Installation guide

ManualsBrandsRed Hat ManualsSoftwareNETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE

251

252

253

254

255

256

257

258

259

260

Appendix B.

Getting Started with Gnu Privacy Guard

B.1. An Introduction to GnuPG

Have you ever wondered if your email can be read during its transmission from you to other

people, or from other people to you? Unfortunately, complete strangers could conceivably

intercept or even tamper with your email.

In traditional (also known as "snail") mail, letters are usually sealed within envelopes,

stamped and delivered from post ofﬁce branch to branch until they reach their destination.

But sending mail through the Internet is much less secure; email is usually transmitted as

unencrypted text from server to server. No special steps are taken to protect your

correspondence from being seen or tampered with by other people.

To help you protect your privacy, Red Hat Linux 7.3 includes GnuPG, the GNU Privacy

Guard, which is installed by default during a typical Red Hat Linux installation. It is also

referred to as GPG.

GnuPG is a tool for secure communication; it is a complete and free replacement for the

encryption technology of PGP (Pretty Good Privacy, a widely popular encryption applica-

tion). Using GnuPG, you can encrypt your data and correspondence, and authenticate your

correspondence by digitally signing your work. GnuPG is also capable of decrypting and

verifying PGP 5.x.

Because GnuPG is compatible with other encryption standards, your secure correspondence

will probably be compatible with email applications on other operating systems, such as

Windows and Macintosh.

GnuPG uses public key cryptography to provide users with a secure exchange of data. In a

public key cryptography scheme, you generate two keys: a public key and a private key.

You exchange your public key with correspondents or with a keyserver; you should never

reveal your private key.

Encryption depends upon the use of keys. In conventional or symmetric cryptography, both

ends of the transaction have the same key, which they use to decode each other’s transmis-

sions. In public key cryptography, two keys co-exist: a public key and a private key. A person

or an organization keeps their private key a secret, and publishes their public key. Data en-

coded with the public key can only be decoded with the private key; data encoded with the

private key can only be decoded with the public key.

Important

Remember that your public key can be given to anyone with whom you want to communicate securely,

but you must never give away your private key.

For the most part, cryptography is beyond the scope of this publication; volumes have been

written about the subject. In this chapter, however, we hope you will gain enough under-

standing about GnuPG to begin using cryptography in your own correspondence. For more

information about GnuPG, including an online users guide, visit http://www.gnupg.org/.

If you want to learn more about GnuPG, PGP and encryption technology, see Section B.7.