1991 年,Phil Zimmermann创建了Pretty Good Privacy ( PGP ),这是一个密码程序,第一次为普通人提供了接近军用级的加密。多年来,PGP的源代码被发布,一个开放的标准——Open(PGP) PGP——最终诞生了。这为无数开源产品开辟了道路,这些产品继续提供一些可用的最佳密码学。
谁应该使用 OpenPGP
纵观PGP和一般加密的历史,有无数批评者提倡这样一种理论,即只有那些有恶意隐藏的人才有理由使用如此强大的加密。事实上,在其最初开发后不久,当PGP发现自己在美国境外时,(PGP)齐默尔曼发现自己成为(Zimmermann)美国政府(US Government)调查的目标,违反了禁止出口这种强大加密的法律。
事实上,一个人应该使用加密的原因有很多,尤其是在数字通信的背景下。虽然许多人认为电子邮件是一种相对私密和安全的东西,但除了少数例外,没有什么比事实更离谱的了。
电子邮件(Email)更像是一张明信片,而不是一封私人的、密封的信件。就像(Just)一张明信片通过多个仓库、邮局、邮车和个人手中(其信息一目了然)一样,一封电子邮件在从发件人到最终收件人的途中经过无数个单独的服务器。
在此过程中,不道德的服务器运营商可以查看此类电子邮件的内容,而发件人或收件人无法知道他们的隐私已受到损害。
虽然在分享可爱的宠物视频或您最喜欢的新食谱时这无关紧要,但当家庭成员讨论财务问题或健康问题、高管讨论公司内部政策、程序员与他人共享源代码时,风险会变得更高开发人员,或任何数量的合法情况,在这些情况下,能够以安全和私密的方式交流和共享信息甚至文件很重要。
正是这些情况使OpenPGP成为任何关心隐私和安全的人的重要工具。
这个怎么运作
OpenPGP的核心是一个公钥密码系统。这种加密使用公钥/私钥对来加密和解密数据。使用公钥密码术,一旦数据用公钥加密,只有相应的私钥才能解密它。
当您第一次安装OpenPGP客户端时,系统会提示您创建一个密钥对集并将您的公钥上传到密钥服务器,从而允许人们通过您的姓名或关联的电子邮件地址来搜索它。
此外,由于包含的数字签名, OpenPGP还可以帮助个人验证消息或加密文件的真实性和完整性。(OpenPGP)许多软件公司将在其软件安装程序中包含PGP数字签名,客户可以检查以验证下载的完整性,并帮助确保它没有被篡改或破坏以包含恶意代码。
如何使用它
尽管 OpenPGP 很有价值,但阻碍其广泛采用的一件事是易于使用。像许多强大的应用程序一样,它的进入门槛有时可能比许多用户想要处理的要高。
虽然有无数的OpenPGP客户端——远远超出本文的范围——下面的步骤应该提供安装和使用OpenPGP的一般指南。
下载客户端
下载OpenPGP客户端时,第一个选择是决定是从 Symantec 下载商业 PGP(PGP from Symantec),还是使用可用的免费开源客户端(free, open source clients)之一。
一般来说,商业应用程序提供最精简和最精致的体验,可选择Mac、Windows和 iOS,而开源客户端则增加了对Linux和Android的支持,更不用说是免费的了。
创建密钥
下一步是创建您的公钥/私钥。您将被要求提供您的姓名和电子邮件地址,以及您将输入加密和解密数据的密码。
虽然有几种算法可用于创建密钥,但对于大多数人来说,为签名和加密选择默认的RSA算法是最佳选择。密钥越大,加密越强。截至发布时,2048 位密钥已被分解或破解,尽管所需的资源远远超出了实际应用,使得 2048 位密钥对于中等安全需求仍然可行。
由于 4096 位密钥的强度几乎比 2048 位强,因此在可预见的未来,4096 位密钥被认为是不可破解的。
上传密钥
创建密钥后,下一步是上传您的公钥,以便其他人可以找到它。上传您的密钥后,任何拥有OpenPGP客户端的人都可以根据您的电子邮件地址搜索您的密钥,并使用它来加密只有您可以打开的电子邮件和文件。
您还可以直接将您的公钥通过电子邮件发送给您经常与之通信的个人,以便他们可以使用它来加密发给您的文件和电子邮件。
(Integrate)与您的电子邮件应用程序(Your Email Application)集成
由于加密电子邮件是OpenPGP加密的基本用途之一,下一步是与您选择的电子邮件程序集成。许多软件包(例如GPGTools 的 GPG Suite)会(GPG Suite by GPGTools)自动为流行的电子邮件客户端安装插件,包括Apple Mail、Microsoft Outlook或Mozilla Thunderbird。
在向您拥有其PGP密钥的人发送电子邮件时,您的OpenPGP软件应提供加密和/或签名电子邮件的选项。同样(Likewise),当收到一封使用您的公钥加密的电子邮件时,该软件会提示您解密该邮件。
毫无疑问,OpenPGP加密对于消费者和专业人士来说都是一个强大的工具。尽管学习曲线可能比许多人习惯的要陡峭,但好处是值得的。
无论是在危险环境中工作的记者、讨论敏感内部政策的商人、共享代码的开发人员还是通过电子邮件相互发送私人信息的家庭成员,OpenPGP都能为用户提供近乎军用级加密的安心。
How to Use OpenPGP to Secure Email
In 1991, Phil Zimmеrmann created Pretty Goоd Privacy (PGP), a cryptоgraphic program that, for the first tіme, gave the average individual near military-grade еncryption. Оver the years, PGP’s ѕource code was released and an open standard—OpenPGP—was eventυаlly born. This opened the way for a myriad of opеn source products that continue to offer some of the best cryptographу available.
Who Should Use OpenPGP
Throughout the history of PGP, and encryption in general, there have been countless critics promoting the theory that only those with something nefarious to hide have any reason to use such strong encryption. In fact, shortly after its initial development, Zimmermann found himself the target of an investigation by the US Government when PGP found its way outside the US, violating laws forbidding the export of such powerful encryption.
In point of fact, there are many reasons why a person should use encryption, especially in the context of digital communication. While many people think of email as something relatively private and secure, with few exceptions, nothing could be further from the truth.
Email is more akin to a postcard than a private, sealed letter. Just as a postcard makes its way through multiple depots, post offices, mail trucks and individual hands—with its message plain to see—an email travels through a myriad of individual servers en route from the sender to the ultimate recipient.
Along the way, an unscrupulous server operator could view the contents of such emails, with no way for the sender or recipient to know their privacy had been compromised.
While this is of little concern when sharing a cute pet video, or your favorite new recipe, the stakes become much higher when it’s family members discussing financial issues or health concerns, an executive discussing an internal corporate policy, a programmer sharing source code with another developer, or any number of legitimate situations where it’s important to be able to communicate and share information, or even files, in a secure and private manner.
It is just these kind of situations that makes OpenPGP an important tool for anyone concerned with privacy and security.
How It Works
At its core, OpenPGP is a public-key cryptography system. This kind of cryptography uses a public/private key-pair to encrypt and decrypt data. With public-key cryptography, once data is encrypted with a public key, only the corresponding private key can decrypt it.
When you first install an OpenPGP client, you’re prompted to create a key-pair set and upload your public key to key servers, allowing people to search for it by your name or associated email address.
In addition, OpenPGP also helps individuals to verify the authenticity and integrity of a message or encrypted file thanks to the included digital signature. Many software companies will include a PGP digital signature along with their software’s installer that customers can check to verify the integrity of a download, and help ensure it hasn’t been tampered with or compromised to include malicious code.
How to Use It
In spite of OpenPGP’s value, the one thing that has stymied its widespread adoption is ease-of-use. Like many powerful applications, its barrier-to-entry can sometimes be higher than many users want to deal with.
While there are a myriad of OpenPGP clients—far more than the scope of this article can cover—the steps below should provide a general guide to installing and using OpenPGP.
Download a Client
When downloading an OpenPGP client, the first choice is deciding whether to download the commercial PGP from Symantec, or use one of the free, open source clients available.
Generally, the commercial application offers the most streamlined and polished experience, with options for Mac, Windows and iOS, while the open source clients add support for Linux and Android, not to mention being free-of-charge.
Create the Keys
The next step is to create your public/private keys . You will be asked for your name and email address, as well as the password you will enter encrypting and decrypting data.
While there are a couple of choices of algorithms to use for creating the keys, for most individuals, choosing the default RSA algorithm for both signing and encrypting is the best option. The larger the key, the stronger the encryption. As of the time of publication, 2048-bit keys had been factored, or hacked, although the resources required were well beyond practical application, making a 2048-bit key still viable for moderate security needs.
Since a 4096-bit key is almost exponentially stronger than 2048-bit, a 4096-bit key is considered unhackable for the foreseeable future.
Upload the Key
Once your keys have been created, the next step is to upload your public key so other individuals can find it. Once your key is uploaded, anyone with a OpenPGP client will be able to search for your key based on your email address and use it to encrypt emails and files that only you can open.
You can also directly email your public key to individuals you regularly communicate with so they can use it to encrypt files and emails destined for you.
Integrate With Your Email Application
Since encrypting email is one of the fundamental uses for OpenPGP encryption, integration with your email program of choice is the next step. Many packages—such as GPG Suite by GPGTools—will automatically install a plugin for popular email clients, including Apple Mail, Microsoft Outlook or Mozilla Thunderbird.
When emailing someone whose PGP key you possess, your OpenPGP software should give the option to encrypt and/or sign the email. Likewise, when receiving an email that has been encrypted using your public key, the software will prompt you to decrypt the message.
Without a doubt, OpenPGP encryption is a powerful tool for consumers and professionals alike. Although the learning curve may be a little steeper than many people are accustomed to, the benefits are well worth it.
Whether a journalist working in a dangerous environment, a businessman discussing sensitive internal policy, developers sharing code or family members emailing each other private information, OpenPGP provides its users the peace-of-mind that comes with near military-grade encryption.