Linuxdoc Linux Questions
Click here to ask our community of linux experts!
Custom Search
Next Previous Contents

5. PGP and GnuPG

To use anyone of the versions of PGP with Mutt-i, first it will be necesary to configure PGP properly in the way that the public keys file (public keys ring) and the private keys file (private keys ring) will exist. It is convenient to previously test PGP from the command line to assure that it signs and encrypt correctly.

Remember that the PGP versions that exist for Unix are 2.6.3(i) and 5.0(i), that we call PGP2 and PGP5 respectively forward. GnuPG is a new encrypt system, being developed in these days, in an advanced state of development, open source and free, in many aspects better than PGP (see GnuPG mini howto http://www.dewinter.com/gnupg_howto).

We will also clarify that PGP, as being a program developed in the US, is restricted by certain exporting laws about programs that include cryptographic code; this is the reason for the existance of an international version to almost all binary versions, and it is noted with the "i" letter (pgp - pgpi).

5.1 PGP2

PGP2 generates keys with the RSA http://www.rsa.com,algorithm and it uses IDEA http://www.ascom.ch as the encryption algorithm. Both are propietary algorithms and its use is restricted by its respectives patents.

To run it correctly, you must have it installed, as well as having a directory called ~/.pgp, containing the configuration file pgp-i.conf and the private and public keys rings files, pubring.pgp and secring.pgp respectively.

5.2 PGP5

The keys generated by PGP5 are DSS/DH (Digital Signature Standard / Diffie-Helman). PGP5 uses CAST, Triple-DES, and IDEA as encrypt algorithms. PGP5 can work with encrypted or signed data with RSA (PGP2), and use that keys to sign or encrypt (with the keys generated with PGP2, because PGP5 can not generate that type of keys). In the other hand, PGP2 can not use the DSS/DH keys from PGP5; this creates incompatibility problems, because many users continue using PGP2 with Unix/Linux.

To run PGP5 correctly, in the ~/.pgp directory you will have the public and private key rings (pubring.pkr and secring.skr respectively), and the configuration file pgp.cfg.

In the case that you have installed the both versions of PGP (PGP2 installed and configured before PGP5), we will create the configuration file ~/.pgp/pgp.cfg of PGP5 as a simbolic link to the ~/.pgp/pgp-i.conf configuration file,

~/.pgp$ ln -s pgp-i.conf pgp.cfg

adding the following lines at the end of the file ~/.pgp/pgp-i.conf:

PubRing = "~/.pgp/pubring.pkr"
SecRing = "~/.pgp/secring.skr"
RandSeed = "~/.pgp/randseed.bin"

The files with the keys rings of the different versions can cohexist without any problem in the same directory.

5.3 GnuPG

GnuPG is a program with the same functions that the previous. The difference with PGP, GnuPG do not uses algorithms with restrictive patents. PGP is free for personal uses but not comercial jobs and its development is closed. GnuPG is free to be used in any job and it is open source, as our favorite operating system (also its implementation and development is made mainly in Linux).

The keys generated by GnuPG are of the type DSA/ElGamal (Digital Signature Algorithm, also known as DSS). Is totaly compatible with PGP, except with the use of restricted patents algorithms RSA and IDEA. Anyway, it is posible to implement certain compatibility with that (see GnuPG mini howto http://www.dewinter.com/gnupg_howto to get it interacting with PGP2 and PGP5).


Next Previous Contents