[clug-talk] GPG success
jmajor at nucleus.com
Sun Sep 4 23:27:24 PDT 2005
Well I decided to tackle the GPG thing. For those of you that have been around
long enough, you know that I have been interested in this since Aaron
presented it to the group many moons ago. I was able to successfully set up a
GPG key on my system in the past but could never figure out why I could not
encrypt anything with it. People had complained that it was hard to verify me
as well even though I thought I was using a well known keyserver.
So I went back to the drawing board as it were. I created a new key. I was
curious that I was presented with only some of the choices for the kind of
key I wanted from what I remembered from my last gen-key. I set up my
previous key as RSA (a bad choice as I was to find out today). Today I set up
my key as the default; (1) DSA and ElGamal. Upon checking the keys in my
keyring, I found that most of them were also DSA. So I figured I was on to
something. The subsequent notes beside the types should have been a clue as
well, I suspect the RSA I had chosen previously would only enable me to sign
but not encrypt. DSA and ElGamal appear to let you do both.
After a little tinkering and playing with settings, I now have my new key in
place and KDE has a nice little applet called KGpg which allows me to manage
my keys a little easier and see who I have at a glance amongst other things.
It hooks into CLI for the advanced stuff but I am quite comfortable dealing
with this now too. I have Kmail setup to use my new key and lo and behold I
can now send fully encrypted messages! I sent a test to myself and when I
checked my mail with Webmail, the message was in fact encrypted. When I
received it in Kmail, it prompted me for my passphrase and once input, it
gave me my decrypted message.
I think I have enough of a grasp of this now to impart my knowledge to anyone
else interested in taking advantage of strong cryptography. However,
following the directions at http://www.gnupg.org/gph/en/manual.html is pretty
straightforward. I still have some questions myself but I feel confident that
things are set up pretty well and I can deal with sending encrypted messages
to anyone I have in my keyring and likewise I can encrypt files for the same.
I feel so empowered, I like that.
FYI, I will have my new user ID, email that the key is associated with and my
new fingerprint (same as below) at the meting on Wednesday for anyone that
wants it. And yes, I will show you my driver's license to verify that I am
who I say I am. For those that have my old key, obviously you have to
update... I haven't yet killed it but it isn't long for this world as I don't
really know what use it could be at this point and it's just more confusing
than anything else.
Good fun! I highly encourage everyone to try this out
4556 EFA8 EC69 7C54 EE33 C881 2C7C 0E10 2439 231E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : /pipermail/clug-talk_clug.ca/attachments/20050905/02981bc2/attachment.bin
More information about the clug-talk