KBTAG: kben10000054
URL: http://www.securityportal.com/lskb/10000050/kben10000054.html
Date created: 09/07/2000
Date modified:
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Encrypting data files and email
Keywords: Network/Email, Users/Data
Several encryption programs are also available to encrypt your data, some at the file level (PGP, GnuPG, etc.) and some at the drive level (Cryptographic File System for example). These systems are very appropriate for the storage of secure data, and to some degree for the transmission of secure data. However both ends will require the correct software, compatible versions, and an exchange of public keys will somehow have to take place, which is unfortunately, an onerous task for most people. In addition to this you have no easy way of trusting someone's public key unless you receive it directly from them (such as at a key signing party), or unless it is signed by someone else you trust (but how do you get the trusted signer's key securely?). Systems for drive encryption such as CFS (Cryptographic FileSystem) are typically easy to implement, and only require the user to provide a password or key of some form to access their files. There is a really good article on choosing key sizes at http://www.cryptosavvy.com/ which raises some issues you probably hadn't considered. I would recommend reading it.
The granddaddy of public encryption, this is by far one of the most popular programs as it is supported under Unix, Windows and Macintosh. Unfortunately it has now been commercialized, which has resulted in a loss of quality for users. I personally believe any software used to encrypt or otherwise secure data MUST be open source or how else can you be sure it is secure. PGP is now sold by Network Associates and I cannot in good faith recommend it as a security mechanism for the secure storage and transmission of files. PGP is available for download from ftp://ftp.zedz.net/, http://www.pgp.com/, and http://www.pgpi.org/.
The alternative to PGP, GnuPG (GPG) is a direct replacement that is fully OpenSource and GNU licensed (as if the name didn't give it away). This tool is available at: http://www.gnupg.org/, as source code or precompiled binaries for windows, and RPM's. There is also an article here on GnuPG that I wrote.
pgp4pine is a PGP shell for pine that allows easy usage of PGP/GnuPG from within pine. Signing / encrypting and so on is made easier. You can get it from: http://www.rhrk.uni-kl.de/~lamm/pgp4pine/.
HardEncrypt is a one time pad generator and a set of tools to use it. In theory one time pads are an almost unbreakable form of encryption. Using a set of random, cryptographically secure data you completely mangle your private data, to decrypt it you need the one time pad. This form of encryption is ideal for communication of sensitive data with one catch, you must first transfer the one time pad to the other party. You can download HardEncrypt from: http://www.csuglab.cornell.edu/Info/People/jcr13/HardenedCriminal/main.html.
secret-share allows you to break a file up into as many pieces as you want, all of which are needed to successfully rebuild the file. All but one of the pieces are random data that is encrypted, obfuscating it somewhat. You can download it from: http://www.mindrot.org/code/secret-share.php3.