+1000 * *
*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Tue, Oct 4, 2011 at 8:56 PM, Ben Scott <[email protected]> wrote: > On Tue, Oct 4, 2011 at 8:26 PM, Greg Sweers <[email protected]> wrote: > > Are these programs assuming that I have a certificate already... > > GPG (GNU Privacy Guard) implements the OpenPGP standard. You can > generate your own certificate (keypair) locally. Indeed, in "classic" > PGP, this is the way it was usually done. Everyone generated their > own keypair, and exchanged public keys. (Maybe you got your public > key signed by others, to build a "web of trust", but that's optional.) > PKI came later to PGP. > > Alice generates a keypair -- public and private keys, which go > together. Alice sends her public key to Bob. > > Alice writes a message, signs it with her private key, and mails > that to Bob. Bob uses Alice's public key to authenticate the message. > > Bob takes a file, encrypts it with Alice's public key, and sends it > to Alice. Alice uses her private key to decrypt the message. > > If Bob also sends a public key to Alice, they can do encrypted, > authenticated mail. Alice encrypts her message with Bob's public key, > and signs it with her private key. Only Bob can read it, and Bob can > be sure Alice wrote it. > > All that said: Encryption can be a very bumpy road. A lot of people > expect it to be like a toaster, where you plug it in and it works. > Not so. Everyone has to be on the same page -- and the same set of > standards and options -- for anything to work. The entity giving you > the crypto requirement should really be giving you a detailed, formal > spec. > > I can't count how many times someone at %WORK% has come to me saying > %CUSTOMER% wants us to do crypto with them. I start asking the needed > questions, and without fail, the customer end goes, "Oh, you mean I > don't just have to click a button? Then never mind." > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
