On Sunday 20 August 2006 6:31 am, Caitlin wrote: > Hi all.
Hi and welcome :-) > Ok. I'm quite interested in GnuPG but I felt compelled to ask a few > questions. Ready? > > 1). My roommate and I share a WinXP box. If I install GnuPG 1.4.5 on > it, would this represent a potential security concern? There should be no security problems. Only you will know your passphrase, but if you let anybody have access to your passphrases, then they will be able to decrypt messages on your box. I take it that you use different (passworded) accounts and therefore you would not normally gain access to the data of your roommate, and he/she not your data. To keep things extra secure, however, I would keep your keyring separate and download it into your machine before use and delete the keyring on ending your session. > 2). Would I have to copy and paste encrypted messages received via > email to a disk (for example) then transport them to the machine > mentioned in #1 for decryption? Depending upon the email program you use, this should be done automatically. I would suggest you use Thunderbird as your email program with the Enigmail extension to handle GnuPG, but you may wish to stick with another. Just make sure it supports the OpenPGP standard. > 3). If a security issue arises with the version of GnuPG I'm using, > what happens to my keyring, private key, etc. when I upgrade? I'm > assuming I would have to send my friends/associates a newly generated > public key so we could resume communication? People are trying all the time to find chinks in GnuPG's armour in order that the security and stability of the program is maintained. They do occasionally find chinks and as these are reported to the GnuPG developers a new version is very quickly out. It all depends on the security risk, but I have never had to generate new keys for this purpose in the six years I've been using GnuPG. There is an OpenPGP standard to which GnuPG adheres, so there shouldn't be any reason why your keyring, private keys, etc can't be used with a new version of GnuPG. > 4). How secure (generally speaking) is installing GnuPG on a flash > drive and using it for all GnuPG related activity? I'm a college > student and security on the campus network is clearly of paramount > importance. As I am (although a VERY mature student!). There is no problem with security (other than general problems with Windows security) in using a flash drive. It all depends if you are using a machine that will recognise your flash drive. What I do under Linux is carry my keyring on an SD/MMC card and connect a card reader to the USB port of the machine. It is then recognised as a mass storage device. I point the email program to GnuPG and my keyring at its location. I'm not sure how I would do it under WinXP, but you might like to look up WinPT, a front end for GnuPG on Windows. -- Graham
pgpvzQqBGBSP2.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
