OpenBSD Journal

Guide to Using the Gnu Privacy Guard

Contributed by jose on from the secure-email dept.

Peter Matulis writes: "Hi folks. Here is a tutorial I wrote for the Gnu Privacy Guard. It's not exactly an OpenBSD-only topic but all commands were run on 3.2 and 3.4 (installed as a package).

As usual, I am looking forward to comments, suggestions, and corrections.

I include a spotlight on integrating GnuPG into the Mozilla Thunderbird email client (Windows platform).

Here is the URL:

http://www.aei.ca/~pmatulis/pub/gpg.html

Also available in PDF format:

http://www.aei.ca/~pmatulis/pub/gpg.pdf (500 kB)

Peter"

(Comments are closed)

Comments

  1. By Anonymous Coward () on

    you suggest to write the passphrase down on paper. should you not learn this phrase by heart instead? if anyone gets access to your private key, they can easily pretend to be you if you coincidentally let this sheet of paper lying about.

    Comments

    1. By Peter Matulis () on

      That comment of mine was more for the reader of the tutorial so that the whole thing wouldn't break later on.

    2. By Dennis Decker Jensen (213.237.112.132) on

      Actually this is a common misconception.

      Bruce Schneier (for years) and others recommend writing down your password. Quoting Bruce Schneier's Crypto-Gram Newsletter, July 15, 2005,:

      "Last month, Microsoft's Jesper Johansson made the news when he urged people
      to write down their passwords. This is good advice, and I've been saying
      it for years.

      Simply, people can no longer remember passwords good enough to reliably
      defend against dictionary attacks, and are much more secure if they choose
      a password too complicated to remember and then write it down. We're all
      good at securing small pieces of paper. I recommend that people write
      their valuable passwords down on a small piece of paper, and keep it with
      their other valuable small pieces of paper: in their wallet. Obscure it
      somehow if you want added security: write "bank" instead of the URL of your
      bank, transpose some of the characters, leave off your userid. This will
      give you a little bit of time if you lose your wallet and have to change
      your passwords. But even if you don't do any of this, writing down your
      impossible-to-memorize password is more secure than making your password
      easy to memorize.

      <http://news.com.com/Microsoft+security+guru+Jot+down+your+passwords/2100-7355_3+-5716590.html>
      or <http://tinyurl.com/8tuz3>

      Or you can use PasswordSafe:
      <http://www.schneier.com/passsafe.html>"

  2. By Anonymous Coward () on

    Thanks Pete!

  3. By Justin () on http://www.krytosvirus.com/gpghowto/gpghowto.html

    This is a GPG Howto I found on the net one day and it prompted me to learn the basics. I don't remember the URL of the original, this is just a mirror of it I put up as you may note it is copyrighted by Robert J Hansen.

    http://www.krytosvirus.com/gpghowto/gpghowto.html

  4. By Anonymous Coward () on

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]