view handout.tex @ 7:431e14ce74f8

Handout is done
author Josef "Jeff" Sipek <>
date Tue, 08 Aug 2006 18:54:58 -0400
line wrap: on
line source

% two sided printing


\title{\huge GPG\normalsize}
\author{Josef ``Jeff'' Sipek $<$$>$}

{\bf Cryptography}, n.

The science which studies methods for encoding messages so
that they can be read only by a person who knows the
secret information required for decoding, called the key

	\item Caesar cipher -- used by Julius Caesar to deliver messages to
	his generals. A simple substitution cipher which relied on the
	illiteracy of majority of people.
	\item ROT13 -- ``modern'' version of the Caesar cipher. It shifts
	all characters by 13 instead of 3. Since there are only 26 letters
	in the english alphabet, an interesting effect occurs: encryption
	and decryption are one and the same operation!

\subsection{Symmetric ciphers}
Both Caesar and ROT13 are \emph{symmetric} ciphers. That means that the same
key is used during both encryption and decryption.

Some modern symmetric ciphers include \emph{AES} and \emph{Blowfish}. Both
of these ciphers, with a good key are \emph{effectively} unbreakable with
today's technology \& mathematics.

The only problem with symmetric ciphers is the fact that the key has to be
agreed upon over a secure channel -- in-person meeting, trusted courier, etc.

\section{Asymmetric ciphers}
The solution to the problem is ``simple'' --- it is called \emph{asymetric}
ciphers. Asymmetric ciphers consist of 2 keys. One \emph{private} and the
other \emph{public}. The public key is exactly that, public. You can post it
on your website and not worry about a thing. The private key should be kept
secure at all times. The private key allows you to do all the cool things.

\subsection{Generating a key-pair}
Large random numbers are the basis of modern cryptography.

\epsfig{file=Public_key_making.eps, scale=0.45}

Such key-pair can be used to:
	\item Sign/Verify signature
		\item Sign with private key
		\item Verify with public key

\epsfig{file=Public_key_signing.eps, scale=0.45}

	\item Encrypt/Decrypt
		\item Encrypt with public key
		\item Decrypt with private key

\epsfig{file=Public_key_encryption.eps, scale=0.45}

\section{GPG commands}
\noindent{\bf Generate a new key-pair}:\\
\noindent{\texttt gpg --gen-key}\\

\noindent{\bf Sign a file}:\\
\noindent{\texttt gpg --clearsign \emph{filename}}\\
\noindent{\texttt gpg -a --sign \emph{filename}}\\

\noindent{\bf Verify a signature on a file}:\\
\noindent{\texttt gpg --verify \emph{filename}}\\

\noindent{\bf Encrypt a file}:\\
\noindent{\texttt gpg --encrypt \emph{filename}}\\
\noindent{\texttt gpg -a --encrypt \emph{filename}}\\

\noindent{\bf Decrypt a file}:\\
\noindent{\texttt gpg --decrypt \emph{filename}}\\

\subsection{Nasty, eh?}
Since using GPG directly is rather nasty, people have developed many
GUI/console frontends, as well as integrated GPG functionality right into
their applications. For example, Kmail, mutt, both integrate with GPG very

Images shamelessly stolen from Wikipedia.

	\item Wikipedia \\
	\item GNU Privacy Guard \\
	\item OpenPGP Message Format \\