Hardeep Singh wrote: > 1. While creating the key, I noticed RSA is sign only. Does it mean an > RSA key cannot be used to encrypt? Why so - even RSA is now in public > domain I believe. PGP (the free version) also allows RSA keys.
No, it does not mean that you *can't* use RSA to encrypt. You would generate an RSA signing only key, then generate an RSA encryption subkey using the gpg --edit-key command. This way, you can have (for example) a 1024 bit RSA signing key with a 4096 bit RSA encryption key if you wish. Hardeep Singh wrote: > The algorithm used instead by GnuPG is "DSA and Elgamal' which I > havent heard of and dont know if they are equally secure. Are these > compatible with PGP? They are simply the default key types with GnuPG. The DSA key is the signing key and it can only be 1024 bits. The Elgamal key is an encryption key, and it is the size that you specify. Both DSA / Elgamal and RSA are compatible with PGP 5 and above. Hardeep Singh wrote: > 2. What happens if I loose the pendrive? They would not know the > password but they would have the secret key. Does it make it easier > for them to hack the messages I have already received, and possibly > the encrypted files I have stored on the same pendrive? Put quite simply, yes. If they have a copy of your private key, hackers only need to find your passphrase to compromise all of your previously secured communications. Using a dictionary attack on the key, they are far more likely to break the security of your emails and files. If you do ever lose your pendrive with secret keys on it, I would recommend that you revoke the keys you lost and create a new key pair. Hardeep Singh wrote: > 3. Is there a wipe function or a wipe software also available from Gnu > similar to the one offered by PGP? I need one that can be run from a > pendrive without installation. There are several free, open source wiping programs available, but these are not entirely useful when you are using a flash memory pen drive. In order to prolong the life of flash memory, all data is written to a random "sector" on the drive and this is controlled by a low-level controller over which the operating system of the host PC has no control. Therefore to absolutely securely remove data from a flash drive, you would need to delete the file then run a "free-space" wipe of the memory. You may be interested in Mobility Email (available at http://www.mobilityemail.net) - this is an open source mail client based on Mozilla code, and has built-in OpenPGP email encryption support. It is designed to run from a removable drive, so the disk letter does not matter and you can therefore use it on multiple computer terminals. It also supports profile locking and secure wiping of the disk if you choose to enable it. This encrypts your mail profile using AES symmetrical encryption (with a user-specified passphrase), deletes the unencrypted profile from your disk, then performs a "free-space wipe" of the memory, ensuring excellent security even if you lose the flash disk. This is quite a time-consuming process though, and may not be necessary for every-day use - this is why we included the option so that the users decide what level of security to use. I would highly recommend that you try it and form your own opinions - it's free, open source software and is compatible with Windows and Linux running WINE. Hope this helps, Adam -- e-ignite: <http://www.e-ignite.co.uk> OpenPGP Key: 0x4B45F6F5 <http://www.e-ignite.co.uk/pubkey.asc>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
