This document attempts to convey the motivation and use of strong public key encryption. Readers should be able to install encryption software, generate their own key pair and know how to encrypt and decrypt files. MotivationLorem Ipsum ... Installing GPG4WinGPG4Win is the Gnu implementation of PGP encryption technology bundled in a simple Windows installer. First, visit http://www.gpg4win.com/ to download the installer. On the gpg4win homepage, there is a big green button to download the latest version. Click it and choose to save the file. After saving the installer, open Windows Explorer to the saved location and launch the installer by double-clicking the icon. If you are using Windows 7 or Windows Vista, the User Account Control may warn that your about to run a file downloaded from the internet: Allow it by clicking Yes.
Step by step through the installerNote: If you get lost in the following blurb of steps, have a look at the Illustrated step by step installer appendix.
Running GPG and Creating Your Own KeysNote: Again, there are illustrated steps in the appendix. After installing Gpg4win, there will be a new application folder in the start menu to run the GNU Privacy Assistant or GPA. GPA is the graphical interface to the GPG utilities. To open GPA, click Start, All Programs, Gpg4win, GPA. The first time GPG is launched after it has been installed, it will prompt for creation of an encryption key-pair. When creating the encryption keys, the program will prompt for a name and email address to put on the key-pair. Some thought may be applied to the credentials submitted as the name and email address. This will be used to identify the key owner in public key registries as well as signed and encrypted files. If the purpose of the key is to identify yourself, put your real information. If it is to identify a different personality, as is the case in the associated illustrations, than use the information of that personality. Be ware that when you post the public key portion to a key registry, this information will be publicly visible and is necessary for others to verify your signed files. As mentioned in the Motivational, public key encryption works by having two parts: the public and private keys. If the private key is lost you will no longer be able to sign files or decrypt files which have been encrypted for your use. If your private key is compromised or stolen, others can use it to steal your digital identity. Be sure to select the option to create a backup of your private key and protect the private key file as you would a real world ID or credit card. To help minimize the risk of a stolen private key it can be protected using a passphrase. This is HIGHLY recommended and should not be considered optional. The passphrase should not be easily guessable yet unforgettable to the owner. Nobody can recover a forgotten passphrase and the key-pair will become useless. Once the key-pair has been created, an expiration date should be set to force the key to eventually be changed. While keys are much more secure than typical passwords, proper security procedures mandate that credentials change over time. Given enough time and resources an attacker can overcome any level of security. To set an expiration date, highlight the key in the main grid of the GPA window and click the Edit button in the toolbar. Notice from the edit window the key's passphrase can be changed as well. Select the option to set the expiration date and choose a date. Typically 1 to 2 years as sufficient. If the key is for a high profile personality, such as human rights activist in a fascist country than the expiration should be significantly shorter. After the key has expired, it can still be used to decrypt and verify signatures created prior to the expiration. Finally, once the key has been fully set it up it is time to publish the public key so others can verify the owner by signing the public key and the general public can find it and verify that it belongs to the personality it claims. To publish the public key, highlight the key then click the Server menu and select Send Keys. By default, GPA uses the key registry at keys.gnupg.net. This can be changed in the Preferences by checking "Show advanced options." Tip: You may create additional keys by going to the Keys menu and selecting the "New key..." menu item. From there the steps are the same as above. Encrypting and Decrypting FilesAppendix: IllustrationsIllustrated step by step installerIllustrated running gpg and creating your own key
Appendix: Sources
|
Projects >