Appendix B. Getting Started with Gnu
Privacy Guard
Have you ever wondered if your email can be read during its
transmission from you to other people, or from other people to you?
Unfortunately, complete strangers could conceivably intercept or
even tamper with your email.
In traditional (also known as "snail") mail, letters are usually
sealed within envelopes, stamped and delivered from post office
branch to branch until they reach their destination. But sending
mail through the Internet is much less secure; email is usually
transmitted as unencrypted text from server to server. No special
steps are taken to protect your correspondence from being seen or
tampered with by other people.
To help you protect your privacy, Red Hat Enterprise Linux 4
includes GnuPG, the GNU Privacy Guard,
which is installed by default during a typical Red Hat Enterprise
Linux installation. It is also referred to as GPG.
GnuPG is a tool for secure communication; it is a complete and
free replacement for the encryption technology of PGP (Pretty Good
Privacy, a widely popular encryption application). Using GnuPG, you
can encrypt your data and correspondence as well as authenticate
your correspondence by digitally signing
your work. GnuPG is also capable of decrypting and verifying PGP
5.x.
Because GnuPG is compatible with other encryption standards,
your secure correspondence is probably compatible with email
applications on other operating systems, such as Windows and
Macintosh.
GnuPG uses public key cryptography to
provide users with a secure exchange of data. In a public key
cryptography scheme, you generate two keys: a public key and a
private key. You exchange your public key with correspondents or
with a keyserver; you should never reveal your private key.
Encryption depends upon the use of keys. In conventional or
symmetric cryptography, both ends of the transaction have the same
key, which they use to decode each other's transmissions. In public
key cryptography, two keys co-exist: a public key and a private
key. A person or an organization keeps their private key a secret,
and publishes their public key. Data encoded with the public key
can only be decoded with the private key; data encoded with the
private key can only be decoded with the public key.
 |
Important |
| |
Remember that your public key can be given to anyone with whom
you want to communicate securely, but you must never give away your
private key.
|
For the most part, cryptography is beyond the scope of this
publication; volumes have been written about the subject. In this
chapter, however, we hope you gain enough understanding about GnuPG
to begin using cryptography in your own correspondence. If you want
to learn more about GnuPG, PGP and encryption technology, see
Section B.8
Additional Resources.
B.1.
Configuration File
The first time you run a GnuPG command, a .gnupg directory is created in your home directory.
Starting with version 1.2, the configuration filename has change
from .gnupg/options to .gnupg/gpg.conf. If .gnupg/gpg.conf is not found in your home
directory, .gnupg/options is used. If you
only use version 1.2 or higher, it is recommended that you rename
your configuration file with the following command:
mv ~/.gnupg/options ~/.gnupg/gpg.conf
|
If you are upgrading from a version prior to 1.0.7, you can
create signature caches in your keyring to decrease the keyring
access time. To perform this operation, execute the following
command once:
gpg --rebuild-keydb-caches
|
