commercial pretty pictures versions. There are also several
different versions that you might encounter, with some incompatibility problems.
See the comp.security.pgp
FAQ for details. Unencrypted email traverses the Net as plain text which any sufficiently motivated party can examine. If you think this doesn't happen in real life, read this.
Pretty Good Privacy is an encryption program. You use it to keep the your
computer files private and secure your email from the prying eyes of those
with no business seeing it. There are ports of PGP for basically every platform
out there that anyone would seriously consider using, though as yet onlyWindows and Mac
users have commercial pretty pictures versions. There are also several
different versions that you might encounter, with some incompatibility problems.
See the comp.security.pgp
FAQ for details.
1999/7/7 -- The MIT site now has PGP Freeware version 6.5.2 for Windows 9x, NT, Mac and Unix/Linux (GUI for Windows 9x, NT and Mac, command line for NT and Unix). The command line is backwards compatible with the PGP 2.6.x command line (version 5's command line is wildly different from version 2's). This version can use and generate RSA keys. They still have v 2.6.2 for DOS and 68K Macs, but do not show version 5 in the download menu.
PGP only encrypts the contents of messages. It won't, by itself, do anything to prevent "traffic analysis" (ie. it won't keepthem from knowing who is sending messages to whom).
Source code is freely available. Competent programmers can freely examine the code, and blow the whistle if there's a problem (ex, theUnix PGP 5 key generation bug). Because of this we can be confident that there are no "back doors" in PGP.
Where to get it (MIT's PGP site) if you're a US or Canadian citizen and where to get it (the International PGP home page) if you're not.
The new PGP Corporation . " We are pleased that Phil (Zimmerman) has agreed to be on our Technical Advisory Board."
How to use PGP (someone's write up, not just a simple regurgitation of the docs. Covers version 2.6.2.)
The HTML-ized 2.6.2 documentation is online here.
PGP front-ends for DOS, Windows and (some) other platforms (Mac, Unix, Linux, OS/2, Lotus Notes). Windows 95 and NT users already have a pretty usable interface.
For Linux/Unix users --
The international version of Mutt (Unix and Linux text mode email program) has good support for PGP. The version that came on your Linux CD is probably going to be the US version. It's some trouble (at least it has been for me -- endless tinkering with .muttrc, and I still get messages that won't mail for any reason I could see) to get to work right. I eventually gave up on Mutt (1999-11-8. Mutt is up to version 1.0. I'll give it another try soon.), and started to use. . .Pine, which is considerably easier to set up, and has yet to give me any problems mailing. Pgp4pine lets pine (and presumably any text based mail program that can use an external program to filter incoming and outgoing mail) handle PGP messages. It's not as slick and doesn't quite do as much as the Mutt's PGP support, but it does the job. It's unclear from the man page how to set up pine to use pgp4pine. This (a readme from the source package) tells exactly how. Both Mutt and pgp4pine can be set up to use either PGP 2.6.2 and PGP 5. (2000-may-12 New version, different author, now supports version 6 and GPG, aliases. Seems to work somewhat slicker.)
2000-sep-19. Mutt is up to version 1.25, and seems to work much more reliably for me. It's still harder to set up than pine.
If mail sent from mutt bounces a lot, and all you've ever used is Pine or Netscape Messenger, it's quite possible that sendmail is not configured properly. See the Red Hat Sendmail FAQ and the Red Hat Sendmail HOWTO for details.
Kmail, which is an application that works with the K desktop environment, supports PGP to some extent. KDE is the default GUI for Caldera Linux, and comes on the RedHat and Suse CDs, and probably others.
Netscape Communicator has a decent email client, and it would be really, really nice if there was a nice clean way to use PGP with it, or even an encrypt-the-clipboard utility like PGP for Windows has. (1999-12-17 Looks like someone made one: tkpgpshows promise.)
From PGPi's FAQ: "3.3. Why is there no plugin for Netscape Messenger 4.x? Netscape has standardized on another encryption standard known as S/MIME, which is not compatible with PGP. Unfortunately, Netscape has not provided an open API for developers who want to add support for other encryption schemes. That's why there is no email plugin for Netscape Messenger. If you want to use PGP with Netscape, you'll have to encrypt and decrypt via the clipboard. "Zedz.net(was Replay.com) has Linux crypto software in convenient rpm format.
2000-may-1 The batch of new linuxes I picked up at Comdex in April all seemed to be coming with Gnu Privacy Guard installed by default.
2000-may-29 FYI: PGP 5 key generation bug found Don't sweat -- it's fairly obscure. If you generated your key with the Unix/Linux version, and did it automatically (not interactively) you should generate a new key.
My PGP keys. The RSA key was generated by v. 2.6.3 (the freeware version of v. 5 does not generate RSA keys).
Personal Computer Privacy Web Ring
BAL's Public Key Keyserver An Internet accessible repository for public keys. If you need someone's key and don't have it, and can't find it, try here.
GNU Privacy Guard: a possible alternative. "GnuPG is a complete and free replacement for PGP. Because it does not use IDEA or RSA it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application." The most recent version (post RSA patent expiration) has RSA support.
Hushmail.com: Another possible alternative -- web based email doing encryption locally with a Java applet. Sender and recipient both have to have accounts on hushmail for this to work. Requires Netscape Communicator or MS Internet Exploiter 4. My hushmail address (but if you write me there I may not look at it for weeks, so don't. Yet. ) Source code for the encryption applet is here. It might be just the thing for some users, but I find it to be a pain in the posterior to use, mostly because of the underwhelming speed and the software requirements.
Ziplipadvertises the same kind of service, but encryption is not done on your machine, it's done on their machine.
The FBI's take on encryption.
And strangely enough, a part of the U.S. Federal Governmentrequires the use of PGP.
"Utilities Choose PGP Encryption Over S/MIME", Internet Week, August 16, 1999, page 18. ". . .While the Gas Industry Standards Board joins a growing list of vertical industry consortia forming such standards, it is among the first major groups to chose PGP encryption and authentication rather than the more popular S/MIME. . . . .Based on GSIB's choice of PGP, the Federal Energy Regulatory Commission (FERC) has mandated" (my emphasis --cb) "that all members of the gas industry implement PGP 2.6 or greater to secure electronic transactions. . ."
The guy who first wrote PGP: Phil Zimmerman's home page.
Anonymity on the Internet "(On the Internet, Nobody knows you're a dog?)"
Email, Privacy and the Law "The notion of "private" email makes most lawyers laugh. There's nothing private about it, no matter how many layers of cryptography you've wrapped around it or how well you've squirreled it away. Though most people use email casually - often as a replacement for the phone or to avoid shouting over a cube wall - it meets every definition of "written communication." That has enormous implications to anyone who sends it, receives it, even stores it."
BestCrypt for Linux -- filesystem encryption.
Stegoarchive.com "Steganography is the art of information hiding. Today's steganography programs hide data within gifs, jpgs, bmps, html, txt, dll, exes and so on. In other words, places that "officials" would not be looking for hidden data. It avoids the aura of suspicion that comes from sending easily recognized encrypted files."
2000-aug-26 breaking: PGP key handling vunlerability found. See the CERT advisory. The MIT download page has an updated version that is supposed to fix the problem.