[ale] How Do I Do This PGP/GPG Thing?

Michael H. Warfield mhw at WittsEnd.com
Sat Jan 17 12:04:47 EST 2009


On Fri, 2009-01-16 at 22:21 -0500, Marc Ferguson wrote:
> Hi,

> I wanna jump on the PGP/GPG wagon, but I'm a bit confused by
> www.pgpi.com's web site.  For one why does Windows and MAC get the
> latest version, 8, which is 2 cycles ahead of UNIX!?

	You are looking at some very old, historical, data.  You'll notice that
the date on the PGP 8 link is from 2002.  That's all from the bad ole
days of the ITAR and EAR regulations which prohibited the export of
"real" PGP (as in what is now PGP Corporation's PGP) from the United
States so we had the International PGP (pgpi) site and project that had
reimplemented PGP outside of the country so it could be made freely
available.  They accomplished that by publishing a book (dead trees
edition) of the PGP source code and then exporting the physical book
(which could not be legally restricted for export) and then people in
Europe scanned in the pages and cleaned up the resulting code and got it
to run.

	In a desperate move to prevent losing their precious export
regulations, the old ITAR crypto regulations and restrictions under the
Department of Commerce were moved to the State Department and became the
EAR regulations which then invalidated several ongoing legal challenges.
Eventually, even these were forced to be relaxed for open source
software to the point where they have almost no real impact.  If you
look at kernel.org at the section on "cryptographic software" you'll see
the legal notice that's about all that's left of any influence of the
EAR regulations on open source software.  There are now even IETF
standards for PGP in E-Mail (PGP/Mime).

	Subsequently, we have GnuPG aka GPG or Gnu Privacy Guard. That's the
OpenSource equivalent of PGP.  Any decent distribution of Linux is going
to have GPG present.  You would probably have to search real hard to
find one that didn't have GPG in the base install.  Lots of rpms and
other packages are GPG signed and can be verified.  Evolution includes
integration with GPG.  At this point, GPG and cryptography is part of
the furniture.

> I'm using http://axion.physics.ubc.ca/pgp-begin.html as a guide.  Am I
> on the right track?  Thanks.

	Not really.  That's all out of date.

	Start here:

	http://www.gnupg.org/

	And work through the howtos.

	Maybe I need to think about warming up my PGP/GPG cryptography talk for
ALE once again.  It's been a couple of years now.

> -- 
> Marc F.
> 
> www.fergytech.com
> Registered Linux User: #410978
> 
> "When life gives me lemons... I make Linuxaide, hmm good stuff!" -Marc
> F.

	Regards,
	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20090117/c99df1c9/attachment.bin 


More information about the Ale mailing list