Starting with gnupg

Bill Royds apple at royds.net
Mon Aug 4 16:19:07 CEST 2008


On 4-Aug-08, at 05:54 , Faramir wrote:

>  Wait... it seems I have been very wrong about the subject... does it
> means I don't need to install certificates to enable sftp? I know this
> is turning off-topic, so, can you please give some source of info to
> learn how to make sftp work? I already searched in wikipedia, and  
> found
> sftp can stand for "ftp over ssh" or "SSH file transfer protocol", and
> that those are 2 different concepts...


The confusion is between SSL (Secure Socket Layers), which provides  
the security in https protocol and can provide security in  FTP over  
SSL, and SSH (Secure SHell), which provides the security for scp, sftp  
(ftp over SSH or SSH file transfer protocol).
SSL depends on a hierarchical certificate trust system (X-509) where  
the certificates are certified by a "root" Certificate Authority (CA)  
such as Verisign or Deutsche Telekom or Staat De Nederlanden.
This provides a lucrative business for selling trust.

SSH, on the other hand, is closer to the PGP/GPG web of trust. It uses  
keys generated by the SSH server and your client to verify each other  
after you have been authenticated to the server in another manner  
(most often passwords, but even can be GPG or X509). SSH allows  
tunnelling of other network protocols over the basic SSH connection.  
One of those tunnelled protocols is FTP and SSH has the ability to  
facilitate this.

But all of these protocols encrypt the transmission, not the actual  
data files being transmitted. This is where gnupg comes in.



More information about the Gnupg-users mailing list