Topic: PGP Encryption for newbies (Read 3726 times)

some im getting around kleopatra right now... and unfortuantly there is not an updated tutorial. Or im just using a newer version but im sure ill get there..

https://www.igolder.com/PGP/generate-key/

Easy online way with no software download.

you guys are simply the best !

Im actually on the tutorial right now good stuff!

It gets confusing because PGP can refer to multiple things, the initial closed source application written by (Zimmerman), the protocol it was developed into, and informally the open source standard that exists now (although it is technically OpenPGP not PGP).  Depending on which "PGP" you are talking about PGP can either be open or closed.

http://www.openpgp.org/
OpenPGP is the term usually used to refer to the Open standard. GPG initially was developed as an open alternative to the closed source PGP application however after the ratification of the OpenPGP standard GPG is simply one of many implementations of that standard.

Note in common language someone saying "PGP" likely means OpenPGP but one should be aware that technically the only "PGP" products are those released by NAI as closed source enterprise solutions.  Ironically the OpenPGP standard was incompatible with NAI implementation of PGP and as a result they have had to change over time to remain compatible.

Today both GPG and PGP and are implementations of "Open PGP" which is technically RFC 4880.

The open standard for PGP is/was created by the IETF (RFC 4880)
http://www.ietf.org/rfc/rfc4880.txt


If all that was insanely confusing well the "simple" version is:
For most purposes (although technically incorrect) the terms "GPG", "PGP", "OpenPGP", and "RFC 4880" can be used interchangeable.   If someone says please encrypt that with "PGP" before posting it (instead of saying please use your choice of the implementation of the RFC 4880 standard) they aren't asking you to buy a license from NAI to run the closed source implementation of RFC 4880.

People shouldn't get hung up on the name though.  For example if you were looking at a crypto library (bouncy castle for example) you would find no reference to GPG.  Does that mean Bouncy Castle PGP libraries are incompatible with GPG or are closed source?  No they simply use the term "PGP" to mean OpenPGP / RFC 4880.  Bouncy Castle libarary, GPG, and PGP are all implementations of RFC 4880.

If you're interested in learning how to setup GPG, encrypt and decrypt messages then this is one of the best tutorials I've found; it's short and simple.
http://aplawrence.com/Basics/gpg.html

“GPG” stands for “Gnu Privacy Guard" and is has the functionality of PGP less some proprietary stuff GPG users don't really need.

GPG is used with Bitcoin affiliated services because it is open source, can be used anonymously, and works well for protecting from unauthorized access.

Bitcoin.org software releases include GPG keys of those who built it to ensure the software is authentic and not tampered with.

The #bitcoin-otc IRC channel uses a GPG-based authentication method (gribble) and reputation/trust history system -- its Web of Trust (Wot).  You might see this trust history in third party services also, such as with trader profiles on LocalBitcoins.

All orders through MPEx exchange are transmitted as GPG signed messages.

You might see GPG-signed messages in the forums, especially for offers and acceptances, as these are legal agreements and a digital signature can be just as good as a wet ink one.

The benefits don't come without a cost however.   And the main cost is convenience.  If you receive an encrypted e-mail and you accessing your e-mail from a mobile phone in which you did not install GPG (or transfer over your private key) then you will not be able to read that e-mail until you are back on a device with GPG and your private key.

So step 1 to using GPG is to install the software and generate a key (assuming you don't already have one).  Which software you use will depend on your operating system:
 - http://wiki.bitcoin-otc.com/wiki/GPG_authentication#Third-party_guides

Before you actually start using GPG for anything, make sure you have backed up your GPG private key and your revocation certificate (and store that backup in a secure place):
 - http://www.gnupg.org/gph/en/manual.html#AEN513

Then, instruction from there will depend on what you want to do next.  For the -otc Web of Trust (WoT), you'll need to register your key with the gribble bot:
 - http://wiki.bitcoin-otc.com/wiki/GPG_authentication#Encryption-based_authentication_via_GPG_key_with_the_bot

If you want to encrypt e-mail, the instructions will depend on which e-mail program or service you use.   You can always manually encypt using the command line tools, and then paste the encrypted message in your message (e.g. using ASCII armored mode) or attach it as a file.

So If you couldn't already tell im new!

Hello! Im gabber, any ways now with the introduction out of the way i would just like to start a thread about PGP encryption. I did do a search on these newbie forums since im a noob and im only authorized to post here. But I could not find anything about pgp encryption so i figured this would be a perfect place to have a discussion/tutorial thread.

Now I dont know about PGP encryption a whole lot, but i have done some research , so what i would like to do here is as a community collectively create  a thread were not only can we learn and educate ourselves but put forth our own opinions and suggestions on different software of PGP encryption.

With that i guess i would appreciate someone with more information on it to follow up with a replay and lets get this ball rolling!!