From SIPB Cluedumps

Jump to: navigation, search

[edit] Understanding PGP and Using GPG

Date: October 4, 2011, at 4:00 PM
Presenters: Benjamin Barenblat (bbaren)
Location: 2-143
Abstract: PGP is a public-key cryptography system used for certifying data integrity as well as for transmitting data securely. It's commonly used to sign and verify software distributions and packages (Linux kernel, Ubuntu/Debian packages, etc.), and it can even be integrated into version control systems such as Git. Unlike public-key infrastructures (such as MIT's certificate system) in which participants rely on a trusted authority, PGP keeps trust an individual decision: individuals certify the authenticity of others, forming a distributed "web of trust."

This cluedump aims to give you sufficient technical knowledge to begin making informed and logical decisions about protecting your data with PGP. I'll give an overview of PGP and public-key cryptography--as well as why you should care; we'll then dive into the details and implementation of the OpenPGP protocol. The bulk of our time, however, will be spent on common uses for PGP, with an emphasis on the GNU Privacy Guard (GPG), a widely-used free implementation.  In particular, I will present my suggestions on how to set up a well-thought-out GPG installation (based on my frustration at the lack of good tutorials online today).

This cluedump is based on and quite similar to that given by Steve Woodrow in the fall of 2009. As a follow-up, there will be a key-signing party organized by Duncan Townsend in late November.

Bio: Benjamin Barenblat was born in New York City, but he moved to Texas as soon as he could. In his spare time, he enjoys functional programming, exploring the Semantic Web, and maintaining a slightly higher-than-healthy level of paranoia.
Personal tools