Author: Martin Hamilton Number: ???
Some systems, such as Unix, give you ways of making sure your files are only read by those people who are meant to be able to read them. Unfortunately, the network technology used for things like telnet, printing, and electronic mail does not provide any such protection. So, although you may have protected a confidential document on your computer's hard disk, once you email a copy of it to someone it may be read by any number of other people along the way. The document may even have been modified, or substituted for an alternative one, before the intended recipient gets to see it.
There are a variety of mathematical processes which are being used or have been used for signing and encrypting. Many of these algorithms have proven to be vulnerable to analysis. So, whilst it may be prudent to sign and/or encrypt important or sensitive documents, it is also important not to be using cryptographic techniques which have been discredited. Particular examples are the "BIOS password" systems used by many PC vendors, and the password protection used in common desktop applications such as spreadsheets and personal finance packages.
PGP is not the easiest of computer programs to use. Consequently we have been evaluating a number of front ends, which make it easier to use PGP by providing you with simple push-button controls for the most commonly used features. We have selected XXX for the Mac and YYY for the Windows PC as the most suitable for general and introductory use. These are documented separately - see the list of references at the end of this document for more information.
PGP primarily uses what is known as a public key model. What this means is that keys (actually large numbers, generated for you by PGP) are used to lock and unlock encrypted messages, and in the generation of signatures. There are actually two keys, unlike the keys in, say, a conventional door lock. One key is private to you, and you should take care to prevent it from being disclosed to anyone. To protect this private key, we suggest that you do not store it on a disk which is accessible over the network, or on a fileserver. This may not always be practical, but it is important if you want to minimise the risk of it falling into the wrong hands.
The second key is public, and should be made widely available. This may seem bizarre - you certainly wouldn't want to give everyone in the neighbourhood a copy of your front door key! The reason why you can quite happily give them your public key is that it is only useful for creating encrypted messages. In order to decode a message encrypted with your public key, the matching private key is needed.
At first, GAK sounds perfectly reasonable. In an increasingly violent society there is a need for the forces of law and order to be able to fight the likes of child pornographers and drug barons, who are reckoned (by the secret services) to be making heavy use of encryption. Unfortunately, once you have escrowed your keys, there is no turning back. You have no way of knowing whether your escrowed keys are being abused, and history suggests that it is highly likely they will be.
In fact, the potential for abuse is enormous, particularly since public key cryptographic technology is expected to become more and more widely used. Perhaps the most significant observation is that the very people allegedly being targetted - serious criminals - will not make use of GAK, since they have superior non-escrowed alternatives such as PGP. This indicates that GAK would primarily be of use as a surveillance tool on the population as a whole, rather than as a means of cracking down on serious crime.
Another aspect of secret service interference is the artificial weakening of the cryptographic software embedded in many common software packages - notably World-Wide Web browsers such as Netscape Navigator. In these programs, although the cryptographic part is present, it is has effectively been disabled, usually by limiting the sizes of public and private keys. The end result is that it becomes very easy to decode any coded messages you may create, using only a moderate amount of computing power such as is available to any University undergraduate (for example :-). The US goverment's National Security Agency has been the major culprit in this exercise, attempting to prevent the exporting of high powered encryption software to the rest of the world via the American International Trafficking in Arms (ITAR) regulations. In practice, they have been less than successful. PGP is perhaps the prime example of this failure - having originally been written by an American and then illegally exported from the US by person or persons unknown.
The ins and outs of using PGP on a day-to-day basis have not been covered in this document, in order that it be suitable as a general overview. We have undertaken to make a series of documents available explaining the basics of using PGP on the Mac, Windows PC, and Unix services, and discussing issues which will be of interest to PGP users once they are established. Further information is available via the World-Wide Web.
[not written yet!!]