http://www.washingtonpost.com/ac2/wp-dyn/A8488-2003Jan3?language=printer
washingtonpost.com Pretty Good Update for E-Mail Privacy By Kevin Savetz Special to The Washington Post Sunday, January 5, 2003; Page H06 Internet users send millions of e-mail messages every day, oblivious to their lack of confidentiality. For years, a powerful and free encryption program called PGP, or Pretty Good Privacy, allowed users to keep their e-mail and other data private. But Network Associates, which bought PGP in late 1997, failed to sell upgraded versions to businesses and let the program drift into limbo from mid-2001 on, without any significant updates. Last summer, however, a new company, PGP Corp., bought the program from Network Associates, and in December it shipped a new version. PGP 8 (www.pgp.com) runs on Windows 98 or newer Microsoft operating systems, as well as Mac OS X 10.2. Older versions of the software are available for other operating systems at www.pgpi.org. This program uses "public key cryptography," in which every user has two "keys," one public and one private. You encrypt an outgoing message with the recipient's public key, available to anybody who asks. The scrambled message can be decrypted only by the recipient's private key, which stays on that person's hard drive, protected by a password. You don't need mathematics knowledge to use the program, but you will need to read the manual. While PGP 8 manages to insulate users from many complex concepts of cryptography, you do need to grapple with such things as key rings, trust meters and fingerprints. PGP offers several versions of PGP 8, starting with PGP Freeware. The free download -- for noncommercial use only -- covers the basics of creating keys, sharing the public one on an online "key server" for other users' convenience, encrypting and decrypting data, and signing messages, which lets a recipient verify that messages actually came from you and were not altered on the way. PGP Freeware is more than enough for encrypting occasional messages and keeping snoops from reading your unfinished great American novel. It includes a tool search for other people's public keys at key servers. But it doesn't tie into e-mail programs, forcing a copy-and-paste procedure each time you want to encrypt or decrypt a message. The $39 PGP Personal edition adds PGP Mail, which embeds PGP functions into the Outlook and Outlook Express e-mail programs on Windows, and Apple Mail and Microsoft Entourage on the Mac. With that feature, encrypting and decrypting e-mail was easy, even huge messages with MP3 files attached. PGP Personal also includes PGPdisk, which creates an encrypted, password-protected area on your disk drive. That makes PGP useful for far more than sending messages. You could use it to create an encrypted folder for financial statements, for instance. The company also offers "Desktop" and "Enterprise" versions that support office-wide mail systems. But what if PGP Corp. pulls the same trick as Network Associates did and orphans the program? Users anxious about that might want to consider an open-source, PGP-compatible program called Gnu Privacy Guard (www.gnupg.org). It is available for Windows, Linux, Mac OS X and several other operating systems and is free for personal and commercial use. Since nobody owns it, nobody can take it off the market. GPG, however, needs another layer of software to become accessible. Despite its excellent documentation, its text-only, command-line interface would be a roadblock for people uncomfortable with DOS- or Unix-style command prompts. Windows Privacy Tray (www.winpt.org) adds shortcuts to the Windows system tray to generate keys, and to sign and encrypt messages without fussing with a text interface. Macintosh users can add GPG DropThing (available with other front-end software at macgpg.sourceforge.net); its interface is sparse but will let you encrypt and decrypt data without resorting to a command line. These free programs make the process roughly as easy as it is with PGP 8 -- that is, pretty simple once you learn your way around. -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]