Hi Gami,
>>>>> "Dhruv" == Dhruv Gami <[EMAIL PROTECTED]> writes:
Dhruv> Hello Everyone, I've recently been experimenting with GPG
Dhruv> and created a nice gpg key for my email. Sent off my public
Dhruv> key to some of my friends and have been interacting with
Dhruv> some of them "secretly". Its quite a nice feeling to know
Dhruv> its secure.
Dhruv> I have a few queries though :
Dhruv> 1. How safe is it(GPG/PGP) really ? I believe its quite
Dhruv> safe... or am i living in a sense of false security ??
It's only as safe as the trust you assign to other peoples' keys.
Unless you have verified that the key that you're encrypting your
messages with actually belongs to the person you are sending the
message to, the message is potentially still insecure.
Verifying could be as simple as picking up the phone, dialing a number
and asking for his/her key fingerprint (for people you know) or could
include verification of drivers license, passport, etc for people you
don't know.
Dhruv> 2. I made my keys on a RH 8.0 box, and now plan to migrate
Dhruv> to debian. How do i take my keys along ? Do i simply export
Dhruv> them from here and import them there ? Would that work ? Or
Dhruv> should i also copy my .gnupg directory ? Or is there
Dhruv> something else that needs to be done ?
Just copy your .gnupg directory to the new system.
Dhruv> 3. Are there any rules/netiquettes for gpg/pgp keys ? Do i
Dhruv> need to publish my key somewhere ? Any servers ?
Yes, you can upload your key to keyserver.net.
Dhruv> 4. What is a key-signing party ? If many people on
Dhruv> linux-delhi have gpg/pgp keys, then maybe we should have
Dhruv> one in the next meet. I remember there being a key-signing
Dhruv> party a couple of years back when Raj had given a talk on
Dhruv> GPG. I was too young to understand all that then, but now i
Dhruv> realise what all he was talking about.
Maybe we can have a key-signing party at the next Meet. Let me read
the docs about what is required again.
The idea in a key-signing party is that everyone who participates
makes their GPG key finger print available beforehand. At the party
itself each person then brings proof of identity (e.g. passport) and
proves that s/he is who s/he claims to be. Once you are convinced of
that person's identity you go back home, sign the key that corresponds
to the fingerprint and upload it to the keyserver. Finally you end up
with a number of mutually-signed keys.
Dhruv> 5. Any other comments ?
GPG is actually used for two primary purposes: encrypting text
(privacy) and signing it (non-repudiability and identity). I find
both functions equally important.
Regards,
-- Raju
Dhruv> regards, Gami
--
Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/
It is the mind that moves
================================================
To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header.
Check archives at http://www.mail-archive.com/ilugd%40wpaa.org
