Whether it's data on your hard drive or email you are sending,
your data is important. I recommended PGP in my last article. If
you haven't downloaded PGP yet I think you should download and
start using it immediately. If you missed the first part of the
PGP article you'll want to read it here:
http://www.TheNakedPC.com/t/418/tr.cgi?dan1
Why should you download and *use* PGP? To me the key to the whole encryption puzzle is to use the software in your daily activities. You'll remember your passphrases and learn the techniques. One of reasons I recommend PGP is its flexibility. You don't just use it on email, you encrypt your important financial files, notes you really don't want others to read, spreadsheets with important numbers in them, etc. Whatever you want to encrypt you have an easy way to do it. And you only need to remember one passphrase to get to any of your data.
Several questions came up frequently after my last article. Here are some of them with the answers.
Q: Does the recipient of your encrypted email need PGP to read
it?
A: Yes. You won't be able to encrypt an email to someone without
their public key. If you have that you can be sure they already
have PGP installed. A way around this is to create a Self
Decrypting Archive of the information you want to send. Simply
save the information to a file then locate it in Windows
Explorer. From the File menu choose PGP, Encrypt then click the
Self Decrypting Archive box. Attach the resulting file to an
email and let your recipient know the password over the phone.
Q: Is PGP really free?
A: Yes, for personal use. If you want to use it for business
purposes you need to buy a copy. Buy it at Amazon:
http://www.TheNakedPC.com/t/418/tr.cgi?dan2
Q: What happens if I forget my passphrase?
A: If you forget your passphrase or lose your private key you
will not be able to access your encrypted data. I'm serious.
There is no way for you or anyone else to get into the encrypted
files without both your passphrase and your private key. So make
good backups of both. I keep a floppy with my private key in my
safe deposit box.
Q: Aren't certificates easier to use?
A: I'm not sure if they are easier to use or not. A certificate
functions much like a key. You get them from VeriSign (among
others) and they have time limits. At various times you can get a
certificate free for one year. While this sounds good what are
you going to do when the year runs out? With an expired
certificate you can't access your certificate-encrypted data
anymore. Certificates only work seamlessly with a few mail
programs (Outlook, Outlook Express, and Netscape for instance).
Since both you and your recipient need to have mail programs that
support certificates, this drastically cuts into their
usefulness. Certificates don't offer you an easy way to secure
other data on your system either. PGP gives you an easy way to
encrypt any data you have.
Q: How do I send my public key to someone else?
A: Open PGPkeys, right click on the key you want to send, choose
Copy. Go to your email program and paste the data in a message.
Now send the key to anyone you want. They then copy what you sent
and paste it into PGPkeys.
Q: Is GnuPG the same as PGP?
A: No. GnuPG, the Gnu Privacy Guard, is an OpenSource encryption
technology designed to be compatible with PGP. It came about when
NAI, the outfit that markets PGP, stopped releasing the full
source code for PGP. That combined with Phil Zimmerman, PGP's
author, leaving NAI have some people worried that there could be
a "back door" programmed into PGP for law enforcement purposes.
Phil Zimmerman says that as of version 7.0.3 there are no back
doors. That is the final version he watched over before leaving.
GnuPG still has full source code published, however, it is still
command line operated. That should change in the future. If you
aren't into hacking around on code I would leave GnuPG alone for
now and stick with PGP. Find more info on GnuPG here:
http://www.TheNakedPC.com/t/418/tr.cgi?dan3
Q: What does an encrypted file look like?
A: You can see a PGP encrypted version of this article here:
http://www.TheNakedPC.com/t/418/tr.cgi?dan4
There were more but these get to the heart of the issue. If you use encryption, use something that works for all your applications and not just a few. By using your encryption program regularly you'll be familiar with the procedure and less likely to forget something important--like your passphrase!
