This shows how you can send a verified (signed) and encrypted message to a friend that is secure and tamper-evident 2. This is useful to prove that the message is indeed coming from you 1. On the other hand, you can use your private key to “sign” a message, which can only be decrypted using your public key. This is equivalent to a mathematical operation that’s computationally very hard to reverse, unless you have the corresponding private key. When someone wants to send a message, they encrypt it using your public key. As the names suggest, the private key is a secret, while the public key can be made available publicly. The way these work is that you first generate a public and private key using a program on your computer. It’s open source, part of the GNU project, and has become standard software, powering a huge chunk of encryption on the web. The GNU Privacy Guard (GPG) is one such implementation. Thus, any other software that implemented the OpenPGP standard could interact with PGP. Later, an open standard called OpenPGP was created, which contained the formats for keys, encrypted messages, and message signatures defined by PGP. Pretty Good Privacy (PGP) was a program created to encrypt/decrypt data back in 1991, and was later incorporated into a company that is now owned by Symantec. I learned new things while trying it out, and wanted to write about it. It’s still an Alpha product, and invite-only (or sign up and join the waitlist). I’m fixing that now, and it was a perfect opportunity when a friend invited me to try keybase.io. I have to admit, despite having spent so many years studying Computer Science, my understanding of security and modern best practices is pretty shabby.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |