Appendix B. Getting Started with Gnu Privacy Guard
Have you ever wondered if your email can be read during its transmission
from you to other people, or from other people to you? Unfortunately,
complete strangers could conceivably intercept or even tamper with your
email.
In traditional (also known as "snail") mail, letters are usually sealed
within envelopes, stamped and delivered from post office branch to
branch until they reach their destination. But sending mail through the
Internet is much less secure; email is usually transmitted as
unencrypted text from server to server. No special steps are taken to
protect your correspondence from being seen or tampered with by other
people.
To help you protect your privacy, Red Hat Enterprise Linux 4 includes GnuPG, the
GNU Privacy Guard, which is installed by default
during a typical Red Hat Enterprise Linux installation. It is also referred to as
GPG.
GnuPG is a tool for secure communication; it is a complete and free
replacement for the encryption technology of PGP (Pretty Good Privacy, a
widely popular encryption application). Using GnuPG, you can encrypt
your data and correspondence as well as authenticate your correspondence by
digitally signing your work. GnuPG is also
capable of decrypting and verifying PGP 5.x.
Because GnuPG is compatible with other encryption standards, your secure
correspondence is probably compatible with email applications on other
operating systems, such as Windows and Macintosh.
GnuPG uses public key cryptography to provide
users with a secure exchange of data. In a public key cryptography
scheme, you generate two keys: a public key and a private key. You
exchange your public key with correspondents or with a keyserver; you
should never reveal your private key.
Encryption depends upon the use of keys. In conventional or symmetric
cryptography, both ends of the transaction have the same key, which they
use to decode each other's transmissions. In public key cryptography,
two keys co-exist: a public key and a private key. A person or an
organization keeps their private key a secret, and publishes their
public key. Data encoded with the public key can only be decoded with
the private key; data encoded with the private key can only be decoded
with the public key.
| Important |
---|
| Remember that your public key can be given to anyone with whom you
want to communicate securely, but you must never give away your
private key.
|
For the most part, cryptography is beyond the scope of this publication;
volumes have been written about the subject. In this chapter, however,
we hope you gain enough understanding about GnuPG to begin using
cryptography in your own correspondence. If you want to learn more about
GnuPG, PGP and encryption technology, see Section B.8 Additional Resources.
B.1. Configuration File
The first time you run a GnuPG command, a .gnupg
directory is created in your home directory. Starting with version 1.2,
the configuration filename has change from
.gnupg/options to
.gnupg/gpg.conf. If
.gnupg/gpg.conf is not found in your home
directory, .gnupg/options is used. If you only use
version 1.2 or higher, it is recommended that you rename your
configuration file with the following command:
mv ~/.gnupg/options ~/.gnupg/gpg.conf |
If you are upgrading from a version prior to 1.0.7, you can create
signature caches in your keyring to decrease the keyring access time. To
perform this operation, execute the following command once:
gpg --rebuild-keydb-caches |