From SIPB Cluedumps
|Date: November 17, 2009, at 3:30 PM|
|Presenters: Stephen Woodrow (woodrow)|
|Notes: PGP (slides, notes)|
| Abstract: PGP is an open public-key cryptography system that is used for signing/verifying and encrypting/decrypting messages and data for yourself or others you wish to communicate with securely. PGP is also useful for signing and verifying software distributions and packages (Linux kernel, Ubuntu/Debian packages, etc.), or for signing your own code (i.e. with git-tag) on projects you work on. Unlike other public-key infrastructures (such as MIT's certificate system) that rely on an absolutely trusted root principal, trust in PGP is an individual decision where individuals attest for the authenticity of others, forming a distributed "web of trust."
This cluedump will begin with a overview of PGP (and very brief overview of public-key crypto) and why you should care, before diving into the details of the OpenPGP protocol and how it works. The second part of the cluedump will focus on the ways you can use PGP, with an emphasis on GNU Privacy Guard (GPG), a common, free implementation of OpenPGP. I will present my suggestions on how to set up a well-thought-out GPG installation (based on my frustration at the lack of good tutorials online today).