GNUPG: High Level Cryptography by The Golden Keys Team - HTML preview

 CHAPTER 5

 What is GnuPG?

GnuPG, short of GNU Privacy Guard, is a sofware (computer program) that aims to offer privacy and security to digital communications by encrypting their contents. It is often used together with e­mail to send and receive messages, but it can also be used to protect infor mation that stay stored locally, such as backup copies.

GnuPG is a free (libre) alternative to the original PGP software developed by Philip Zimmerman in 1991, since PGP was – and is still not – free (libre). PGP stands for Pretty Good Privacy and it was incredibly popular since the beginning. As a consequence other softwares started to appear that used the same system. Realizing that a standardized version would be beneficial to all, Mr. Zimmerman proposed a standard called OpenPGP, which is an open, standardized, patent and royalty­free protocol for PGP.

GnuPG is compliant with the OpenPGP protocol, which makes it it compatible with other alternatives available in the market. However the largest advantage of GnuPG is that it is 100% free software, which means it respects your freedom, so you are free to:

1. Use the program in any way you wish.

2. Study how the program works internally, and adapt it to your needs if you wish.

3. Distribute original copies of the program to others.

4. Distribute modified copies of the program to others.

You can do any of those things without asking permission to anyone or any company. Besides, GnuPG also has several other advantages:

•  It is completely free (as in priceless, or costless).
•  It has been in constant development for 15 years.
•  It is free from patents or royalties.
•  It can be used at home, in business, in governments and in public systems.
•  It offers military level cryptography, the highest available today.
•  It is compatible with most popular operating systems, including Microsoft Windows,

Apple OS X, Android, iOS, GNU/Linux, BSD, and other *NIX­like distributions.

GnuPG is one of the most powerful cryptography softwares available in the market today, and it is relatively easy for the layperson to obtain, set up and use it. It is also compatible with many popular applications such as e­mail clients and chat programs.

5.1 – What GnuPG does and does not do

Although a very powerful software, there are some things that GnuPG cannot do, so to avoid misconceptions let's see some of the things GnuPG can and cannot do.

GNUPG DOES...

• Encrypt and decrypt your messages
•  Your messages are encrypted, including the attachments, so no one knows their contents and what they are about, only the recipient can decrypt them.

• Sign your messages
•  Your messages are signed to ensure they were sent from yourself and not twisted or modified along the way by an intruder.

• Prevent others from building a profile of you based on the terms you use
•  Since they are not able to know the contents of your message, they cannot build a profile of yourself based on the words you use, which they could use to monitor you or offer you intrusive advertising.

GNUPG DOES NOT...

x Encrypt the subject of the messages

•  There is no standard yet that allows e­mail subject to be encrypted.

x Prevent others from knowing your location and IP address

•  Your IP address will still show up in the message, which can be used to track your location, and eventually track you down.

x Prevent others from knowing the e­mail header

•  Your e­mail header is a bunch of information related to your machine that goes hidden in every e­mail message, such as your IP address, your local time, your e­mail client, your operating system, etc.

x Prevent others from knowing to whom you contact with and how often

•  The recipient of the e­mail message is not hidden, and thus they can know to whom you are sending the message.

x Prevent others from storing your messages

•  They may store your messages for future decryption. E.g.: they cannot decrypt the message now, but in the future new technologies or systems may emerge that could break today's “unbreakable” cryptography.

x Prevent others from knowing the size of your messages

•  Messages size often give a clue about what you are sending. Heavier messages almost certainly mean that there are attachments included.

5.2 – Additional suggestions

Here are listed some simple additional suggestions to improve your security online:

• Always use cryptography for all messages, not only for the important ones.
•  Don't use cryptography only for the important messages because it is too obvious you are sending something important – instead use it with all messages.

• Use cryptography with all your contacts.
•  Try as much as possible to use cryptography with all your contacts instead of using it with just the ones you consider most important.

• Do not use revealing subject lines
• There's no point in encrypting your message if the subject line is revealing, such as “Pictures of myself naked” or “My credit card number with password” or “My house will be empty for two weeks”. Instead be discreet.

• Use a free/libre e­mail client
•  Although cryptography is supported by many e­mail clients, including proprietary ones such as Microsoft Outlook, it is recommended that you use it with a free/libre e­mail clients such as Mozilla Thunderbird, because due to their open nature they are often much more secure.

• Use a strong password
•  The best cryptography system in the world won't help you a bit if you use weak, easy­to­break passwords, so always use very strong passwords.

• Use a powerful antivirus and keep your system clean
•  You may use the best cryptography system in the world plus very strong passwords but this is completely unuseful if your system is compromised with virus or any other type of malware. So always use original version software and keep your system clean and up to date.

5.3 – Conclusion

GnuPG is a very powerful software that does a lot, but it's not just installing and it magically do everything to secure you. You also have to do your part as well.