived from the encryption key.
    http://www.ssh.fi/support/cryptograp...lgorithms.html
    you have to create a public key so that others can view your protected data...
    am i wrong?

    http://www1.pgp.com/products/whitepapers/
    that should explain most of it...

  3. #3
    Senior Member
    Join Date
    Feb 2003
    Posts
    109
    PGP(Pretty Good Privacy) was developed by MIT and was recently acquired by Network Associates. PGP implements commercial grade encryption and secure signing of files and emails. In order to use it, you have to create a key and enter a secure passphrase to protect your private key. Then you must upload your public key to the keyserver so others can encrypt files for to you and verify your digital signature.
    $person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
    SecureVision

  4. #4
    Thanks

  5. #5
    Junior Member
    Join Date
    May 2003
    Posts
    12

    Thumbs up

    A couple of other things:
    1) When you create a key, you automatically have a private and public key. The public key can then be sent to a keyserver.
    2) You can choose the level of encryption of your key (768 to 4096 bit encryption)
    3) You can choose to make a subkey if you choose, however, it usually isn't necassary for most people or applications.
    4) For God's sake, don't forget your password! If you do, anything you had encrypted with that key is irretrieveable. Their ain't no back door
    Having said that, PGP 8.0 or 8.0.2 is a fantastic program. Very stable and no one is cracking your encrypted information.
    The world is a museum and I am it\'s willing patron.

  6. #6
    Junior Member
    Join Date
    May 2003
    Posts
    4
    1. download the program
    2. create a public/private key pair
    3. send your friends your public key or post it on a public key server
    4. encrypt a file with the public key of the recipient
    5 send the signed and encrypted file to a recipient
    6 the recipient will decrypt the file with their private key and verify the file with your public key.

    i think that's how it works, dont quote me.

    -thebunny

  7. #7
    In an other forum i am logged in the profile you can add your public key.
    Why not add this feature in our forum here?

  8. #8
    Junior Member
    Join Date
    May 2003
    Posts
    12

    Talking

    ii-monk, I think that's a great idea! Also, thebunny, actually, you have the order a little mixed up; you would encrypt using your own private key, and your recipient would use your public key to decrypt. Also, they can verify your public key and assign a level of trust to it which can be downloaded into the public key on a key server.They can sign it as well, showing everyone that they know you are the true holder of that key and that you can or cannot be truated. Since my twin brother and I both use PGP, naturallyI assign him the highest level of trust (even though I still remember the Christmas toy he broke when we were 5 years old!). Or if you want, you can find my keys at keyserver PGP under Michal Baskett, one of which has a level of 2048, and the other of 4096 bit encryption, a type of Diffie Hillman, and no expiration dates.
    The world is a museum and I am it\'s willing patron.

  9. #9
    I will post it on the right forum.

    //addon

    the thread is this.

  10. #10
    Senior Member The Old Man's Avatar
    Join Date
    Aug 2001
    Posts
    364
    Don't believe MIT had anything to do with the "invention" (development) of PGP. They were and still are a distribution point for the older versions.
    PGP was developed and distributed by Phil Zimmermann (two-n's). He still keeps his fingers in, and is a "reseller" of PGP 8.0. That information is here:
    http://philzimmermann.com/findpgp.shtml
    (brief excerpt follows)
    From January 1998 when Network Associates (NAI) acquired PGP Inc, until February 2002, when NAI shut down its PGP activities, NAI was the primary source of PGP software. Now you can't get it from them anymore, which is just as well, since the PGP community was never happy with NAI's stewardship of PGP. And the old NAI versions don't run on Windows XP or Mac OS X. The good news is that since August 2002, you can get PGP from its new owner, PGP Corporation, at www.pgp.com, or better yet buy it from me. And of course it now runs on Windows XP and Mac OS X. The Dark Times are over. PGP is back!

    PGP Freeware and Source Code

    NAI had suspended the long-standing tradition of publishing PGP source code for peer review, a reckless move that eroded public confidence in the product. The new PGP Corp has reinstated this tradition, which allows anyone to download and inspect the http://www1.pgp.com/products/sourcecode.html PGP source code for bugs, and also shows that it has no back doors. And they still offer http://www1.pgp.com/products/freeware.html freeware versions for noncommercial use.
    *******more information is at Phil's website, excerpt below:

    The history of PGP can be found (with many other info links) at Phil's site:
    http://www.philzimmermann.com/index.shtml
    Version 8.XX was developed after Phil left for private practice.
    Version 7.xx has a remote hole that needs fixed by a small hotfix.
    I use Version 7.03 (with hotfix) which i *believe* was the last one Phil worked on before he left the project. .. Although, if you now download version 7.xx you will probably find an NAI user agreement attached. When i downloaded it there was no such agreement. (go figure, maybe in the corporate crossover it got deleted?)
    Version 7.03 had no "backdoor" (except for the bug hole that hotfix closes), *BUT*, i am not sure about any later version not having a private door for some alphabet entity, although Phil says he has examined 8.0 and it is clean. I trust what Phil says.
    I also purchased the NAI commercial version (the one with no source code available) to see what was different. Too bad, i think they had a decent product going. It was called "PGP Personal Security" and was a firewall, email encryptor, PGP secure disk and a bunch of other things that integrated nicely. Who knows why they abandoned it, maybe they did not want to reveal the new source code, who knows. Not too different from PGP 7.03 actually, but was easy to load up. It was fun, but is now replaced on that machine with McAfee VurusScan 7.0 which is also a firewall and configures quite easily and seems to do a good job.
    Anyway, the history of PGP, as well as everything else you ever wanted to know but were afraid to ask... is al at the link(s) above.
    Regards, TOM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides