PGP encryption

1. The difference between traditional encryption and asymmetric encryption

1-1. Traditional encryption

  • With the same key to encrypt and decrypt

1-2. Asymmetric encryption

  1. Creating a Public key and a Private key. The Public key could be shared with others. The private key must be kept by the owner.
  2. The Public key will Encrypt the context. The Private key will decrypt the context.

2. How to exchange the Public key

  1. Sender and Receiver exchange the Public keys face to face.
  2. Exchange the Public keys by trusted third party

3. The PGP’s process of encryption and decryption (including “sing the signature” and “check the signature”)

4. PGP’s key Identity

  • Each PGP key should have 1 or more identities with the key. (e.g keybase.io)

5. Difference between PGP and developer certificates/code signing

5-1. Developer certificates/code signing

  • They rely on centralized Certification Authorities

5-2. PGP

6. Difference between PGP, OpenPGP, GnuPG and gpg

  • PGP (“Pretty Good Privacy”) is the name of the original commercial software
  • OpenPGP is the IETF standard compatible with the original PGP tool
  • GnuPG (“Gnu Privacy Guard”) is free software that implements the OpenPGP standard
  • The command-line tool for GnuPG is called “gpg”
  • lets each user assign their own trust to each certificate.

Reference

  • https://www.linux.com/blog/learn/2018/2/protecting-code-integrity-pgp-part-1-basic-pgp-concepts-and-tools

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.