Discussion:
Beginner's guide to PGP
(too old to reply)
eva galois
2016-08-10 01:25:09 UTC
Permalink
What's your recommendation for a reputable beginner's guide to using PGP
for email, and for PGP overall? Obviously there's wiki but I didn't know
if there's a great blog I'm missing out on.

Also, to work properly, do both the sending and receiving parties have
to have PGP enabled?
Arthur T.
2016-08-10 02:01:18 UTC
Permalink
Post by eva galois
Also, to work properly, do both the sending and receiving parties have
to have PGP enabled?
Yes. And in my experience the biggest mistake new users make is
sending their private key instead of their public key. Your private
key is private and should never be sent to anyone.
--
Arthur T. - ar23hur "at" pobox "dot" com
fruit
2016-08-11 15:12:00 UTC
Permalink
Post by Arthur T.
Post by eva galois
Also, to work properly, do both the sending and receiving parties have
to have PGP enabled?
Yes. And in my experience the biggest mistake new users make is
sending their private key instead of their public key. Your private
key is private and should never be sent to anyone.
Indeed.

Anyone any thoughts on using PGP and keeping private key on a mobile device?

fruit
David E. Ross
2016-08-11 16:29:48 UTC
Permalink
Post by fruit
Post by Arthur T.
Post by eva galois
Also, to work properly, do both the sending and receiving parties have
to have PGP enabled?
Yes. And in my experience the biggest mistake new users make is
sending their private key instead of their public key. Your private
key is private and should never be sent to anyone.
Indeed.
Anyone any thoughts on using PGP and keeping private key on a mobile device?
fruit
Some users keep the private keys on a flash drive or other portable
medium. They do this because they are concerned about a hacker getting
their private keys from their computers. I would not carry such a
medium with me -- in my luggage or on my person -- during international
travel; in the U.S. customs aurthorities are allowed to seize computer
media and examine their contents.

If you instead mean a mobile or cell phone, I would not do that. Such
phones are too easily hacked.
--
David E. Ross

Perhaps it was a smart decision for Hillary Clinton to use her
private E-mail server while Secretary of State. According to
current Secretary of State John Kerry, we know that the Russians
and Chinese have hacked the State Department's servers. In the
meantime, a claim by the Romanian hacker known as Guccifer
(Marcel Lehel Lazar) that he hacked into Clinton's E-mail
server proved false.
fruit
2016-08-11 17:38:46 UTC
Permalink
Post by David E. Ross
Post by fruit
Post by Arthur T.
Post by eva galois
Also, to work properly, do both the sending and receiving parties have
to have PGP enabled?
Yes. And in my experience the biggest mistake new users make is
sending their private key instead of their public key. Your private
key is private and should never be sent to anyone.
Indeed.
Anyone any thoughts on using PGP and keeping private key on a mobile device?
fruit
Some users keep the private keys on a flash drive or other portable
medium. They do this because they are concerned about a hacker getting
their private keys from their computers. I would not carry such a
medium with me -- in my luggage or on my person -- during international
travel; in the U.S. customs aurthorities are allowed to seize computer
media and examine their contents.
If you instead mean a mobile or cell phone, I would not do that. Such
phones are too easily hacked.
I did mean the latter but your first point is just as important.

My feelings are as yours, phones and tablets should be considered insecure -
although we seem to be rapidly reaching the point that anything connected to
the net can be accessed by someone somewhere

fruit
David E. Ross
2016-08-11 19:35:23 UTC
Permalink
On 8/11/2016 10:38 AM, fruit wrote [in part]
Post by fruit
My feelings are as yours, phones and tablets should be considered insecure -
although we seem to be rapidly reaching the point that anything connected to
the net can be accessed by someone somewhere
That is why I will not have the Internet of Things in my house -- no
WiFi thermostat for heating and air conditioning; no smart TV; no
Internet-connected door locks, refrigerator, or lights. When I walk
away from my PC and when I install new applications or update old ones,
I disable the Internet connection. When not in use, our Webcam is in a
black bag in back of my wife's monitor.

My wife shuts down her PC when she leaves her home office. I shut mine
down when I leave the house or go to bed.
--
David E. Ross

Perhaps it was a smart decision for Hillary Clinton to use her
private E-mail server while Secretary of State. According to
current Secretary of State John Kerry, we know that the Russians
and Chinese have hacked the State Department's servers. In the
meantime, a claim by the Romanian hacker known as Guccifer
(Marcel Lehel Lazar) that he hacked into Clinton's E-mail
server proved false.
fruit
2016-08-11 20:35:16 UTC
Permalink
Post by David E. Ross
On 8/11/2016 10:38 AM, fruit wrote [in part]
Post by fruit
My feelings are as yours, phones and tablets should be considered
insecure - although we seem to be rapidly reaching the point that
anything connected to the net can be accessed by someone somewhere
That is why I will not have the Internet of Things in my house -- no
WiFi thermostat for heating and air conditioning; no smart TV; no
Internet-connected door locks, refrigerator, or lights.
Good to hear there are others like me out there :)

fruit
David E. Ross
2016-08-11 21:48:23 UTC
Permalink
Post by David E. Ross
On 8/11/2016 10:38 AM, fruit wrote [in part]
Post by fruit
My feelings are as yours, phones and tablets should be considered insecure -
although we seem to be rapidly reaching the point that anything connected to
the net can be accessed by someone somewhere
That is why I will not have the Internet of Things in my house -- no
WiFi thermostat for heating and air conditioning; no smart TV; no
Internet-connected door locks, refrigerator, or lights. When I walk
away from my PC and when I install new applications or update old ones,
I disable the Internet connection. When not in use, our Webcam is in a
black bag in back of my wife's monitor.
My wife shuts down her PC when she leaves her home office. I shut mine
down when I leave the house or go to bed.
I almost forgot: Neither of my automobiles will start without an actual
metal key in the switch.
--
David E. Ross

Perhaps it was a smart decision for Hillary Clinton to use her
private E-mail server while Secretary of State. According to
current Secretary of State John Kerry, we know that the Russians
and Chinese have hacked the State Department's servers. In the
meantime, a claim by the Romanian hacker known as Guccifer
(Marcel Lehel Lazar) that he hacked into Clinton's E-mail
server proved false.
David E. Ross
2016-08-10 05:15:21 UTC
Permalink
Post by eva galois
What's your recommendation for a reputable beginner's guide to using PGP
for email, and for PGP overall? Obviously there's wiki but I didn't know
if there's a great blog I'm missing out on.
Also, to work properly, do both the sending and receiving parties have
to have PGP enabled?
See my <http://www.rossde.com/PGP/index.shtml>.
--
David E. Ross

Perhaps it was a smart decision for Hillary Clinton to use her
private E-mail server while Secretary of State. According to
current Secretary of State John Kerry, we know that the Russians
and Chinese have hacked the State Department's servers. In the
meantime, a claim by the Romanian hacker known as Guccifer
(Marcel Lehel Lazar) that he hacked into Clinton's E-mail
server proved false.
hymie!
2016-08-10 13:26:47 UTC
Permalink
In our last episode, the evil Dr. Lacto had captured our hero,
Post by eva galois
Also, to work properly, do both the sending and receiving parties have
to have PGP enabled?
Yes.

IMHO this is the second biggest problem with trying to get encryption to
be more widely used. If I use PGP (actually i use GPG), then my recipient
must also use PGP/GPG. My employer uses Entrust. My wife's employer
uses .... something else, I forget what exactly.

http://xkcd.com/927/

It's unfortunate. Encryption everywhere would be a Good Thing.

--hymie! http://lactose.homelinux.net/~hymie ***@lactose.homelinux.net
Mike Easter
2016-08-10 17:33:30 UTC
Permalink
Post by eva galois
What's your recommendation for a reputable beginner's guide to using PGP
for email, and for PGP overall? Obviously there's wiki but I didn't know
if there's a great blog I'm missing out on.
Also, to work properly, do both the sending and receiving parties have
to have PGP enabled?
If you and your correspondent are both using Tb, consider Enigmail and GPG.
--
Mike Easter
Loading...