Differences

This shows you the differences between two versions of the page.

--- documentation:gpg-keys [2019/10/02 22:36] – derek
+++ documentation:gpg-keys [2019/10/03 11:49] (current) – [Quick overview] derek
@@ Line 24: / Line 24: @@
 This system is implemented to make conversion from public key to private impossible. Well, in this scheme the sender is encrypting a data with a receiver public key, and encrypted data might be ridden only with receiver private key.
-**NOTE:** __NEVER SEND YOUR PRIVATE KEY(S) OVER ETHERNET AND KEEP IT PRIVATE.__
+**NOTE:** __NEVER SEND YOUR PRIVATE KEY(S) OVER INTERNET AND KEEP IT PRIVATE.__
 === Signing ===
+Another problem is a way to check a data authenticity e.g. ability to check if a message was really sent by alleged sender. To mitigate this problem a concept of digital signature was proposed. If you have a senders public key and signature for a received data you are able to check this data authenticity.
 === Key servers ===
+Everything has a weak point, the weak point of this cryptography scheme is the spreading of public keys. Some user could bring a false public key with someone's else ID. To prevent this each public key might be signed by other users, and public key might be published on the key server to spread it.
+**NOTE:** always check a new public keys, if you're able to check the identity of the public key owner this is a best way to do so.
 ==== Used terms ====
+^ Term ^ Description ^
+| Public key | A part of your key is freely accessible used for/to: check your signature, encrypt data for you |
+| Private key | A secret part of the key, used to: decrypt data, sign the data |
+| Digital signature/signature | A data used to signature some other data (i.e. message), used to: check the data wasn't changed, check the data for it's authenticity |
+| MUA | MUA is a Mail User Agent e.g. mail client used to have a deal with emails |
 ==== Why to use gpg? ====
+It might be feel weird to use gpg for mail as example, since connections between MUA and server is secure and encrypted. Well, with the MUA your email is going with the following steps:
+  * Transfers to the destination mail server (encrypted)
+  * Stored on the destination mail server (not encrypted)
+  * Fetched via receiver's MUA (encrypted)
+  * Stored on the receiver's side (not encrypted)
+Using the same server for secure messaging is a good idea (you may trust for the server), but it's not enough. Firstly it's limiting you to have a conversations with other part of the world, secondly it doesn't guarantee safety, because server might be accessible in a data centre.
+Also, you should notice some mail servers (google mail is a good example) actually is reading mail messages for some purposes (any free (I meant free as a beer here) email service will do mail reading).
+In order to get a truly secure conversations you must use gpg for this. GPG encrypted messages are stored on the server, but without private key nobody is able to read this message. Also, you kept a sent message encrypted and impossible to read either by you. Finally, it's better to avoid free email services such as google mail (if it's possible).
+Askele mail service is going deeper with privacy and security and provide [[:features:crypto-mail-store|Crypto Mail Store (CrMS)]] feature.
 ===== First steps =====
+First steps means the first operations required to start using gpg encryption scheme. Specific software information is provided later on this page. This is a "generic" description of actions to be made in order to make encryption, decryption and signing works.
 ==== Create your own key ====
+The very first step is to create a key pair for your own. Usually you need to provide the following information:
+  * Your real name
+  * Your email
+  * Passphrase
+If you're planning to use gpg with email, provide email of the purpose. Passphrase is used to crypt your private key (passphrase will be required on each operation with cryptography), this part might be avoided, but we don't recommend to store private keys in a plain text (e.g. not encrypted).
+Please note, you will be asked (via software) to provide expiration date for the new key-pair, we don't recommend to use pairs without expiration date, the optimal lifespan for the pair is 2 years.
+Spread your public key to your recipients in order to make public-private scheme works with desired contacts.
 ==== Import other keys ====
+The next step is to get your contacts public keys and import it.
 ==== Key servers ====
+We'd recommend to publish your public key on public key servers.
@@ Line 47: / Line 82: @@
 ==== Signing ====
+MUA can sign your emails automatically, but if you're required to publish some data (files) it's recommended to sign it.
 ==== Encryption ====
+For secure communications it's better to encrypt a message, MUA is doing this job for your emails (and attachments as well). But you're able to encrypt a data on your local storage to make it safe.
 ===== Software to use =====
+There are a plenty of software, however there are most popular described:
+  * [[:documentation:gnupg-intro|GnuPG (mostly for Mac OSX and Linux/BSD users)]]
+  * [[:documentation:gpg4win-intro|GPG4WIN (for Windows users only)]]