Lurking with PGP

Phil Zimmermann's PGP program was written primarily to allow people to be quite sure their private communications remain private. The messages are encrypted so that only the intended recipient is able to read them—as long as users have read the manual and paid heed to its security warnings. Pretty Good Privacy.
Pretty Good Privacy

There's a pretty good chance that after using PGP to quietly verify signatures for a few years, you will at some point want to use it for its original purpose—privacy. Perhaps you want to send a password to someone. Maybe you simply want to send your credit card over the Internet. You don't have to be a hero of the information underground to want to keep your mail private; there are many prosaic reasons as well. If you are already used to using PGP to verify signatures, you will not find it difficult to learn how to use PGP to encrypt your email. Just read the manual carefully so that your communications are truly secure.

Installing PGP

Installing PGP is a bit of a mess, partially because there is a patent that is honored in the US and Canada on the public key algorithm used, and partially because of the US's insane ITAR regulations. If this were an editorial, I'd have a lot to say about how incredibly stupid the US government is acting in this case, but this isn't an editorial, so I won't say a word on the subject...

If you have Red Hat Commercial Linux, life is easy. You can install PGP from an RPM available via anonymous ftp from ftp.hacktic.nl in the /pub/replay/pub/redhat/ directory. For those outside the US, you can use either the US version or the international version; for those in the US, you can only legally use the US version because of patent law. As of this writing, the current version number of both versions is 2.6.3, and you just have to choose between pgp-2.6.3i-1.i386.rpm (the international version) and pgp-2.6.3usa-2.i386.rpm (the US version). There are also README files in that directory that explain the situation more fully. You also get one more benefit: since version 3.0.3 was released, all official RPM's created by Red Hat are PGP-signed so that you know you have the official version. Installing PGP will allow that feature to work.

Life is also easy if you use Debian. There are .deb files available for both the international and US versions available in the non-free directory of selected archive sites. If you live outside the US, please download your copy from a Debian archive outside of the US to avoid causing Debian legal trouble. You can get a list of archive sites by connecting to ftp.debian.org with ftp. As of this writing, the file you want is pgp-i-2.6.2i-5.deb (the international version) or pgp-us-2.6.2i-5.deb (the US version). A new version using the ELF binary file format will probably be available with the ELF-based Debian 1.1 when it is released.

With other distributions, you will probably have to build PGP from source. You can get the source via ftp from net-dist.mit.edu in the /pub/PGP/ directory. However, MIT makes you jump through several hoops to make sure that you are really a US resident to protect themselves from over-eager US law enforcement officials. Instructions for building PGP are included, and I wish you good luck.

Warning: Within the US, you can use the free version of PGP only for non-commercial purposes. For commercial purposes, you are required to buy a copy of ViaCrypt's PGP. You can reach ViaCrypt at viacrypt@acm.org or (800)536-2664, or you can buy the product from the company that originally ported ViaCrypt's PGP to Linux, SSC (LJ's publisher).

Michael K. Johnson is only slightly paranoid... His public key ID and fingerprint are listed above; his public key is registered with Bal's public key server.

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix