GnuPG neophyte inquiries.
gct3 at blueyonder.co.uk
Sun Aug 20 15:34:51 CEST 2006
On Sunday 20 August 2006 6:31 am, Caitlin wrote:
> Hi all.
Hi and welcome :-)
> Ok. I'm quite interested in GnuPG but I felt compelled to ask a few
> questions. Ready?
> 1). My roommate and I share a WinXP box. If I install GnuPG 1.4.5 on
> it, would this represent a potential security concern?
There should be no security problems. Only you will know your
passphrase, but if you let anybody have access to your passphrases,
then they will be able to decrypt messages on your box. I take it that
you use different (passworded) accounts and therefore you would not
normally gain access to the data of your roommate, and he/she not your
data. To keep things extra secure, however, I would keep your keyring
separate and download it into your machine before use and delete the
keyring on ending your session.
> 2). Would I have to copy and paste encrypted messages received via
> email to a disk (for example) then transport them to the machine
> mentioned in #1 for decryption?
Depending upon the email program you use, this should be done
automatically. I would suggest you use Thunderbird as your email
program with the Enigmail extension to handle GnuPG, but you may wish
to stick with another. Just make sure it supports the OpenPGP
> 3). If a security issue arises with the version of GnuPG I'm using,
> what happens to my keyring, private key, etc. when I upgrade? I'm
> assuming I would have to send my friends/associates a newly generated
> public key so we could resume communication?
People are trying all the time to find chinks in GnuPG's armour in order
that the security and stability of the program is maintained. They do
occasionally find chinks and as these are reported to the GnuPG
developers a new version is very quickly out. It all depends on the
security risk, but I have never had to generate new keys for this
purpose in the six years I've been using GnuPG. There is an OpenPGP
standard to which GnuPG adheres, so there shouldn't be any reason why
your keyring, private keys, etc can't be used with a new version of
> 4). How secure (generally speaking) is installing GnuPG on a flash
> drive and using it for all GnuPG related activity? I'm a college
> student and security on the campus network is clearly of paramount
As I am (although a VERY mature student!). There is no problem with
security (other than general problems with Windows security) in using a
flash drive. It all depends if you are using a machine that will
recognise your flash drive. What I do under Linux is carry my keyring
on an SD/MMC card and connect a card reader to the USB port of the
machine. It is then recognised as a mass storage device. I point the
email program to GnuPG and my keyring at its location. I'm not sure
how I would do it under WinXP, but you might like to look up WinPT, a
front end for GnuPG on Windows.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 245 bytes
Desc: not available
Url : /pipermail/attachments/20060820/36a3fb4c/attachment.pgp
More information about the Gnupg-users