Askele Group

User Tools

Site Tools

Trace:
documentation:gpg-keys

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
documentation:gpg-keys [2019/10/02 22:47] derekdocumentation:gpg-keys [2019/10/03 11:49] (current) – [Quick overview] derek
Line 24: Line 24:
 This system is implemented to make conversion from public key to private impossible. Well, in this scheme the sender is encrypting a data with a receiver public key, and encrypted data might be ridden only with receiver private key. This system is implemented to make conversion from public key to private impossible. Well, in this scheme the sender is encrypting a data with a receiver public key, and encrypted data might be ridden only with receiver private key.
  
-**NOTE:** __NEVER SEND YOUR PRIVATE KEY(S) OVER ETHERNET AND KEEP IT PRIVATE.__+**NOTE:** __NEVER SEND YOUR PRIVATE KEY(S) OVER INTERNET AND KEEP IT PRIVATE.__
  
 === Signing === === Signing ===
-Another problem is a way to check a data authority e.g. ability to check if a message was really sent by alleged sender. To mitigate this problem a concept of digital signature was proposed. If you have a senders public key and signature for a received data you are able to check this data authenticity.+Another problem is a way to check a data authenticity e.g. ability to check if a message was really sent by alleged sender. To mitigate this problem a concept of digital signature was proposed. If you have a senders public key and signature for a received data you are able to check this data authenticity.
  
 === Key servers === === Key servers ===
Line 35: Line 35:
  
 ==== Used terms ==== ==== Used terms ====
 +
 +^ Term ^ Description ^
 +| Public key | A part of your key is freely accessible used for/to: check your signature, encrypt data for you |
 +| Private key | A secret part of the key, used to: decrypt data, sign the data |
 +| Digital signature/signature | A data used to signature some other data (i.e. message), used to: check the data wasn't changed, check the data for it's authenticity |
 +| MUA | MUA is a Mail User Agent e.g. mail client used to have a deal with emails |
  
 ==== Why to use gpg? ==== ==== Why to use gpg? ====
 +It might be feel weird to use gpg for mail as example, since connections between MUA and server is secure and encrypted. Well, with the MUA your email is going with the following steps:
 +  * Transfers to the destination mail server (encrypted)
 +  * Stored on the destination mail server (not encrypted)
 +  * Fetched via receiver's MUA (encrypted)
 +  * Stored on the receiver's side (not encrypted)
  
 +Using the same server for secure messaging is a good idea (you may trust for the server), but it's not enough. Firstly it's limiting you to have a conversations with other part of the world, secondly it doesn't guarantee safety, because server might be accessible in a data centre. 
 +
 +Also, you should notice some mail servers (google mail is a good example) actually is reading mail messages for some purposes (any free (I meant free as a beer here) email service will do mail reading). 
 +
 +In order to get a truly secure conversations you must use gpg for this. GPG encrypted messages are stored on the server, but without private key nobody is able to read this message. Also, you kept a sent message encrypted and impossible to read either by you. Finally, it's better to avoid free email services such as google mail (if it's possible).
 +
 +Askele mail service is going deeper with privacy and security and provide [[:features:crypto-mail-store|Crypto Mail Store (CrMS)]] feature.
  
 ===== First steps ===== ===== First steps =====
 +First steps means the first operations required to start using gpg encryption scheme. Specific software information is provided later on this page. This is a "generic" description of actions to be made in order to make encryption, decryption and signing works.
  
 ==== Create your own key ==== ==== Create your own key ====
 +The very first step is to create a key pair for your own. Usually you need to provide the following information:
 +  * Your real name
 +  * Your email
 +  * Passphrase 
 +
 +If you're planning to use gpg with email, provide email of the purpose. Passphrase is used to crypt your private key (passphrase will be required on each operation with cryptography), this part might be avoided, but we don't recommend to store private keys in a plain text (e.g. not encrypted).
 +
 +Please note, you will be asked (via software) to provide expiration date for the new key-pair, we don't recommend to use pairs without expiration date, the optimal lifespan for the pair is 2 years.
 +
 +Spread your public key to your recipients in order to make public-private scheme works with desired contacts.
  
 ==== Import other keys ==== ==== Import other keys ====
 +The next step is to get your contacts public keys and import it.
  
 ==== Key servers ==== ==== Key servers ====
 +We'd recommend to publish your public key on public key servers.
  
  
Line 51: Line 82:
  
 ==== Signing ==== ==== Signing ====
 +MUA can sign your emails automatically, but if you're required to publish some data (files) it's recommended to sign it.
  
 ==== Encryption ==== ==== Encryption ====
 +For secure communications it's better to encrypt a message, MUA is doing this job for your emails (and attachments as well). But you're able to encrypt a data on your local storage to make it safe.
  
 ===== Software to use ===== ===== Software to use =====
  
- +There are a plenty of software, however there are most popular described: 
 +  * [[:documentation:gnupg-intro|GnuPG (mostly for Mac OSX and Linux/BSD users)]] 
 +  * [[:documentation:gpg4win-intro|GPG4WIN (for Windows users only)]]
documentation/gpg-keys.1570056449.txt.gz · Last modified: by derek
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki