confirm blah, or why signing mail may be a good idea.

Thomas Stivers stivers_t at tomass.dyndns.org
Thu Mar 4 14:04:25 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/04/04 11:28 AM -0700, Steve Holmes wrote:
> I've seen PGP stuff in mail for years but never really grasped how one
> could really validate the key and such.  Can you point one to some
> intro docs to get us started? I don't want to have to read 10 volumes
> on advanced data encryption schemes  to get a clue but at least some
> basic steps on how to configure mutt / pine and how the process works
> and whether or not I should register my public key; that would be a
> pay service, would it not?  Any way, sorry for the dumb questions but

Its not a pay service, that's one of the big differences between pgp and
the signing/encrypting system that M$ products use.

> if it is all that valuable, I might as well get on board:).

The GNU Privacy Guard (gpg for short) is Gnu's tool which provides pgp
functionality. Pgp is a piece of commercial software, but it is also the
generic term for the openpgp system. Openpgp is defined in RFC2440. Now
that all that is out of the way to the good stuff. Most distributions,
or at least Redhat and Debian have gnupg packages. I don't remember
about slackware as it's been a few years sense I used Slackware. One way
or another you can install gnupg from source as you would any other
tarball. It is available at www.gnupg.org. To learn the basics and what
the point of signing and encrypting messages is the GNU Privacy Handbook
is a pretty good read. It can be found at
http://www.gnupg.org/gph/en/manual.html. I think it goes over the basics
pretty well. Once you have your keys created, backed up, and uploaded to
a keyserver like subkeys.pgp.net (hopefully that is all explained in the
GPH) you need to get mutt or pine configured to work with gpg. I am
using mutt, so I am more familiar with it, but I think if you google for
a package called pgp4pine or even just pgp AND pine there are several
different sets of scripts to make handling pgp in pine relatively
painless. For mutt if you put the contents of
/usr/share/doc/mutt/examples/gpg.rc in your .muttrc it should just work.
If it doesn't I can resend the relevant portion of my file (actually
Debian's /etc/Muttrc). It really isn't all that hard and you needn't
know the nuts and bolts of krypto to get a working setup. If you have
any more questions just let me know and I will try to help out. I am
just a user though, and don't really know all that much. Good luck.

- -- 
Clarke's Corollary:
Any technology distinguishable from magic is insufficiently advanced.
Thomas Stivers	e-mail: stivers_t at tomass.dyndns.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAR3255JK61UXLur0RAhmzAJ4sOz69LNYfd1qKCj5qj/7nrpK/3gCeIrdp
zidWoQ0a71NC7aotk5JHwKM=
=IxBw
-----END PGP SIGNATURE-----




More information about the Speakup mailing list