GnuPG neophyte inquiries.

[Qed]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On 08/20/2006 07:31 AM, Caitlin wrote:
> 1). My roommate and I share a WinXP box. If I install GnuPG 1.4.5 on
> it, would this represent a potential security concern?
Your keyring would be stored in your personal home dir, if you have
installed XP on a NTFS partition(i.e.: permissions are enabled) ad you
trust that machine there aren't security risks; to decrease a bit your
paranoia level ;-) you could enable windows file encryption(EFS) on you
keyring files/directory.

> 2). Would I have to copy and paste encrypted messages received via
> email to a disk (for example) then transport them to the machine
> mentioned in #1 for decryption?
Only if that machine doesn't have an internet connection. There are
OpenPGP plugins for almost every MUA.

> 3). If a security issue arises with the version of GnuPG I'm using,
> what happens to my keyring, private key, etc. when I upgrade? I'm
> assuming I would have to send my friends/associates a newly generated
> public key so we could resume communication?
No, since the security issue is not related to the underlying
cryptographic algorithms(e.g.: some time ago ElGamal signatures were
discovered to be weak, so in newer version of GnuPG the generation of
such keys is disabled).

> 4). How secure (generally speaking) is installing GnuPG on a flash
> drive and using it for all GnuPG related activity? I'm a college
> student and security on the campus network is clearly of paramount
> importance.
The machine you are using to do crypto stuff must be trusted in any case.
- --

  Q.E.D.
War is Peace
Freedom is Slavery
Ignorance is Strength

ICQ UIN: 301825501
OpenPGP key ID: 0x58D14EB3
Key fingerprint: 00B9 3E17 630F F2A7 FF96  DA6B AEE0 EC27 58D1 4EB3
Check fingerprints before trusting a key!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE6G7QH+Dh0Dl5XacRA+BVAJsEUYPyMy/wPCOojcRXD+RYs+RRQgCeObmQ
OFyolos10vXWw/Fy9f2LgVE=
=tDeL
-----END PGP SIGNATURE-----