You should encrypt your e-mail for the same reason that you don't write all of your
correspondence on the back of a post card. E-mail is actually far less secure than the postal
system. With the post office, you at least put your letter inside an envelope to hide it
from casual snooping.
Take a look at the header area of any e-mail message that you receive and you will see
that it has passed through a number of nodes on its way to you. Every one of these nodes
presents the opportunity for snooping. Encryption in no way should imply illegal activity.
It is simply intended to keep personal thoughts personal.
What is PGP?
PGP is a program that gives your electronic mail something that it otherwise doesn't have:
Privacy!
It does this by encrypting your mail so that nobody but the intended person can read it.
When encrypted, the message looks like a meaningless jumble of random characters.
PGP has proven itself quite capable of resisting even the most sophisticated forms
of analysis aimed at reading the encrypted text.
PGP can also be used to apply a digital signature to a message without encrypting it.
This is normally used in public postings where you don't want to hide what you are saying,
but rather want to allow others to confirm that the message actually came
from you. Once a digital signature is created, it is impossible for anyone to modify either
the message or the signature without the modification being detected by PGP.
Pretty Good Privacy is a very powerful encryption program. Using "public key" encryption you
can securely communicate with people without having to agree on a secret key first. It can also
be used for authentication of messages. The public key algorithm
used in PGP 2.x is RSA, which is considered impossible to break in a reasonable time,
if properly implemented. Newer versions of PGP 5.x now use the DS/DHH algorithm.
PGP version 6.x & 7.x support for both RSA and DS/DHH algorithms.
Using anonymous remailers won't help you much without encryption; E-mail messages are normally
sent in the clear. Everyone can read the entire message and see who is sending what. If you use
PGP on your messages to the remailers that is no longer possible.
Each remailer will only know where the message came from and where it is going to, but not who
else are in the chain or what the actual message is.
Where to get PGP
There are many versions of pgp available making it pretty darn confusing.
We suggest versions 6.58 or and ealier version 6.02i or 6.58 ONLY with the ADK hotfix applied
(international and newer versions have the ability to use both RSA and the newer DS/DHH keys).
If you intend to use anonymous remailers we suggest version 2.62 or 2.63.
PGP Bug Discovered
On Thursday, August 24 researchers in Germany discovered a serious bug in PGP
versions 5.5.x through 6.5.3 (domestic and international) regarding how those versions handle
unauthorized Additional Decryption Key additions to the unhashed/unsigned areas of PGP keys.
Read NAI's Security Advisory and for more
information the CERT Advisory
and Cryptomes 'Serious Bug in PGP - Versions 5 and 6.
Make sure you get your copy of PGP from a reputable ftp server or web site (below)
and follow the enclosed instructions on verifying your copy once you download it.
PGP 6.5.8
6.5.8 corrects a security-related bug with Additional Decryption Keys (ADKs)
that may allow sophisticated attackers to add unauthorized ADK key IDs to
the unhashed areas of PGP public keys. Versions 5.5 through 6.53 are affected.
PGP Hotfix for versions 5.5.x through 6.5.3
PGP for the PalmOS
PGP 2.6.3i with RSA only
PGP 2.6.2 with RSA only
Other Sources
Step Two - How To Use PGP
