GnuPG neophyte inquiries.
qed at tiscali.it
Sun Aug 20 16:16:48 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
On 08/20/2006 07:31 AM, Caitlin wrote:
> 1). My roommate and I share a WinXP box. If I install GnuPG 1.4.5 on
> it, would this represent a potential security concern?
Your keyring would be stored in your personal home dir, if you have
installed XP on a NTFS partition(i.e.: permissions are enabled) ad you
trust that machine there aren't security risks; to decrease a bit your
paranoia level ;-) you could enable windows file encryption(EFS) on you
> 2). Would I have to copy and paste encrypted messages received via
> email to a disk (for example) then transport them to the machine
> mentioned in #1 for decryption?
Only if that machine doesn't have an internet connection. There are
OpenPGP plugins for almost every MUA.
> 3). If a security issue arises with the version of GnuPG I'm using,
> what happens to my keyring, private key, etc. when I upgrade? I'm
> assuming I would have to send my friends/associates a newly generated
> public key so we could resume communication?
No, since the security issue is not related to the underlying
cryptographic algorithms(e.g.: some time ago ElGamal signatures were
discovered to be weak, so in newer version of GnuPG the generation of
such keys is disabled).
> 4). How secure (generally speaking) is installing GnuPG on a flash
> drive and using it for all GnuPG related activity? I'm a college
> student and security on the campus network is clearly of paramount
The machine you are using to do crypto stuff must be trusted in any case.
War is Peace
Freedom is Slavery
Ignorance is Strength
ICQ UIN: 301825501
OpenPGP key ID: 0x58D14EB3
Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3
Check fingerprints before trusting a key!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-users