Pretty Good Update for E-Mail Privacy

R. A. Hettinga rah at shipwright.com
Tue Jan 7 10:03:59 EST 2003 

http://www.washingtonpost.com/ac2/wp-dyn/A8488-2003Jan3?language=printer

washingtonpost.com

Pretty Good Update for E-Mail Privacy

By Kevin Savetz
Special to The Washington Post
Sunday, January 5, 2003; Page H06

Internet users send millions of e-mail messages every day, oblivious to
their lack of confidentiality.

For years, a powerful and free encryption program called PGP, or Pretty
Good Privacy, allowed users to keep their e-mail and other data private.
But Network Associates, which bought PGP in late 1997, failed to sell
upgraded versions to businesses and let the program drift into limbo from
mid-2001 on, without any significant updates.

Last summer, however, a new company, PGP Corp., bought the program from
Network Associates, and in December it shipped a new version.

PGP 8 (www.pgp.com) runs on Windows 98 or newer Microsoft operating
systems, as well as Mac OS X 10.2. Older versions of the software are
available for other operating systems at www.pgpi.org.

This program uses "public key cryptography," in which every user has two
"keys," one public and one private. You encrypt an outgoing message with
the recipient's public key, available to anybody who asks. The scrambled
message can be decrypted only by the recipient's private key, which stays
on that person's hard drive, protected by a password.

You don't need mathematics knowledge to use the program, but you will need
to read the manual. While PGP 8 manages to insulate users from many complex
concepts of cryptography, you do need to grapple with such things as key
rings, trust meters and fingerprints.

PGP offers several versions of PGP 8, starting with PGP Freeware. The free
download -- for noncommercial use only -- covers the basics of creating
keys, sharing the public one on an online "key server" for other users'
convenience, encrypting and decrypting data, and signing messages, which
lets a recipient verify that messages actually came from you and were not
altered on the way.

PGP Freeware is more than enough for encrypting occasional messages and
keeping snoops from reading your unfinished great American novel. It
includes a tool search for other people's public keys at key servers. But
it doesn't tie into e-mail programs, forcing a copy-and-paste procedure
each time you want to encrypt or decrypt a message.

The $39 PGP Personal edition adds PGP Mail, which embeds PGP functions into
the Outlook and Outlook Express e-mail programs on Windows, and Apple Mail
and Microsoft Entourage on the Mac. With that feature, encrypting and
decrypting e-mail was easy, even huge messages with MP3 files attached.

PGP Personal also includes PGPdisk, which creates an encrypted,
password-protected area on your disk drive. That makes PGP useful for far
more than sending messages. You could use it to create an encrypted folder
for financial statements, for instance.

The company also offers "Desktop" and "Enterprise" versions that support
office-wide mail systems.

But what if PGP Corp. pulls the same trick as Network Associates did and
orphans the program? Users anxious about that might want to consider an
open-source, PGP-compatible program called Gnu Privacy Guard
(www.gnupg.org). It is available for Windows, Linux, Mac OS X and several
other operating systems and is free for personal and commercial use. Since
nobody owns it, nobody can take it off the market.

GPG, however, needs another layer of software to become accessible. Despite
its excellent documentation, its text-only, command-line interface would be
a roadblock for people uncomfortable with DOS- or Unix-style command
prompts.

Windows Privacy Tray (www.winpt.org) adds shortcuts to the Windows system
tray to generate keys, and to sign and encrypt messages without fussing
with a text interface. Macintosh users can add GPG DropThing (available
with other front-end software at macgpg.sourceforge.net); its interface is
sparse but will let you encrypt and decrypt data without resorting to a
command line.

These free programs make the process roughly as easy as it is with PGP 8 --
that is, pretty simple once you learn your way around.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list