Questions from a newbie

Adam Gould adam at e-ignite.co.uk
Tue Dec 5 12:30:29 CET 2006


Hardeep Singh wrote:
> 1. While creating the key, I noticed RSA is sign only. Does it mean an
> RSA key cannot be used to encrypt? Why so - even RSA is now in public
> domain I believe. PGP (the free version) also allows RSA keys.

No, it does not mean that you *can't* use RSA to encrypt.  You would
generate an RSA signing only key, then generate an RSA encryption subkey
using the gpg --edit-key command.  This way, you can have (for example)
a 1024 bit RSA signing key with a 4096 bit RSA encryption key if you wish.

Hardeep Singh wrote:
> The algorithm used instead by GnuPG is "DSA and Elgamal' which I
> havent heard of and dont know if they are equally secure. Are these
> compatible with PGP?

They are simply the default key types with GnuPG.  The DSA key is the
signing key and it can only be 1024 bits.  The Elgamal key is an
encryption key, and it is the size that you specify.  Both DSA / Elgamal
and RSA are compatible with PGP 5 and above.


Hardeep Singh wrote:
> 2. What happens if I loose the pendrive? They would not know the
> password but they would have the secret key. Does it make it easier
> for them to hack the messages I have already received, and possibly
> the encrypted files I have stored on the same pendrive?

Put quite simply, yes.  If they have a copy of your private key, hackers
only need to find your passphrase to compromise all of your previously
secured communications.  Using a dictionary attack on the key, they are
far more likely to break the security of your emails and files.  If you
do ever lose your pendrive with secret keys on it, I would recommend
that you revoke the keys you lost and create a new key pair.

Hardeep Singh wrote:
> 3. Is there a wipe function or a wipe software also available from Gnu
> similar to the one offered by PGP? I need one that can be run from a
> pendrive without installation.

There are several free, open source wiping programs available, but these
are not entirely useful when you are using a flash memory pen drive.  In
order to prolong the life of flash memory, all data is written to a
random "sector" on the drive and this is controlled by a low-level
controller over which the operating system of the host PC has no
control.  Therefore to absolutely securely remove data from a flash
drive, you would need to delete the file then run a "free-space" wipe of
the memory.

You may be interested in Mobility Email (available at
http://www.mobilityemail.net) - this is an open source mail client based
on Mozilla code, and has built-in OpenPGP email encryption support.  It
is designed to run from a removable drive, so the disk letter does not
matter and you can therefore use it on multiple computer terminals.  It
also supports profile locking and secure wiping of the disk if you
choose to enable it.  This encrypts your mail profile using AES
symmetrical encryption (with a user-specified passphrase), deletes the
unencrypted profile from your disk, then performs a "free-space wipe" of
the memory, ensuring excellent security even if you lose the flash disk.
 This is quite a time-consuming process though, and may not be necessary
for every-day use - this is why we included the option so that the users
decide what level of security to use.  I would highly recommend that you
try it and form your own opinions - it's free, open source software and
is compatible with Windows and Linux running WINE.

Hope this helps,

Adam

-- 
e-ignite: <http://www.e-ignite.co.uk>
OpenPGP Key: 0x4B45F6F5 <http://www.e-ignite.co.uk/pubkey.asc>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 560 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20061205/2e7a3f93/signature-0001.pgp


More information about the Gnupg-users mailing list