/g/ - Technology » Thread #51037379

[10 / 3 / ?]

271KiB, 485x366, 2015-10-27_00-40-17.png

Anonymous Tue 27 Oct 2015 10:12:35 No.51037379 View Reply Report Delete

Quoted By: >>51037392 >>51037497 >>51040130

What is PGP and how do I start using it?
I got a cock.li account for the purpose of trying out this PGP thing.

All I know is it allows you to encrypt your emails so people can't read it without your key?

How do I go about setting one up?

Anonymous

Anonymous Tue 27 Oct 2015 10:13:19 No.51037392 Report Delete

Quoted By: >>51037433

>>51037379
read the manual you fuckin noob

Anonymous

Anonymous Tue 27 Oct 2015 10:14:50 No.51037404 Report Delete

Quoted By: >>51037433

OP you don't have anything worthwile to say, may as well use plain text

Anonymous

Anonymous Tue 27 Oct 2015 10:15:11 No.51037411 Report Delete

Quoted By: >>51037433

Just bing it, shitter.

Anonymous

Anonymous Tue 27 Oct 2015 10:16:56 No.51037433 Report Delete

Quoted By:

>>51037392
>>51037404
>>51037411
Great, thank you for your insightful posts. I feel smarter already.

Anonymous

Anonymous Tue 27 Oct 2015 10:22:09 No.51037497 Report Delete

Quoted By: >>51039506

>>51037379
I you have an android device, openkeychain is a nice GUI to get started. Kleopatra is too, but that is a KDE only application

Anonymous

Anonymous Tue 27 Oct 2015 13:03:18 No.51039506 Report Delete

Quoted By:

>>51037497
>openkeychain
This.
Generate a key pair and use the public one to encrypt your mails. Check your email client manual for how to import and encrypt mails. Distribute that public key to your friends so they can encrypt whatever they send you.

Use the private key to decrypt. Keep private key safe with you.

noob friendly tl;dr
Your key= public part+ private part
Message+ public key= encrypted message
Encrypted message+ private key= original message.

Anonymous

View Same Google ImgOps iqdb SauceNAO original.jpg, 24KiB, 335x352

Anonymous Tue 27 Oct 2015 13:49:39 No.51040130 Report Delete

Quoted By: >>51040523

>>51037379
PGP encrypts stuff. It uses public key cryptography, which means you have two keys. One you can give to anyone; even post it on the internet for all to see. The other key you keep private and never let anyone see. People can encrypt messages with your public key, and then you in turn decrypt them with your private key. A message encrypted with one key can only be decrypted by the other key.

The system can also work in reverse to perform an operation called "signing". Signing basically works by encrypting a hash of a message/document with your private key and including it with the message/document when you send it. That way, people can decrypt that encrypted hash with your public key. So long as people believe that a public key is indeed yours, then can be sure you sent the message because only you could have encrypted it such that they could decrypt it with your private key.

PGP (the program) is proprietary garbage though. Use GPG like everyone else does. Most Linux distributions come with it by default. Windows probably has ports of it somewhere you can also use if you use Windows for some reason.

Anonymous

Anonymous Tue 27 Oct 2015 13:52:23 No.51040163 Report Delete

Quoted By:

I've used thunderbird and enigmail.

Don't have anyone to send messages to though :(

Anonymous

View Same Google ImgOps iqdb SauceNAO WKSOFve.jpg, 402KiB, 600x450

Anonymous Tue 27 Oct 2015 14:13:04 No.51040523 Report Delete

Quoted By:

>>51040130
To add to this, people will need to be able to verify that the public key they think belongs to you actually is yours. You can upload your public key to a keyserver (like pgp.mit.edu, you upload it to one and it propagates to the others) where people can find it.

You verify people's identity by signing keys: you validate the ownership of the key (usually, someone shows you their public key fingerprint and some form of official ID), sign it with your private key, send the signed key back to the person, and they can upload it to the keyserver. The keyserver shows their public key, and the signatures of people who signed it. By signing keys, you build a web of trust: for example, my key is signed by my colleagues, some friends, my old college information security prof and some other people, and I've verified and signed their keys in return. When a message arrives signed with their key, I trust that message to actually come from that person. I also trust those people to be careful in verifying public keys, so I usually trust the identity of anyone who has their keys signed by one of my friends.

Encrypting and signing messages is cool, but you need to be sure you've got the correct public key of the person you're talking to, or else you might be subject to a man in the middle attack. Meeting in person and exchanging the public key fingerprints is the best way but sometimes impossible, having people you trust verifying the person you want to talk to is a good compromise.

Subject

Name

E-mail

Password

Capcode	All Only User Posts Only Verified Posts Only Moderator Posts Only Manager Posts Only Admin Posts Only Developer Posts Only Founder Posts
Show Posts	All Only With Images Only Without Images Only Spoiler Images Only Non-Spoiler Images
Deleted Posts	All Only Deleted Posts Only Non-Deleted Posts
Ghost Posts	All Only Ghost Posts Only Non-Ghost Posts
Post Type	All Only Sticky Threads Only Opening Posts Only Reply Posts
Results	All Grouped By Threads
Order	Latest Posts First Oldest Posts First

On these boards

Your latest searches