Newbie question about using PGP Desktop

Discussion:

(too old to reply)

Zorro the Masked Marsupial

2008-09-06 20:35:09 UTC

Hi,

I understand the general principles of PGP but I'm a bit baffled by how
to actually use the download from pgp.com, PGP Desktop 9.9. Could some
kind soul please explain how one gets this particular package to use a
new keyserver? The PGP geeks I know are all Unix guys and don't use
Windoze based software for "serious" stuff.

This software seems to have a default keyserver of keyserver.pgp.com and
I would like to change this as it doesn't seem to have a very complete
list of keys there, for example I can't see the public keys of people I
can see at keyserver.veridis.com . (There is some kind of note on their
website that their PGP server scrubs records after 6 months?) I'm
advised that a better keyserver which is maintained etc is
wwwkeys.eu.pgp.net (I'd be interested in the group's opinions there).

Anyway, when I use the TOOLS --> EDIT KEYSERVERS menu function in PGP
Desktop, a window opens with a list of one keyserver, keyserver.pgp.com
and a button labelled ADD. This brings up another screen and I don't
know what to enter for:

- Type (Keyserver? Global directory? LDAP? LDAPS? X.509? PGP keyserver
http?
- Address (can I just say wwwkeys.eu.pgp.net or do I need something on
the end?)
- Port
- Base DN

Any advice on this subject appreciated. Thank you.

TomT

2008-09-06 21:42:11 UTC

Permalink

Zorro the Masked Marsupial <***@Froogling.com> wrote:

<snipped>

Post by Zorro the Masked Marsupial
This software seems to have a default keyserver of keyserver.pgp.com and
I would like to change this as it doesn't seem to have a very complete
list of keys there, for example I can't see the public keys of people I
can see at keyserver.veridis.com . (There is some kind of note on their
website that their PGP server scrubs records after 6 months?) I'm
advised that a better keyserver which is maintained etc is
wwwkeys.eu.pgp.net (I'd be interested in the group's opinions there).

Works well for me.

Post by Zorro the Masked Marsupial
Anyway, when I use the TOOLS --> EDIT KEYSERVERS menu function in PGP
Desktop, a window opens with a list of one keyserver, keyserver.pgp.com
and a button labelled ADD. This brings up another screen and I don't

I can't offer specific advice because I'm using GPG.

Post by Zorro the Masked Marsupial
- Type (Keyserver? Global directory? LDAP? LDAPS? X.509? PGP keyserver
http?

Try hkp for wwwkeys.eu.pgp.net. If that doesn't work try leaving it
blank.

Post by Zorro the Masked Marsupial
- Address (can I just say wwwkeys.eu.pgp.net or do I need something on
the end?)

Yes. The port goes on the end (following a colon) but you seem to have
a separate field for that.

Post by Zorro the Masked Marsupial
- Port

No guarantees but try 11371. You could also try leaving it blank.

Post by Zorro the Masked Marsupial
- Base DN

Sorry, no clue. Try leaving it blank.

This is not a high posting newsgroup but you will get help soon and
there are several "gurus" here.

In the meantime, my advice is to just try it - - - you won't break it.
The worst that can happen is it won't work and you can just change it.

The key I'm signing this with is on the wwwkeys.eu.pgp.net server among
others.

TomT

TomT

2008-09-06 21:52:08 UTC

Permalink

Sorry, try this one.

TomT

1PW

2008-09-06 23:06:31 UTC

Permalink

On 09/06/2008 01:35 PM, Zorro the Masked Marsupial sent:
<Snip>

Tom's advice looks great. If you'd like some additional common sense
HowTo material, take a look at David Ross' PGP web pages at:

<http://www.rossde.com/PGP/index.html>

David looks in on this NG and he graciously likes to teach folks how to
install PGP on their Windows systems.

Look at GnuPG sometime and see what you think.

--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

TomT

2008-09-07 01:49:19 UTC

Permalink

If you'd like some additional common sense HowTo material, take a
<http://www.rossde.com/PGP/index.html>

I should have thought of that, 1PW, thanks.

For good measure, here's a couple more.

http://www.mccune.cc/PGP.htm

http://www.spywarewarrior.com/uiuc/main-nf.htm

TomT

1PW

2008-09-07 06:57:13 UTC

Permalink

Post by TomT

If you'd like some additional common sense HowTo material, take a
<http://www.rossde.com/PGP/index.html>

I should have thought of that, 1PW, thanks.
For good measure, here's a couple more.
http://www.mccune.cc/PGP.htm
http://www.spywarewarrior.com/uiuc/main-nf.htm
TomT

Absolutely! That's just about the whole PGP/GPG brain trust in a few
nutshells. Well done!

--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Otto Sykora

2008-09-07 07:06:48 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----

one thing you might note is that since there are different keyservers,
this is historically grown thing.

For you so far mainly pgp-keyserver (http) and the 'new' LDAP/LDAPS are
relevant.
PGP company is operating own server, so this is the one difault in it.
Earlier , all the http servers like the one of the wwwkeys.... , you can
only add information , but never delete!!!!! So if you add a key there,
it is for ever there. If you add new ID or mail address, it will be for
ever there. You can remove id locally, update the key on the server, it
will add information , but it will not delete anything.
This is also why those servers have so many keys on it.
Those servers were also designed to propagate the changes, so they
synchronize time to time their collected information by copying the
database between each other.
Some privately operated once do not do that, they simply sit here
insulated.

The LDAP servers, you can delete information on them, as long as you
have the private key , you can delete or modify your uploaded public
key. They also do not propagate the changes, even they could do so, but
are set not to do so apparently.

the 509 servers are for the x509 certificates, not important for you at
this moment.

google for pgp-keyservers, you will get a list of them and can enter few
of them. But for those http servers, do not send up some test keys or
just jokes, it will remain there for ever.

Zorro the Masked Marsupial

2008-09-07 12:32:50 UTC

Permalink

This is all very useful thank you. I assumed I would get a lot of stick
- many newsgroups are full of aggressive trolls - this is a remarkably
helpful NG! I am up and running and beginning to spam friends with PGP
encrypted trivia. Who knows, maybe one day I will have real need of it
when I have to convey my secret cherry cake recipe to someone in
absolute confidence.

A question occurs to me. When I looked at the Veridis keyserver (the
first one I came across) it mentioned 1.9 million keys were on it. I now
understand that's a subset as it's a commercially run server essentially
for private users, but given that many of those keys will be obsolete
but unrevoked now, it seemed a remarkably small number. Or so I thought
until I began trying to install PGP software and found how much
technical knowledge is needed. (No, I don't think I'll be using the GPG
stuff - no knowledge base to compile my own, and the windoze version
seemed even less user friendly than the PGPcorp one I am using). I'm an
engineer thus not completely technically incompetent, but to me PGP is a
tool, I'm not interested in knowing more than I need to about what's
going on under the bonnet; software is dull. I now understand why our
news is so full of reports of laptops with vital official info going
missing without encryption! Anyway, the question is, does anyone have
any idea how many people use PGP worldwide? If a quarter of the planet's
population (or whatever it is) have regular access to email I'm
surprised that PGP is so... undeveloped.

As a feeble means of repaying your help I would like to contribute a few
jokes back to the newsgroup.

A chap went up to the counter in the library and said, "Have you got any
books about committing suicide?"
The librarian said, "Yes. Take a look over there, somewhere on the
middle shelf."
The chap came back a few moments later and said, "I can't find any at
all."
The librarian replied, "Yes, it's awful. The *******s never bring 'em
back!"

A priest is walking down the street one day when he notices a very small
boy trying to press a doorbell on a house across the street. However,
the boy is very small and the doorbell is too high for him to reach.
After watching the boys efforts for some time, the priest moves closer
to the boys position. He steps smartly across the street, walks up
behind the little fellow and, placing his hand kindly on the child's
shoulder leans over and gives the doorbell a sold ring. Crouching down
to the child's level, the priest smiles benevolently and asks,
"And now what, my little man?"
To which the boy replies, "RUN, Now we RUN like HELL!!!!"

It's the spring, and the baby bear comes out of his cave.
His knees are wobbling, he's a wreck. He's skin and bones, with big
circles under his eyes.
His mother says, "Junior! Did you hibernate all winter like you were
supposed to?"
He says, "Hibernate? S**t! I thought you said m***urbate!"

Neil W Rickert

2008-09-07 15:07:00 UTC

Permalink

Post by Zorro the Masked Marsupial
This is all very useful thank you. I assumed I would get a lot of stick
- many newsgroups are full of aggressive trolls - this is a remarkably
helpful NG!

Trolling occurs here, too, though not as often as in some groups.

Post by Zorro the Masked Marsupial
I am up and running and beginning to spam friends with PGP
encrypted trivia. Who knows, maybe one day I will have real need of it
when I have to convey my secret cherry cake recipe to someone in
absolute confidence.

My only real use has been in discussing software bugs in an open
source mailing list. We encrypted discussion, because we did not
want news of a bug to leak until there was a patch available to
correct the problem.

I also used on one occasion to notify a person of his password for
a newly created account.

Post by Zorro the Masked Marsupial
A question occurs to me. When I looked at the Veridis keyserver (the
first one I came across) it mentioned 1.9 million keys were on it. I now
understand that's a subset as it's a commercially run server essentially
for private users, but given that many of those keys will be obsolete
but unrevoked now, it seemed a remarkably small number. Or so I thought
until I began trying to install PGP software and found how much
technical knowledge is needed.

Security isn't magic.

You cannot make you house secure by installing a fancy lock.
You need to actually use the lock. And then you have to be careful
about who has a key.

It's the same with digital security. It requires knowledge.
You cannot get security for free (or for just the price of the
software). It takes work.

Post by Zorro the Masked Marsupial
Anyway, the question is, does anyone have
any idea how many people use PGP worldwide? If a quarter of the planet's
population (or whatever it is) have regular access to email I'm
surprised that PGP is so... undeveloped.

I don't know how many. In technical discussion mailing lists,
there are many who use PGP, though not necessarily for every email
message they send. But once we get beyond the technical folk, the
usage becomes quite small. I would guess that most of the keys on
keyservers have long since been abandoned.

Otto Sykora

2008-09-13 10:09:59 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----

The problems with all those keyservers are difficult to overview in
first place. All is historicaly grown, from early DOS times.
That time we did operate all just by some command line instructions.

Key servers were designed so they could be operated left alone and not
be simply hacked by anyone. They were accessible by simple text e-mail.
The idea was that all are connected together and so key dropped in one
will propagate to all servers worldwide.
To avoid some manipulatios, only adding inofrmation was intended, no way
to delete an information.
That time we all thought our e-mail address is for the rest of the life
valid, we should display it everywhere and give it to everyone etc.
Today we know differently.

So some key servers are connected to others, some are not, some copy the
file just every few months, some do only store their own people if it is
a private server.

People deposited many keys just 'for trying' and forget to revoke it or
lost the private key so they could not produce the revocation later.

With newer versions of servers one can delete keys and IDs , provided
one has the private key still operational.

So the number of keys on any server does not say much abt if such key is
used, if there is still private key for it somewhere, if the associated
mail adr still exists or if it is on other keyservers too etc.

Post by Zorro the Masked Marsupial
until I began trying to install PGP software and found how much
technical knowledge is needed.

some basic reading is needed, otherwise use is possible, but sure not as
intended.

(No, I don't think I'll be using the GPG

dont worry, it works well too, the gpg itself is fine, the GUI frontends
have some snags I admit however. No need to compile infact, all is
delivered ready for use.

I am sometimes using also some Java portable pgp, just now using a
plugin for the Thunderbird mailclient, works perfect, does all very safe
and simple.

Not only pgp, also the in many countries accepted system x.509 is still
not much used for the daily communication. PGP does work with those keys
too, appart from some big companies and some very official mails with
explicit need for trusted signature cases , most people have simply no
idea that anybody can read the mails when they are underway, the
passwords for the account are transmitted in plain text after all and so
anybody can also access the mail account at any time he likes.

People rather wants providers to arrange for ability to send mails with
250mb attachment, rather then ask how the mails are transmitted.