 The magazine of the Melbourne PC User Group PGP Personal Edition Bernadette Houghton bernieh@iaccess.com.au |
 |
With data security over the Internet being such a hot topic these days, it seemed quite timely when I received PGP Personal Edition (PGPPE) in the mail. PGP--short for Pretty Good Privacy--is a widely accepted encryption technology. According to the enclosed fact sheet, the United States National Security Agency claims it would take all of the personal computing power in the world 12 million times the age of the universe to crack PGP encryption. Reassuring, is it not?
What is PGP?
Briefly, PGP revolves around the use of key pairs. You have a key pair, consisting of a public key available to anyone, and a private key, known only to you. Anyone who wants to send you an encoded message uses your public key to encrypt the data, which you decrypt with your private key. You can also use your private key to digitally sign messages, and recipients use their copy of your public key to verify the authenticity and integrity of your message.
If you wish, you can register your public key on PGP key servers on the Internet, and anyone who wants to send you secure mail can search for and retrieve your public key from these servers. If you don't register your public key, only those in the know will be able to send you secure encrypted messages. And of course, both sending and receiving parties must have some form of PGP software installed.
How does PGPPE work?
A Key Generation wizard walks you through the process of creating a key pair, which can be as large as 4096 bits or as small as 512 bits. Obviously, the larger the key, the more secure the resulting encryption. With each key pair, you choose a passphrase; do keep this secure, as this is the magic password which decrypts your encoded data, and there is no fallback if you forget it.
|
|
|
|
|
|
To send an encrypted message, you address and write your message as usual,
then invoke the PGPPE tools. PGPPE ships with plug-ins for Eudora, Microsoft Exchange and Microsoft Outlook,
but works with any e-mail software. If you're using one of the plug-ins, PGPPE adds some options to the
application's toolbar. If you're using another e-mail application, you encrypt and decrypt via the clipboard.
You can also encrypt and sign files before attaching them to your e-mail.
Local keyrings on your computer store the public keys of the people you communicate with, and from time to
time you can synchronise your local keyring with the public key server to ensure your keyring is up to date.
You can register your public key on the PGP key servers from within PGPPE, and use PGPPE's search tool to
look for others' public keys.
To help facilitate the spread of PGP technology, PGPPE includes two complete licences in the one box. The
second licence--complete with its own CD, registration card and documentation--you can give to anyone you
like.
PGPPE doesn't just secure your e-mail; you can use it to secure data stored on your computer or file server.
It also includes a Wipe utility which overwrites files before deleting them so you can't retrieve them with
disk recovery software. Be aware, though, that most Wipe utilities, including PGPPE's, simply overwrite the
actual file, ignoring any backup copies or orphaned data fragments that may remain on your hard disk.
Assessment
If you need high level confidentiality for your data, whether stored on your computer or transmitted over the
Internet, PGP technology is worth thinking about. Don't become complacent, though, and assume that PGP
encryption eliminates all potential data security risks. While the code may be virtually uncrackable, the
biggest threats to data security lie elsewhere. Don't tell anyone your passphrase, don't store it in your
desk drawer, consider your computer's physical security, and have a think about those hidden unencoded
fragments on your hard disk.
As for PGPPE, I found it quick to install and easy to use. If you feel PGP is the way to go, PGP Personal
Edition is a good choice.
Reprinted from the October 1998 issue of PC Update, the
magazine of Melbourne PC User Group, Australia
