|
|
| Previous | Table of Contents | Next |
Other attacks are possible against PGP, but they are not discussed here. It has never been proven that the cryptographic algorithms used in PGP are secure. It is possible that the mathematics used in PGP, which are believed to be secure, may be simple to break. Factoring attacks against RSA could improve, or someone could find a hold in IDEA.
Not enough is known about the mathematics behind cryptography to know what is and is not secure. In fact, it is known that nothing can be completely secure. Given enough computer power it is possible to break any form of cryptography. The question is if the cost of the time and effort to break the code is worth the cost of the data that is being protected. Note that the cost of the effort to break a code will only decrease as time moves on because the computer power keeps increasing and costs continue to decrease. For now, the cryptographer is still ahead of the cryptanalyst.
PGP is an extremely useful program, but unfortunately it still is very difficult to use. It provides so much functionality that it has become cumbersome and confusing to new users. The current release of PGP is definitely not something that this author’s mother could use. However, there are a number of add-ons that can help.
Many people have written front-end applications or programs that provide additional features to make PGP easier to use, easier to integrate, or provide PGP with some useful additional functions. This chapter cannot include an exhaustive list, but does mention many of the most recent and most useful add-ons.
One problem with PGP is that it is difficult to find the public key for a person without first contacting him or her. If people who use PGP aren’t signing public postings, such as on Usenet, you need to be able to obtain public keys without interacting with everyone involved. The Public Keyservers serve this purpose.
The Public Keyservers are a network of machines that contain a list of all the published PGP public keys. You can publish your public key by sending it to any one of the keyservers. Because all the keyservers talk to each other, new keys and key updates are propagated to all the keyservers. When you want to obtain a key, you can access a keyserver and be sure the published key that matches the query will be there.
To update a key, the only thing you need to do is extract and send in the new key. The keyservers will merge the existing and new keys together. New signatures will be added to the existing key, and new userids will be prepended. Key revocations are treated the same way. Just send in the key with the revocation certificate and it will be propagated to all the keyservers, thereby revoking the key.
Warning: Keep in mind that keyservers are not trusted machines. You should never trust a key just because it came from a keyserver. Trust should be based solely on the signatures on the key, not on the basis of the keyserver.
Keyservers support only a few commands: Add, Get, MGet, Index, Verbose Index, and Help. All keyserver commands are sent in the subject of an e-mail message; the message body is ignored for all commands except Add. For the Add command, you must send your public keys (extracted using pgp -kxa, sent as plain text) as the message body. You can use the Get command to obtain a key from the keyserver by supplying an argument: “get userid”. Mget lets you request a number of keys using a regular expression. Index and Verbose Index let you search for keys that are available.
The easiest way to learn more about the public keyservers is to ask them for assistance. You can send a message to the keyserver network using the address <pgp-public-keys@keys.pgp.net>. Send an e-mail with a subject of “help” to obtain a full help message in response.
Because PGP can be so difficult to use for beginner users, PGPMenu was written to help people use PGP and to minimize the steep learning curve. PGPMenu is a menu-based interface for PGP’s message handling, key management, and configuration options.
The program was implemented for a Unix-based system. It is written in PERL, and is the only TTY-based interface—not a graphical interface. It might not be pretty, but PGPMenu provides an easy way for novices to s tart using PGP.
When the program starts, it reads in your PGP Configuration file and presents a menu of options. The main menu enables you to use the PGP message security operations. Most PGP operations are supported on this menu. You can also call up the key management or configuration menus.
The key management menu enables you to maintain key rings. You can add, sign, extract keys, send keys to the keyserver network, and even get keys signed via MITSign if it is available. Of course, PGPMenu can help you generate keys, and will even help select an appropriate username. The interface allows you to access the PGP functions without requiring you to remember the nuances of the PGP command-line interface.
The PGPMenu configuration menu also lets you control some of the values that can be stored in the config.txt file. You can change a number of configuration options and even save them to the config.txt file for later use.
More information about PGPMenu can be found on the World Wide Web via the following URL:
A number of front-end applications are available for Microsoft Windows that provide various interfaces to PGP. Unfortunately, there is no native Windows PGP application, so the front-end programs are the best interfaces for Windows users.
All windows front-ends are built on top of the DOS PGP executable. They read the text output messages from PGP and interpret them for the user. These messages can then be presented more graphically. This approach is a simple way to use PGP and to interface it with other programs.
So many Windows front-ends to PGP exist that it would take another chapter to describe them. A helpful list of PGP utilities is available on the World Wide Web through the following URL address:
PGP has been integrated into a number of mailers for various flavors of Unix. There are too many variations to go into all of them here, but suffice it to say that someone has either completed or is working on an integration tool for most major popular mailers.
As of this writing, it is known that interfaces exist and work for emacs mailers and the elm mailer agent(2.4pl24). Scripts that tie into pine and mh are also available. More information about these can also be found at the previous page on the World Wide Web:
For Macintosh users, a native MacPGP program can be used. Unlike the Windows front-end applications, MacPGP is a native PGP application with a Macintosh interface. This program enables you to directly operate on files. The best part about the recent versions of MacPGP is that it can interface to other programs using Apple Events. One such program is the Eudora mailer for Macintosh. Using Apple Events, Eudora can ask PGP to sign, verify, encrypt, or decrypt messages. This way the functions of PGP can be added to other applications.
More information about MacPGP can be found on the World Wide Web via the following URL:
| Previous | Table of Contents | Next |