2 local user-ids, 2 distinct key pairs but only 1 user-id can sign.
Hi list, this is my first message here. Firstly, thank you Werner Koch and collaborators for such a superb software. More than an enthusiast on cryptography, I am a Brazilian citizen, concerned with the privacy and authenticity "components" involved in information exchange transactions (not only in digital format). Mainly, I'm concerned with the proper degree into which privacy and authenticity can contribute to a fair relationship between society and government. Digressions left aside, I've been using GnuPG for a while both in Linux distros and in Windows XP, without facing big issues. Until now. Let me depict the situation. OS: Windows XP Home SP3. GnuPG version: 1.4.7 I have already generated a GnuPG key pair with ELG-E and DSA and everything was working fine. I was able then to sign files, simply with (e.g.): (1) gpg --clearsign "myfile.txt" by the time I generated a second key pair (again with ELG-E and DSA) to a new, distinct "user-id", this problem took place. Now, I want to sign some stuff with the new local user id's private key, and I try the command (e.g.): (2) gpg --local-user "[NEW_ID_NAME]" --clearsign "somefile.txt" and it prompts me NOT for a passphrase, nor does it even create an empty "asc" file. Instead, it only returns the message: usage: gpg [options] [filename] So far, I can only sign files with (1), using the first private key my GnuPG installation generated, which represents sort of a default-and-only usable "user-id". Is it expected? Am I missing something? Is it possible to sign files with my second "user-id"? Regards, -- Marcio Barbado, Jr. -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.7 (MingW32) mQGiBEf7wCkRBACqxVrmFHTHcOWveexwm2kTl+ZcbV7ceRBYfLKxtWI6EjF/leo6 g/KWzy4LxUUesuYUHoPBwPnI329c6PyK8PYvCe+u/y5xx/3308Tu70QPC8A/s23h nVE+oyuBK1gJA35YraN/t5d6U9IgQlv18/Z/HlVIxi7FWSCcxnSIXd2FVwCgxOlx Fq9Hskp8knV+suo64SAIz3cD/j5HFXSwTQdfeSUDd7IZCyx1Ys7A2DE+qdrmITGZ 3lT3etwQhg9y4pz9eLETCY/OwlM80rC38p3kOR1cOohzOzjWqekihwZhgsKQ/tmU C9widY8jyAb36noyKDpvlpeZgnnZHyHeRY/JyElja3QmbRAbw7KQ1/gyo1MnDs43 TEUMBACQ2tueaRcWSLgV9E2bLZsCWfb3ctENJS1edtUyIm5K3fiHPq8c0sikjMfk 8AXpDUxtYuq3fWYFJITzcvUzQ7xOOdcZwpz4iVTaWFi5z5G5hFE8Li9KpBZzNDDt dUSzWTFQQWxg+YOT7D8KlVOhGIukHgP/6NQ+SHtjFnQOAGNGnLQ4TWFyY2lvIEJh cmJhZG8gSnIgKE0uIEIuIEpyLikgPG1hcmNpby5iYXJiYWRvQGdtYWlsLmNvbT6I ZwQTEQIAJwUCR/vAKQIbAwUJEswDAAcLCQgHAwIBBBUCCAMEFgIDAQIeAQIXgAAK CRCEiHeSH42A520XAJ44AMyXD9clAjywi0cAj4qlY/aOWQCfStjASaNt8bpYffXm a6HeUYe9vv65AQ0ER/vAKRAEALRZYdVRRWSq2zr7DA49mCXEfdnRm1Q453+2vZrQ TmR055xC8kP+O8fWG6HvdP2E8ZSMBoazi6PWZGTdmta3iB9XhOyIKUYd8sy2F2DF hlXGFT+FZhwIsXdHJC4HyMGI3O6rD8p0wYsKlY0/+EVT5+BlWchms8b28gA8Npr9 MrXjAAMGBACuqjWszoffs2s/UL3T/R5Y4636yEy0AEZh9F8ZtU2Zdlywn/Hppn9+ B5kc4Y9EKaWP1gLCts/lf9d1IiP1TBaOHEYFvAPdh8mig6I71p+WyNxiHvGXsAYC fzdaxMcRx/W3jX14X00JXVV4tjEuKmZ2rNUj48wP9G8WJsiWGgMqF4hPBBgRAgAP BQJH+8ApAhsMBQkSzAMAAAoJEISId5IfjYDnlEUAnAzbvvUe6ejY+EjdeahvtpKd cBqGAKCJeyTb0aOTXiqx28LNr87QAlW/gw== =BYoa -END PGP PUBLIC KEY BLOCK- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2 local user-ids, 2 distinct key pairs but only 1 user-id can sign.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Erik and Charly, thanks to you, I realized the problem was all about the argument I was giving the "--local-user" option. I was using the uid name (not a system account username) whereas I should have used the key id. Well, now it worked =) On Tue, Aug 18, 2009 at 3:56 PM, Erik Lotspeich wrote: > I have two key pairs: one for my personal e-mail and one for work, so I > am in a similar situation as you are. > > I switch between the two with the "--default-key" option to GPG and give > it my key ID as an argument (you can set this in your gpg.conf too). > > Even after looking at the man page, I'm not entirely clear what "name" > the "--local-user" option is after (e.g. is it a name of a local user on > the system, or is it the uid name on the key). > > Regards, > > Erik > > M.B.Jr. wrote: >> Hi list, >> this is my first message here. >> >> Firstly, thank you Werner Koch and collaborators for such a superb software. >> >> More than an enthusiast on cryptography, I am a Brazilian citizen, >> concerned with the privacy and authenticity "components" involved in >> information exchange transactions (not only in digital format). >> Mainly, I'm concerned with the proper degree into which privacy and >> authenticity can contribute to a fair relationship between society and >> government. >> >> Digressions left aside, I've been using GnuPG for a while both in >> Linux distros and in Windows XP, without facing big issues. Until now. >> Let me depict the situation. >> >> OS: Windows XP Home SP3. >> GnuPG version: 1.4.7 >> >> I have already generated a GnuPG key pair with ELG-E and DSA and >> everything was working fine. >> I was able then to sign files, simply with (e.g.): >> >> >> (1) gpg --clearsign "myfile.txt" >> >> >> by the time I generated a second key pair (again with ELG-E and DSA) >> to a new, distinct "user-id", this problem took place. >> >> Now, I want to sign some stuff with the new local user id's private >> key, and I try the command (e.g.): >> >> >> (2) gpg --local-user "[NEW_ID_NAME]" --clearsign "somefile.txt" >> >> >> and it prompts me NOT for a passphrase, nor does it even create an >> empty "asc" file. >> Instead, it only returns the message: >> >> usage: gpg [options] [filename] >> >> So far, I can only sign files with (1), using the first private key my >> GnuPG installation generated, which represents sort of a >> default-and-only usable "user-id". >> >> Is it expected? Am I missing something? Is it possible to sign files >> with my second "user-id"? >> Thank you very much, - -- Marcio Barbado, Jr. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iD8DBQFKi0NThIh3kh+NgOcRAiYqAJ9EoZhxqXmf/CWurxfBQ3WPdkg0vQCdEE4m OEfsumdFF+sMnxtKNv4n+kA= =g3Xa -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
encrypting compression algorithms
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, when symmetrically encrypting a file, e.g.: $ gpg --output file.ods.gpg --symmetric file.ods the command above generates a "gpg" extension encrypted AND compressed file, is that correct? How do I know which compression algorithm was used? How can I force any other available algorithm? Regards, - -- Marcio Barbado, Jr. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iD8DBQFKoUVbhIh3kh+NgOcRAokMAKC8cHDZsPAVBdewgZspneqpexxTAwCdFGZ2 QRPvKTZbGx4+KkAiwl7IOJM= =/Yuj -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: encrypting compression algorithms
Hi David, thank you. On Sat, Sep 5, 2009 at 1:11 PM, David Shaw wrote: > On Sep 4, 2009, at 12:53 PM, M.B.Jr. wrote: > >> How do I know which compression algorithm was used? > > Unless you've overridden the default, it is ZIP. > Ok but in this point, my doubt is about some command to check whether a "gpg" extension file is compressed and in case it is, which algorithm was used. Like (just an example): $ gpg --check-compression file.gpg Is there something like that? Regards, Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
IDEA patent vs the recent USPTO memorandum
Hi list, I've recently had access to this document, written by the "United States Patent and Trademark Office" (USPTO) which basically tries to ban software patents. The memorandum is here: http://www.uspto.gov/web/offices/pac/dapp/opla/2009-08-25_interim_101_instructions.pdf the case is, I'm really interested in reading your opinions of what this could mean to optional OpenPGP ciphers like IDEA. Regards, Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IDEA patent vs the recent USPTO memorandum
Gentlemen, I really appreciate the comments you've made on the subject and the little debates as well. That was exactly what I was expecting. Sometimes, regular users do not have the proper notion of whether some functionality merits attention. All in all, it looks like IDEA, even if totally freed, is sentenced to gradual abandonment. Is this perception of mine correct? Regards, On Mon, Sep 21, 2009 at 4:48 PM, David Shaw wrote: > On Sep 21, 2009, at 2:30 PM, Johan Wevers wrote: > >> David Shaw wrote: >> >>> If the "some people" still want this, I haven't seen it in a good long >>> while. Possibly they gave up asking. >> >> Probably. However, if someone wants IDEA support for whatever reason there >> is still the IDEA plugin. It still works with GnuPG 1.4.10 for both Linux >> and Windows, although I have not tested it with the 2.0 versions. > > There is IDEA support (as this is part of OpenPGP, albeit with patent > issues), but no V3 key generation support. > >>> To say nothing of the fact that compliant OpenPGP implementations are >>> explicitly banned from generating RFC-1991 keys. >> >> Why is that? Forced upgrading? > > I recall it was not so much forced upgrading, as a general feeling of > "enough already". If you take a look at the ietf-openpgp archives for > 2003-2004, you'll see a few discussions around it. Mind you, the statistics > we played with at the time (4-5 years ago) showed that over 90% of keys on > the keyservers were V4. I doubt that number has gone anywhere but up since > then. > > Another way to look at it is that the new wording around V3 keys (including > the no-generate rule) enables someone to write an OpenPGP implementation > that has no V3 support whatsoever (something which wasn't doable in > RFC-2440). > > David > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two tidbits of potential interest
Hi David, about the first "tidbit": On Tue, Sep 22, 2009 at 6:08 PM, David Shaw wrote: > First of all, someone has factored a 512-bit RSA key (the one used to > protect a TI programmable calculator, it seems). It took 73 days on a > dual-core 1900Mhz Athlon64. It took just under 5 gigs of storage and around > 2.5 gigs of RAM. In other words: not much at all. It's not some big > distributed project - rather it's a single guy who wanted to factor it and > just left it running in the background for 2 and a half months. (This is > actually a month old - forgot to send it before now). > > http://www.unitedti.org/index.php?showtopic= > dummy question: by factoring a public key integer, one can get somehow to its corresponding private key? Regards, Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two tidbits of potential interest
On Thu, Sep 24, 2009 at 2:21 PM, David Shaw wrote: > On Sep 24, 2009, at 12:30 PM, M.B.Jr. wrote: > >> Hi David, >> >> about the first "tidbit": >> >> >> On Tue, Sep 22, 2009 at 6:08 PM, David Shaw wrote: >>> >>> First of all, someone has factored a 512-bit RSA key (the one used to >>> protect a TI programmable calculator, it seems). It took 73 days on a >>> dual-core 1900Mhz Athlon64. It took just under 5 gigs of storage and >>> around >>> 2.5 gigs of RAM. In other words: not much at all. It's not some big >>> distributed project - rather it's a single guy who wanted to factor it >>> and >>> just left it running in the background for 2 and a half months. (This is >>> actually a month old - forgot to send it before now). >>> >>> http://www.unitedti.org/index.php?showtopic= >>> >> >> >> dummy question: >> >> by factoring a public key integer, one can get somehow to its >> corresponding private key? > > Yes, that's exactly what happens. If you factor the public key, you can > derive the private key. > Is this a generic asymmetric premise? I mean: is it valid both to the (computational) Mathematics behind OpenPGP's and X.509's public keys' integers? Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two tidbits of potential interest
Hi Werner, On Fri, Sep 25, 2009 at 6:19 AM, Werner Koch wrote: > On Thu, 24 Sep 2009 21:13, marcio.barb...@gmail.com said: > >> Is this a generic asymmetric premise? >> I mean: is it valid both to the (computational) Mathematics behind >> OpenPGP's and X.509's public keys' integers? > > Yes. All real world asymmetric algorithms are build on a hard so solve > computional problem. Factoring is such a hard problem and the RSA > algorithm is based on it. Another widely used hard problem is solving > the discrete logarithm, the DSA and Elgamal algorithms are based on it. > so, focusing on key pair generation, one could state RSA keys are built upon the product of large primes, which would put factoring as the main problem to be solved; whereas Elgamal keys are more complex than that, once it involves primes under the discrete logarithms' context. And as a conclusion, Elgamal problems would be harder to solve. Is it correct? Regards, Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
digital signature primary key and encryption subkey
Hi list, one lame confusion I'm facing now. I was reading GnuPG's "Signing Subkey Cross-Certification" page [1], and as a matter of fact, these two simple doubts did arise. Suppose one provides the command: gpg --gen-key and chooses the default "DSA and Elgamal" option. 1st doubt: DSA will be the basis for the primary key and Elgamal, the basis for the encryption subkey, is this assertion correct? if so, 2nd doubt is: both my public and private keys will be built upon my DSA primary key and my Elgamal encryption subkey? That's all. Regards, Marcio Barbado, Jr. [1] http://www.gnupg.org/faq/subkey-cross-certify.en.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: digital signature primary key and encryption subkey
Hi David, On Wed, Nov 18, 2009 at 1:21 AM, David Shaw wrote: > On Nov 17, 2009, at 10:00 PM, M.B.Jr. wrote: > >> both my public and private keys will be built upon my DSA primary key >> and my Elgamal encryption subkey? > > I'm afraid I don't really understand what you are asking. Your primary key > (DSA) has a public and private part, and uses the DSA algorithm. Your > subkey (Elgamal) has a public and private part, and uses the Elgamal > algorithm. Your subkey is signed by your primary key to indicate that they > belong together. Your answer certainly covered more than I expected. Thank you. So, public parts (from my primary key and my subkey) formed my public key and the same goes to the private parts and my private key. Is that correct? Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: digital signature primary key and encryption subkey
Thanks again, David. The last dumb question, I promise, would be: how can I see my primary key and my subkey as well? On Wed, Nov 18, 2009 at 12:38 PM, David Shaw wrote: > On Nov 18, 2009, at 8:49 AM, M.B.Jr. wrote: > >> Hi David, >> >> >> On Wed, Nov 18, 2009 at 1:21 AM, David Shaw wrote: >>> On Nov 17, 2009, at 10:00 PM, M.B.Jr. wrote: >>> >>>> both my public and private keys will be built upon my DSA primary key >>>> and my Elgamal encryption subkey? >>> >>> I'm afraid I don't really understand what you are asking. Your primary key >>> (DSA) has a public and private part, and uses the DSA algorithm. Your >>> subkey (Elgamal) has a public and private part, and uses the Elgamal >>> algorithm. Your subkey is signed by your primary key to indicate that they >>> belong together. >> >> >> Your answer certainly covered more than I expected. Thank you. >> >> So, public parts (from my primary key and my subkey) formed my public >> key and the same goes to the private parts and my private key. Is that >> correct? > > Yes. "Public key" is frequently shorthand for a number of public keys stuck > together with some OpenPGP glue, and the same is true for private keys. > > David Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)
Hi, On Sat, Nov 28, 2009 at 1:47 PM, David Shaw wrote: >> The question is: what does GnuPG or OpenSSH do to slow down >> password brute-force? I mean does the password derivation function use >> some iterations? If so how many? Can I configure them? I guess so but >> I couldn't find any data on the net on a quick search. (Any references >> are appreciated.) > > GnuPG (really OpenPGP) does iterated password hashing. See section 3.7.13 > "Iterated and Salted S2K" of RFC-4880 for the fine details, but the gist is > as you surmised - the passphrase is run through many hash iterations. This > slows down passphrase guessers as they must also repeat the hashing part the > same number of times. By default, GnuPG uses 65536 iterations of the > pasphrase hash, but can be configured via the --s2k-count option to be as > high as 65011712 iterations. Considering a password/passphrase, which has -- by default, its 65536th hash iteration result, locally stored for comparison. If I adjust (via --s2k-count) my GnuPG's iterations number, will it generate and store a new sum value for my actual passphase? Or for this passphrase specifically, it will continue working with the number of iterations used by the time the passphrase was created? Regards, Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
same key pair for more than one e-mail address
Suppose I'd like to "bind" the same key pair to more than one e-mail address. Is it recommended? Any comments will be greatly appreciated. Regards, Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to use an "offline" primary key
Hi list, I wish a great 2010 year for everybody! On Sat, Jan 2, 2010 at 11:09 AM, Sven Radde wrote: > Hello GnuPG-Users! > > With a new year comes a new keypair and this time I tried to use subkeys > to separate my secret primary key from the "day-to-day" > encryption/signing keys. Concerning Sven's statement about his primary key's secrecy, and something David Shaw explained to me a while ago, I ask you: is it possible to have a totally secret digital signature primary key? I mean, part of it will be inevitably public, won't it? Regards, Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secure unattended decryption
Hi Daniel, On Thu, Mar 18, 2010 at 8:50 AM, Daniel Eggleston wrote: > I know it's sort of a contradiction in terms, but hear me out: > > The case I'm looking at is a High Availability environment hosting a > database. The database is comprised of many Unix files, encrypted via AES, > on shared storage. If the node accessing the database loses enough of its > redundant hardware that it can no longer function as the database server, > control must failover to the secondary node. Since the client systems are > the priority, the goal is the shortest downtime possible. > > The encryption key for the databases is stored on-disk, encrypted with PGP > (Gnupg specifically). Sort of a conceptual remark at this point. See, this database password you refer to is a symmetrical one. And you stated you keep it on-disk, encrypted with GnuPG. So, is this last GnuPG encryption also symmetrical? If so, and if your DBA is GnuPG's password keeper, GnuPG's encryption would make little sense, considering you're concerned with "high availability". It would be more sensible to cease that encryption cascading (databases's AES + GnuPG's some supposedly symmetrical algo) and let your DBA carry somehow the AES clear text password, directly. Check your database's documentation. Perhaps it could maintain authentication after a failover. And chances increase in redundant environments, if the referred system depends only on its own encryption resources. Regards, Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
DRM -- digital rights management
Hi, I have this simple question (sorry for it), regarding "digital rights management". As I understand, DRM in essence is the use of asymmetric cryptography, which turns simple public keys into not-publicly-available public keys. Is it correct? Regards, Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fwd: [Full-disclosure] Introducing TGP...
Hello, there's this guy, named Timothy Mullen who recently released this TGP (Thor’s Godly Privacy) encryption utility for the cloud. Timothy wrote (note that his complete text goes forwarded below): "... I designed TGP with “encryption for the cloud” in mind. That means that not only does TGP do everything your normal PGP-type applications do, but it does things a bit differently – differently in a way that can change the way you work with your encrypted data. At the simplest level, this is done by encrypting data into byte arrays, and then converting those byte arrays into Base64 encoded text wrapped inside XML tags. In this way, not only do you get your typical file-based encrypted representation of your data, but you also get data that you can copy and paste directly into any email, mailing list, blog-page, or social networking site..." Have anyone tested it so far? How different can this XML wrapped byte array encryption be? Is this cloud oriented difference only about its XML capabilities? He continues: "... What I think is interesting about this is that if we choose to, we no longer have to be the custodians of our encrypted data – we don’t have to worry about actually housing the files: we can just post them to the internet and let someone else assume the burden of storing the files for us... I can do the same with my keys..." Is this crazy stuff? Maybe I'm the one who's getting crazy (and old) for not accepting this so called "cloud" trendy paradigm driven by "megacorporations" but that seems weird to me even if I think of combining this guy's proposal with, say, that Diceware methodology. Comments are really welcome. Thank you, regards, -- Forwarded message -- From: Thor (Hammer of God) Date: Sun, Jun 13, 2010 at 6:44 PM Subject: [Full-disclosure] Introducing TGP... To: "full-disclos...@lists.grok.org.uk" This is what I’ve been talking about... Here is the first part of the docs I wrote up - make sure you see that I'm not yet supporting huge files unless you have huge RAM. **.Net 4.0 Client profile is required to run this.** Right now the install bits are only available on the pilot site at: http://www.owa.hammerofgod.com in the downloads section. I have to wait on Raging Haggis to return from Canada before posting on www.hammerofgod.com . Here's a bit from the TGP Overview document included with the install and on the web site. Please read through it before asking silly questions. :) Also, feel free to hack it up as much as you would like. I know this is full disclosure, so feel free to zing them at me, or if you prefer, I can work with you on any issues you might have. Remember, this is totally free, so my ability to handle custom requests will be limited. For those looking to break it, I would look at fuzzing the XML documents and the "drag and drop public XML" parsing feature. If you have questions or challenges about any of the security, I would ask to keep it on the list so that everyone can get the full benefit of productive security development. The read-me should pretty much lay everything out for you. If not, we'll take it up from there. t TGP – “Thor’s Godly Privacy” 06/13/10 v1.1.06 TGP is a small yet very powerful encryption utility. With all eyes on “the cloud,” I decided to write an encryption application better suited to an environment where portability and security were, at the least, challenging. In cloud computing, not only is the use of file structures becoming more abstract, but the very concept of a “file server” is becoming more and more ubiquitous. As such, I designed TGP with “encryption for the cloud” in mind. That means that not only does TGP do everything your normal PGP-type applications do, but it does things a bit differently – differently in a way that can change the way you work with your encrypted data. At the simplest level, this is done by encrypting data into byte arrays, and then converting those byte arrays into Base64 encoded text wrapped inside XML tags. In this way, not only do you get your typical file-based encrypted representation of your data, but you also get data that you can copy and paste directly into any email, mailing list, blog-page, or social networking site. What I think is interesting about this is that if we choose to, we no longer have to be the custodians of our encrypted data – we don’t have to worry about actually housing the files: we can just post them to the internet and let someone else assume the burden of storing the files for us. If I want to share encrypted files with someone or secure my own files, all I have to do is TGP encrypt the data I want, and post it to a mailing list somewhere. In the case of a list like Bugtraq or Full Disclosure, the data is actually automatically replicated out to any number of archive sites, thus distributing my data for me. I can literally be anywhere in the world and just do a quick search for my post to r
