On Tue, Oct 4, 2011 at 8:26 PM, Greg Sweers <gswe...@acts360.com> wrote: > Are these programs assuming that I have a certificate already...
GPG (GNU Privacy Guard) implements the OpenPGP standard. You can generate your own certificate (keypair) locally. Indeed, in "classic" PGP, this is the way it was usually done. Everyone generated their own keypair, and exchanged public keys. (Maybe you got your public key signed by others, to build a "web of trust", but that's optional.) PKI came later to PGP. Alice generates a keypair -- public and private keys, which go together. Alice sends her public key to Bob. Alice writes a message, signs it with her private key, and mails that to Bob. Bob uses Alice's public key to authenticate the message. Bob takes a file, encrypts it with Alice's public key, and sends it to Alice. Alice uses her private key to decrypt the message. If Bob also sends a public key to Alice, they can do encrypted, authenticated mail. Alice encrypts her message with Bob's public key, and signs it with her private key. Only Bob can read it, and Bob can be sure Alice wrote it. All that said: Encryption can be a very bumpy road. A lot of people expect it to be like a toaster, where you plug it in and it works. Not so. Everyone has to be on the same page -- and the same set of standards and options -- for anything to work. The entity giving you the crypto requirement should really be giving you a detailed, formal spec. I can't count how many times someone at %WORK% has come to me saying %CUSTOMER% wants us to do crypto with them. I start asking the needed questions, and without fail, the customer end goes, "Oh, you mean I don't just have to click a button? Then never mind." -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
