Lurking with PGP

Phil Zimmermann's PGP program was written primarily to allow people to be quite sure their private communications remain private. The messages are encrypted so that only the intended recipient is able to read them—as long as users have read the manual and paid heed to its security warnings. Pretty Good Privacy.
Pretty Good Privacy

There's a pretty good chance that after using PGP to quietly verify signatures for a few years, you will at some point want to use it for its original purpose—privacy. Perhaps you want to send a password to someone. Maybe you simply want to send your credit card over the Internet. You don't have to be a hero of the information underground to want to keep your mail private; there are many prosaic reasons as well. If you are already used to using PGP to verify signatures, you will not find it difficult to learn how to use PGP to encrypt your email. Just read the manual carefully so that your communications are truly secure.

Installing PGP

Installing PGP is a bit of a mess, partially because there is a patent that is honored in the US and Canada on the public key algorithm used, and partially because of the US's insane ITAR regulations. If this were an editorial, I'd have a lot to say about how incredibly stupid the US government is acting in this case, but this isn't an editorial, so I won't say a word on the subject...

If you have Red Hat Commercial Linux, life is easy. You can install PGP from an RPM available via anonymous ftp from ftp.hacktic.nl in the /pub/replay/pub/redhat/ directory. For those outside the US, you can use either the US version or the international version; for those in the US, you can only legally use the US version because of patent law. As of this writing, the current version number of both versions is 2.6.3, and you just have to choose between pgp-2.6.3i-1.i386.rpm (the international version) and pgp-2.6.3usa-2.i386.rpm (the US version). There are also README files in that directory that explain the situation more fully. You also get one more benefit: since version 3.0.3 was released, all official RPM's created by Red Hat are PGP-signed so that you know you have the official version. Installing PGP will allow that feature to work.

Life is also easy if you use Debian. There are .deb files available for both the international and US versions available in the non-free directory of selected archive sites. If you live outside the US, please download your copy from a Debian archive outside of the US to avoid causing Debian legal trouble. You can get a list of archive sites by connecting to ftp.debian.org with ftp. As of this writing, the file you want is pgp-i-2.6.2i-5.deb (the international version) or pgp-us-2.6.2i-5.deb (the US version). A new version using the ELF binary file format will probably be available with the ELF-based Debian 1.1 when it is released.

With other distributions, you will probably have to build PGP from source. You can get the source via ftp from net-dist.mit.edu in the /pub/PGP/ directory. However, MIT makes you jump through several hoops to make sure that you are really a US resident to protect themselves from over-eager US law enforcement officials. Instructions for building PGP are included, and I wish you good luck.

Warning: Within the US, you can use the free version of PGP only for non-commercial purposes. For commercial purposes, you are required to buy a copy of ViaCrypt's PGP. You can reach ViaCrypt at viacrypt@acm.org or (800)536-2664, or you can buy the product from the company that originally ported ViaCrypt's PGP to Linux, SSC (LJ's publisher).

Michael K. Johnson is only slightly paranoid... His public key ID and fingerprint are listed above; his public key is registered with Bal's public key server.

______________________

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState