info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
PGP Info for Novices...
0 views
Skip to first unread message
Andre Bacard
Apr 21, 1994, 10:18:14 PM4/21/94
to
-----BEGIN PGP SIGNED MESSAGE-----
*** Frequently Asked Questions About PGP ***
*** And Private E-Mail ***
by
Andre Bacard
[Version 1]
==========================================================
This document offers a nontechnical overview of PGP to help you
decide whether or not to use this globally popular software to
safeguard your computer files and e-mail. I offer this as a public
service, especially to persons with a sense of humor. Please post
your extra questions on the News Groups listed towards the end of
this text, so that everyone can read them.
=========================================================
IMPORTANT DISCLAIMER!
[PGP is controversial, politically and legally. Abortion, alcohol,
and firearms are legal in some jurisdictions and illegal in others.
Similarly, PGP's legality varies depending on where you live. If you
have legal questions about PGP, you can consult an attorney who
knows patent and/or export law. If PGP sparks political questions,
you can join CPSR or EFF, which are mentioned later in this text.]
1. What is PGP?
PGP (also called "Pretty Good Privacy") is a computer program that
encrypts (scrambles) and decrypts (unscrambles) data. For example,
PGP can encrypt "Andre" so that it reads "457mRT." Your computer can
decrypt this garble back into "Andre" if you have PGP.
2. Who created PGP?
Philip Zimmermann <p...@acm.org> wrote the initial program. Phil, who
lives in Colorado, is a hero to pro-privacy activists. He works as
a cryptographic consultant. Phil Zimmermann, Peter Gutmann, Hal
Finney, Branko Lankester and programmers around the globe have
created subsequent PGP versions and shells.
3. Who uses PGP?
Persons who value privacy use PGP. Politicians running election
campaigns, taxpayers storing I.R.S. records, therapists protecting
clients' files, authors negotiating deals, entrepreneurs guarding
trade secrets, journalists unveiling corruption, singles seeking
spouses, and spouses pursuing singles are a few of the law abiding
citizens who employ PGP to keep their computer files and their
electronic mail confidential.
4. Aren't computers and e-mail already safe?
Suppose someone steals your computer disks or your laptop computer.
The thief can read all of your unencrypted files! E-mail is
notoriously unsafe. Your typical e-mail travels through many
computers. The persons who run these computers can read, copy, and
store your mail. Many voyeurs get their kicks out of intercepting
mail. Sending your business, legal, and personal mail through
computers is even less confidential than sending the same material
on a postcard. PGP is a secure "envelope" that keeps busybodies,
competitors, and gossips from victimizing you.
5. I have nothing to hide. Why do I need privacy?
Show me a human being who has no secrets from her family, her
neighbors, or her colleagues, and I'll show you someone who is
either an extraordinary exhibitionist or an incredible dullard.
A college student wrote me the following:
"I had a part-time job at a dry cleaner. One day I returned a
diamond ring that I'd found in a man's coat pocket to his wife.
Unfortunately, it was NOT her ring! It belonged to her husband's
girlfriend. His wife was furious and divorced her husband over this
incident. My woman boss told me: 'Return jewelry ONLY to the person
who's clothes you found it in, and NEVER return underwear that you
find in pockets!' Until that moment, I thought my boss was a picky
woman. She taught me the need for PGP."
Privacy, discretion, confidentiality, and prudence are hallmarks of
civilization.
6. I've heard police say that encryption should be outlawed because
criminals use
it to avoid detection. Is this true?
Is what true? Yes, many governments, banks, corporations, and law
enforcement agencies use encryption to hide their operations. Yes,
a few criminals also use encryption. Criminals are more likely to
use cars, gloves, and ski-masks to evade capture.
PGP is "encryption for the masses." It gives law abiding citizens
the privacy rights which governments and corporations insist that
they need for themselves.
7. How does PGP work?
PGP is a type of "public key cryptography." When you start using
PGP, the program generates two "keys" that belong uniquely to you.
Think of these keys as computer counterparts of the keys in your
pocket. One PGP key is SECRET and stays in your computer. The other
key is PUBLIC. You give this second key to your correspondents. Here
is a sample PUBLIC KEY:
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.4
mQA9Ai2wD2YAAAEBgJ18cV7rMAFv7P3eBd/cZayI8EEO6XGYkhEO9SLJOw+DFyHg
Px5o+IiR2A6Fh+HguQAFEbQZZGVtbyA8ZGVtb0B3ZWxsLnNmLmNhLnVzPokARQIF
EC2wD4yR2A6Fh+HguQEB3xcBfRTi3D/2qdU3TosScYMAHfgfUwCelbb6wikSxoF5
ees9DL9QMzPZXCioh42dEUXP0g==
=sw5W
- -----END PGP PUBLIC KEY BLOCK-----
Suppose the above PUBLIC KEY is yours, and you e-mail it to me. I
can store your PUBLIC KEY in my PGP program and use your PUBLIC KEY
to encrypt a message that only you can read. The beauty of PGP is
that you can give me your key OPENLY. You don't have to hand it to
me face-to-face or through a trusted friend. If somebody intercepts
your PUBLIC KEY, she can write you letters; however, she cannot read
your letters!
This might sound a bit mysterious at first. However, it is very
straightforward when you play with PGP for awhile.
8. How safe is PGP? Will it really protect my privacy?
Maybe your government or your mother-in-law can "break" PGP messages
with super computers or pure brilliance. I have no way of knowing.
Three facts are certain. First, top-rate civilian cryptographers and
computer experts have tried unsuccessfully to break PGP. Second,
whoever proves that he or she can unravel PGP will earn quick fame
in crypto circles. He or she will be applauded at banquets and
attract grant money. Third, PGP's programmers will broadcast this
news at once.
Almost daily, someone posts a notice such as "PGP Broken by Omaha
Teenager." Take these claims with a grain of salt. The crypto world
attracts its share of paranoids, provocateurs, and UFO aliens.
To date, nobody has publicly DEMONSTRATED the skill to outsmart or
outmuscle PGP.
9. Where do I get PGP?
PGP is available from countless BBSs (Bulletin Board Systems) and
ftp ("File Transfer Protocol") sites around the world. These sites,
like video stores, come and go.
To find PGP, here are three options: 1) Find someone who knows how
to use ARCHIE to search for files on the Internet, 2) Visit the
Usenet News Group alt.security.pgp. For example, ask people "Where
can I get PGP for MAC or DOS"? Many alt.security.pgp readers are
generous folks who will gladly help you. 3) Read BOARDWATCH magazine
to find the BBSs in your area.
10. Is PGP available for my machine?
I use PGP for DOS. Versions are available for various Unixes,
Macintosh, Amiga, Atari ST, OS/2, and CompuServe's WinCIM & CSNav.
Many persons are working to expand PGP's usability. Go to
alt.security.pgp for the latest developments.
11. Are these versions of PGP mutually compatible?
Yes. If you use Macintosh, for example, you can send e-mail to me
which I can read with my DOS version.
12. How expensive is PGP?
The PGP versions that you will find at BBSs and ftp sites are
"freeware." This means that they are free. People around the globe
use these versions every day. Depending on where you live, this
"freeware" may or may not violate patent rights or export laws.
A fully licensed, commercial version of PGP is available from
ViaCrypt for users in the USA or Canada. In a letter to me, Phil
Zimmermann wrote, "It's a really nice product, and has made
absolutely no compromises in PGP's security. If you have been
reluctant to use PGP because of legal questions, ViaCrypt PGP is
just what you need. ViaCrypt has obtained all patent licenses needed
to sell PGP."
I use PGP Version 2.4 which is sold by ViaCrypt.
You can reach ViaCrypt in Phoenix, Arizona at (602) 944-0773 or via
e-mail at <7030...@compuserve.com>.
13. What is a PGP signature?
At the end of this document, you will see a PGP signature. This
"digital signature" allows persons who have PGP and my PUBLIC KEY to
verify that 1) I, Andre Bacard, (not a SPORTS ILLUSTRATED superstar
pretending to be me!) wrote this document, and 2) Nobody has altered
this text since I signed it.
PGP signatures are helpful for signing contracts, transferring
money, and verifying a person's identity.
14. How difficult is it to learn PGP?
PGP comes with a manual. It took me a weekend of trial and error to
feel comfortable with PGP. PGP has around two dozen commands.
15. Where can I learn more about the PGP and related subjects?
The following News Groups are a good place to start:
alt.privacy
[to hear about electronic privacy issues]
alt.security.pgp
[to learn everything known about PGP]
comp.org.cpsr.talk
[to connect with Computer Professionals for Social
Responsibility]
comp.org.eff.talk
[to touch base with the Electronic Frontier Foundation]
talk.politics.crypto
[to keep abreast of legal & political changes]
- ------------------------------------------------------------
Andre Bacard | Bacard authored the book "Hunger for
Box 3009 | Power: Who Rules the World and How."
Stanford, CA 94309 | He writes a "Technology & Society"
aba...@well.sf.ca.us | column and has been interviewed on
| hundreds of radio talk shows.
Bacard supports the Electronic Frontier Foundation and Computer
Professionals for Social Responsibility. Info at <in...@eff.org>
and at <cp...@cpsr.org>.
"He only earns his freedom and existence,
who daily conquers them anew."
[Goethe, FAUST (1832)]
- ------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.4
iQCVAgUBLbGmf7N7ShmtOZNVAQEG8QQAleViExxsR60egZ6VLNx+AwGiD6dOxgvr
kMEEVGXZkczG9NqaeUH3t0Ky6Yk0RdZPcr7rRXuwiqSZjR9Xt4R8Fhm3zSpKu0wR
AljbVYFzn74rxbl93isRUJrXVUOljoJyMhRcW0qaZOD3nUb9thlWJyB014bwAkyJ
HYGbqnjAv3I=
=jl/3
-----END PGP SIGNATURE-----
*** Frequently Asked Questions About PGP ***
*** And Private E-Mail ***
by
Andre Bacard
[Version 1]
==========================================================
This document offers a nontechnical overview of PGP to help you
decide whether or not to use this globally popular software to
safeguard your computer files and e-mail. I offer this as a public
service, especially to persons with a sense of humor. Please post
your extra questions on the News Groups listed towards the end of
this text, so that everyone can read them.
=========================================================
IMPORTANT DISCLAIMER!
[PGP is controversial, politically and legally. Abortion, alcohol,
and firearms are legal in some jurisdictions and illegal in others.
Similarly, PGP's legality varies depending on where you live. If you
have legal questions about PGP, you can consult an attorney who
knows patent and/or export law. If PGP sparks political questions,
you can join CPSR or EFF, which are mentioned later in this text.]
1. What is PGP?
PGP (also called "Pretty Good Privacy") is a computer program that
encrypts (scrambles) and decrypts (unscrambles) data. For example,
PGP can encrypt "Andre" so that it reads "457mRT." Your computer can
decrypt this garble back into "Andre" if you have PGP.
2. Who created PGP?
Philip Zimmermann <p...@acm.org> wrote the initial program. Phil, who
lives in Colorado, is a hero to pro-privacy activists. He works as
a cryptographic consultant. Phil Zimmermann, Peter Gutmann, Hal
Finney, Branko Lankester and programmers around the globe have
created subsequent PGP versions and shells.
3. Who uses PGP?
Persons who value privacy use PGP. Politicians running election
campaigns, taxpayers storing I.R.S. records, therapists protecting
clients' files, authors negotiating deals, entrepreneurs guarding
trade secrets, journalists unveiling corruption, singles seeking
spouses, and spouses pursuing singles are a few of the law abiding
citizens who employ PGP to keep their computer files and their
electronic mail confidential.
4. Aren't computers and e-mail already safe?
Suppose someone steals your computer disks or your laptop computer.
The thief can read all of your unencrypted files! E-mail is
notoriously unsafe. Your typical e-mail travels through many
computers. The persons who run these computers can read, copy, and
store your mail. Many voyeurs get their kicks out of intercepting
mail. Sending your business, legal, and personal mail through
computers is even less confidential than sending the same material
on a postcard. PGP is a secure "envelope" that keeps busybodies,
competitors, and gossips from victimizing you.
5. I have nothing to hide. Why do I need privacy?
Show me a human being who has no secrets from her family, her
neighbors, or her colleagues, and I'll show you someone who is
either an extraordinary exhibitionist or an incredible dullard.
A college student wrote me the following:
"I had a part-time job at a dry cleaner. One day I returned a
diamond ring that I'd found in a man's coat pocket to his wife.
Unfortunately, it was NOT her ring! It belonged to her husband's
girlfriend. His wife was furious and divorced her husband over this
incident. My woman boss told me: 'Return jewelry ONLY to the person
who's clothes you found it in, and NEVER return underwear that you
find in pockets!' Until that moment, I thought my boss was a picky
woman. She taught me the need for PGP."
Privacy, discretion, confidentiality, and prudence are hallmarks of
civilization.
6. I've heard police say that encryption should be outlawed because
criminals use
it to avoid detection. Is this true?
Is what true? Yes, many governments, banks, corporations, and law
enforcement agencies use encryption to hide their operations. Yes,
a few criminals also use encryption. Criminals are more likely to
use cars, gloves, and ski-masks to evade capture.
PGP is "encryption for the masses." It gives law abiding citizens
the privacy rights which governments and corporations insist that
they need for themselves.
7. How does PGP work?
PGP is a type of "public key cryptography." When you start using
PGP, the program generates two "keys" that belong uniquely to you.
Think of these keys as computer counterparts of the keys in your
pocket. One PGP key is SECRET and stays in your computer. The other
key is PUBLIC. You give this second key to your correspondents. Here
is a sample PUBLIC KEY:
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.4
mQA9Ai2wD2YAAAEBgJ18cV7rMAFv7P3eBd/cZayI8EEO6XGYkhEO9SLJOw+DFyHg
Px5o+IiR2A6Fh+HguQAFEbQZZGVtbyA8ZGVtb0B3ZWxsLnNmLmNhLnVzPokARQIF
EC2wD4yR2A6Fh+HguQEB3xcBfRTi3D/2qdU3TosScYMAHfgfUwCelbb6wikSxoF5
ees9DL9QMzPZXCioh42dEUXP0g==
=sw5W
- -----END PGP PUBLIC KEY BLOCK-----
Suppose the above PUBLIC KEY is yours, and you e-mail it to me. I
can store your PUBLIC KEY in my PGP program and use your PUBLIC KEY
to encrypt a message that only you can read. The beauty of PGP is
that you can give me your key OPENLY. You don't have to hand it to
me face-to-face or through a trusted friend. If somebody intercepts
your PUBLIC KEY, she can write you letters; however, she cannot read
your letters!
This might sound a bit mysterious at first. However, it is very
straightforward when you play with PGP for awhile.
8. How safe is PGP? Will it really protect my privacy?
Maybe your government or your mother-in-law can "break" PGP messages
with super computers or pure brilliance. I have no way of knowing.
Three facts are certain. First, top-rate civilian cryptographers and
computer experts have tried unsuccessfully to break PGP. Second,
whoever proves that he or she can unravel PGP will earn quick fame
in crypto circles. He or she will be applauded at banquets and
attract grant money. Third, PGP's programmers will broadcast this
news at once.
Almost daily, someone posts a notice such as "PGP Broken by Omaha
Teenager." Take these claims with a grain of salt. The crypto world
attracts its share of paranoids, provocateurs, and UFO aliens.
To date, nobody has publicly DEMONSTRATED the skill to outsmart or
outmuscle PGP.
9. Where do I get PGP?
PGP is available from countless BBSs (Bulletin Board Systems) and
ftp ("File Transfer Protocol") sites around the world. These sites,
like video stores, come and go.
To find PGP, here are three options: 1) Find someone who knows how
to use ARCHIE to search for files on the Internet, 2) Visit the
Usenet News Group alt.security.pgp. For example, ask people "Where
can I get PGP for MAC or DOS"? Many alt.security.pgp readers are
generous folks who will gladly help you. 3) Read BOARDWATCH magazine
to find the BBSs in your area.
10. Is PGP available for my machine?
I use PGP for DOS. Versions are available for various Unixes,
Macintosh, Amiga, Atari ST, OS/2, and CompuServe's WinCIM & CSNav.
Many persons are working to expand PGP's usability. Go to
alt.security.pgp for the latest developments.
11. Are these versions of PGP mutually compatible?
Yes. If you use Macintosh, for example, you can send e-mail to me
which I can read with my DOS version.
12. How expensive is PGP?
The PGP versions that you will find at BBSs and ftp sites are
"freeware." This means that they are free. People around the globe
use these versions every day. Depending on where you live, this
"freeware" may or may not violate patent rights or export laws.
A fully licensed, commercial version of PGP is available from
ViaCrypt for users in the USA or Canada. In a letter to me, Phil
Zimmermann wrote, "It's a really nice product, and has made
absolutely no compromises in PGP's security. If you have been
reluctant to use PGP because of legal questions, ViaCrypt PGP is
just what you need. ViaCrypt has obtained all patent licenses needed
to sell PGP."
I use PGP Version 2.4 which is sold by ViaCrypt.
You can reach ViaCrypt in Phoenix, Arizona at (602) 944-0773 or via
e-mail at <7030...@compuserve.com>.
13. What is a PGP signature?
At the end of this document, you will see a PGP signature. This
"digital signature" allows persons who have PGP and my PUBLIC KEY to
verify that 1) I, Andre Bacard, (not a SPORTS ILLUSTRATED superstar
pretending to be me!) wrote this document, and 2) Nobody has altered
this text since I signed it.
PGP signatures are helpful for signing contracts, transferring
money, and verifying a person's identity.
14. How difficult is it to learn PGP?
PGP comes with a manual. It took me a weekend of trial and error to
feel comfortable with PGP. PGP has around two dozen commands.
15. Where can I learn more about the PGP and related subjects?
The following News Groups are a good place to start:
alt.privacy
[to hear about electronic privacy issues]
alt.security.pgp
[to learn everything known about PGP]
comp.org.cpsr.talk
[to connect with Computer Professionals for Social
Responsibility]
comp.org.eff.talk
[to touch base with the Electronic Frontier Foundation]
talk.politics.crypto
[to keep abreast of legal & political changes]
- ------------------------------------------------------------
Andre Bacard | Bacard authored the book "Hunger for
Box 3009 | Power: Who Rules the World and How."
Stanford, CA 94309 | He writes a "Technology & Society"
aba...@well.sf.ca.us | column and has been interviewed on
| hundreds of radio talk shows.
Bacard supports the Electronic Frontier Foundation and Computer
Professionals for Social Responsibility. Info at <in...@eff.org>
and at <cp...@cpsr.org>.
"He only earns his freedom and existence,
who daily conquers them anew."
[Goethe, FAUST (1832)]
- ------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.4
iQCVAgUBLbGmf7N7ShmtOZNVAQEG8QQAleViExxsR60egZ6VLNx+AwGiD6dOxgvr
kMEEVGXZkczG9NqaeUH3t0Ky6Yk0RdZPcr7rRXuwiqSZjR9Xt4R8Fhm3zSpKu0wR
AljbVYFzn74rxbl93isRUJrXVUOljoJyMhRcW0qaZOD3nUb9thlWJyB014bwAkyJ
HYGbqnjAv3I=
=jl/3
-----END PGP SIGNATURE-----
0 new messages