www.RogerWendell.com
Roger J. Wendell
Defending 3.8 Billion Years of Organic EvolutionSM
Line

 

PGP Logo My PGP Public Key
& Internet Privacy Page

 

 

A bit o' PGP History

PGP Stands for "Pretty Good Privacy." Actually, it's such darn good security that, in the past, America's various spook agencies got pretty worried over its use and distribution... PGP Privacy means that only the intended recipient of a message can read it. By encrypting messages, PGP provides protection against anyone eavesdropping on your communications. Even if the information is intercepted, it is completely unreadable without the appropriate keys.

Apparently it all started in about 1976. Back then, a cryptographer and privacy advocate named Whitfield Diffie, along with electrical engineer Martin Hellman, discovered public key cryptography (Usually abbreviated "DH" for Diffie-Hellman).

In 1977 MIT researchers Ron Rivest, Adi Shamir, and Len Adleman discovered another more general public key system called RSA (after their names Rivest, Shamir, and Adleman). Later on MIT got involved as part owner in the related patents...

Anyway, the NSA (National Security Agency) told MIT and R, S & A that they'd better not publish this stuff or they'd be in big trouble. [Interesting to note that Adi Shamir (the "S" in RSA) isn't even a U.S. citizen (he's an Israeli) - how would the NSA go about controlling him??] Nevertheless, MIT and R, S & A ignored the NSA and published their work in SciAm (July 1977), in an article entitled "New Directions in Cryptography". They later published RSA in Comms ACM (feb 1978, vol 21, no 2, pp 120-126.

Due to the NSA, and other considerations, theirs was a rush to publication that kind of confused patent rights both in the United States and abroad - this had implications for PGP later on...

IDEA Was developed by Xuejia Lai and James Massey at ETH in Zurich. This is relevant because IDEA is the symmetric key cipher used together with RSA in PGP. It's also important because this shows that crypto knowledge is a world-wide phenomenon and would be pretty hard to "bottle-up" and store away for safe keeping (so to speak!).

Philip Zimmermann was the original author of PGP, releasing it in 1991. Zimmerman worked with some of the aforementioned pioneers in addition to working out the various bugs and revisions necessary for the success of each version of PGP.

In summary, PGP has a long an interesting history. You, yourself, might think that government spooks have little or no interest in your life and you'd probably be correct in asking why use PGP? But, then again, corporate clowns, local law enforcement, or an ex-spouse might be dying to look at some of your musings so you may well want to consider using PGP yourself. Besides, even when you used to mail letters at the Post Office didn't you make sure they were sealed in an envelope? PGP does the same thing, but much better!

Line

Arrow Pointing Right Click Here for my PGP public key in PDF...

2048 bits (2048 Diffie-Hellman/1024 DSS)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.5.3 for non-commercial use

mQGiBDk5L6ARBADphsZDHbShxX/W+VyzsCJoF7MXqB3RsngnW+0zOEiTJ10s8O5N
r4V4QXZqS1hYJvs2V1c504NKzNuYA/yS3pGd+ePm8TQrImr31n3Jeh2IMpTDTGIm
4S+YweqeX/yrOItJV2IKTp+JmFLQmRqItsXYDWGY1gRUeUW+3ziOcdkTVQCg/7Hk
JPNRvY9wXi+SLXKsBqAtrUcEAJiiqMHQGYsn2LVUBViTz0NGN+56sM3S0OHtNjem
jdFodMOQcaIu06XsrJ+H8Uu3K+T8l7l9WW236ZuD9teKC1YF87isjWd/BnaauZSr
omODcUWOPfYZsVNb0z2kz4slv5d8ZHNucEtYXJlvlQ+1LJQOj7NFDbooU/a+K0Pk
P4nuBACR6Q/1Ixkwn4ioSm35oGewfqJurEjWh9y60TMymLM9cIWyR+4xCoFIzzzI
efQkCqHlmy1IcfagM1a5hTB30M1qwxtHG23kqTrtoIkVcPFPKvt0nYGsDs64IUzo
sc2sgW2RFKixtpeP7RCKWe6rU/bmZmsZBJ6UKly1LPFrrKEXgbQlUm9nZXIgSi4g
V2VuZGVsbCA8emVla3ppbGNoQGp1bm8uY29tPokATgQQEQIADgUCOTkvoAQLAwIB
AhkBAAoJEBTUnKpNX7C8BOEAnRjG0/X3LwbiNjDeYnavwu9bzRAaAJ9dh3IFg1Pa
DcBOkhWaGvS+N5KBvrkCDQQ5OS+gEAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bx
brlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJP
PT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrU
GvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVb
GI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcp
esqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggAoSOU
6MMyJlYCZLFW8P3tNVAQ1sPvL2Hjcwcqgu/gr6UXOZKr4gmSlQTJhUa/FWL5z9Jm
ruLEmoOwcU3xtz+Z6DzZQ/fQC4BwJcOOV2/gsa1mitmVSPSB3gRcjE9F4FXYNYxQ
f8mr7BFrVvDec3iI/6AYaKoa8iAWcmeegwRGVHxmyUTg7Ang6lDBSWpmchk+O2P5
ZwMnR3o5SSfaURu0ZFgvQ4xRXvMYllG/SYOwe4Af6dv6dVTfPI+P01yHo4JRjooB
cGXX0cq/ahg6hEuU3WbGhsa8GOd/sIgvsXCIfGvcXIr+ad+/6ynooRVj5hh9+gq3
BgYoOl/9wqk2LRhWiokARgQYEQIABgUCOTkvoAAKCRAU1JyqTV+wvN/+AJ9lCtyc
jNVVgjaREMy1RmFi4uxNiACeNSe7u+gYP5wiVkjSa5D98SFXTP0=
=HzmK

-----END PGP PUBLIC KEY BLOCK-----

 

Line

 

Decoder Ring Public Keys and Certificates
from Mike Meyers' Managing and Troubleshooting Networks pp. 466-467
"Did you ever use one of those 'secret decoder rings' when you were young? I though secret decoder rings were a thing of the past, until I recently saw my daughter playing with one she got from a box of cereal. A secret decoder ring uses an encryption algorithm to exchange each letter of the alphabet for another, enabling you to turn readable text into a coded message or vice versa. For example, your decoder ring might exchange each letter in the alphabet for the letter three steps away - which would transform this statement 'I HAVE A SECRET' into something like 'F EXSB X PBZOBQ.' In this case, moving the letters of the alphabet three positions is the algorithm, and the secret decoder ring is the key we use to encrypt and decrypt.

"Encryption in the world of electronic data works in much the same way. Incredibly complex algorithms use a special string of numbers and letters, known as a key, to encrypt and decrypt anything from Word documents to the data areas of IP packets. Given enough time, most people could break the simple, three-letter algorithm used in our first example - we call this weak encryption. The best encryption algorithms used in computing are for all practical purposes impossible to crack and are thus known as strong encryption. "Even the strongest encryption is easily broken if someone can get the key. Early encryption techniques used what is called symmetric key. Symmetric key means the same key is used both to encrypt and to decrypt. This leads to the obvious question: 'How do you get the key to the other person without anyone else getting it?' Simply sending it over the network is risky - a hacker might intercept it. If the key is stolen from either system the encryption is also compromised.

"To avoid this single-key issue, most strong encryption uses an asymmetric key methodology. The asymmetric approach uses two keys: a public key and a private key. The encryption algorithms are designed so that anything encrypted with the public key can only be decrypted with the private key. You send out the public key to anyone you want to send you encrypted information. Since only the private key can decrypt data, stealing the public key is useless. Of course, if you want two-way encryption, each party must send the other its public key. We refer to this method of public and private keys simply as public key encryption.

"Public key provides another big benefit beyond encryption: digital signatures. For certain types of transactions, you don't need encryption, but you would like to know that the data is actually coming from the person or source that you think is sending it. A digital signature is a string of characters created by running an algorithm on the private key and a special value of the data called a hash. The person receiving the signature then uses the public key to generate what's called a digest and compares the two values. If they are the same, you can be certain that they came from the person holding the private key!

"Digital certificates are public keys signed with the digital signature from a trusted third party called a certificate authority (CA). Web sites pay these CAs hundreds of dollars per year just for the CA to sign the web site's digital certificates. The predominate CA for secure web sites is Verisign (www.verisign.com). Certificates are interesting in that they are one of the few parts of the HTTPS protocol that you can actually see if you want. Go to any secure web site and look for the small lock icon that appears at the bottom of the web browser. Click the lock to see the certificate."

 

Line

 

Padlock Links:

  1. All Nettools Privacy Stuff
  2. Aixs Anonymous Surfing
  3. ANON.XG.NU's Type I Web Remailer - with SSL Encryption
  4. ANON.XG.NU's Type II Web Remailer - with SSL Encryption
  5. Anonymizer Anonymous Surfing (January 2001 Note: They may be keeping access logs for 20 days)
  6. Anonymouse Anonymous Surfing
  7. CipherSaber homepage
  8. Computer Stuff
  9. Controlling Cookies
  10. CrackSpider
  11. Cryptography defined
  12. Domain ownership privacy
  13. EFF - Electronic Frontier Foundation
  14. Go Proxy Secure Online Surfing
  15. Hide your IP address
  16. International PGP Home Page
  17. John Doe Privacy page
  18. MagusNet Public Proxy Server
  1. MIT PGP Distribution Center
  2. Network Associates PGP Certificate Server
  3. Perl
  4. Philip Zimmermann creator of PGP
  5. Privacy Net Privacy Analysis of your Internet Connection
  6. Proxy Portal Anonymous Surfing
  7. Proxys-4-All Internet Privacy
  8. Reinhold's Diceware Passphrase page
  9. Rewebber
  10. Riot Anonymous Remailer - with SSL Encryption
  11. RSA Security
  12. Silenter Anonymous Surfing and optional Email newsletter
  13. security.tao.ca
  14. Spooks and Spies
  15. TOR - Anonymity Online
  16. Unix
  17. Web Proxy- No DNS or Browser caching, FTW
  18. What's My IP Address

 

Line

 

Back Back to Roger J. Wendell's Home Page...

Web Counter Logo

 

Abbey | About | Blog | Contacting Me | Copyright | Disclaimer | Donate | Guest Book | Home | Links | Site Index | Solutions | Terms, Conditions and Fair Use | What's Changed or New?
Copyright © 1955 -