GnuPG Guest Series Finished

I’ve now finished the GnuPG part of my cryptography guest series on TmacUK. It’s been quite fun so far, I’m going to be away for a few days but when I come back I think I shall be continuing the guest series with a post on estimating password strength.

The various posts from this part of the series are:

  1. An Introduction to GnuPG
  2. Your Own GnuPG Key
  3. Using Your GnuPG Key
  4. Trust is a Weakness

Between them they cover the basics of the OpenPGP/GnuPG protocols and how they work, creating a GPG key, using it, and the basis of validity and the web of trust with regard to other peoples keys.

I hope you’ve found the series useful and/or interesting so far, stay tuned for more.

This entry was posted in News and tagged , , , . Bookmark the permalink.

4 Responses to GnuPG Guest Series Finished

  1. z64 says:

    Great articles. I refer people to them regularly.

    You should write a tutorial on generating and implementing your own ssls/CA.
    Most of the tutorials I find on the subject are conflicting, and convoluted.

    the more I read on the subject, the less I trust browser vendors’ lists of “trusted” CA’s and the more i feel we need a circle of trust closer to pgp model.

    I’m still not expert status on the subject, but can’t we be generating our own CA’s and distributing them signed with our pgp keys. If folks trust the pgp signature, then they install the CA, and there by trust our ssl certs as well?

    • Dark Otter says:

      Thank you very much indeed for your kind words! I’m very glad to hear my writings have been appreciated.

      On the subject of SSL I’m afraid I’m on more shaky ground – I’m still very much a novice in the field of computers to be honest (I start my degree in Computer Science this Friday actually).

      The position of Cynicism regarding trusting CA’s is sensible, however unfortunately there’s not a lot to be done at the moment – even trusting the barest few CA’s can lead you to trust some people you might want to – this is simply the nature of the tree structure used for trust with them. A PGP/GPG style stust model would be good, but simply isn’t practical for the main usage of SSL – it needs to be suitable for non-technical users.

      Purely for use between techies, you could of course distribute a signed version of your SSL public key on a website or by e-mail that people could check, and then install at their discretion, however I have heard of no automated solution for such.

      Thank you again for the comments, perhaps when I know more about it I shall post a tutorial or two on using OpenSSL.

  2. z96 says:

    sadly, these article are gone. you should post a mirror, or better yet an updated version.

    • Dark Otter says:

      Unfortunately I don’t have any easy way to do this, havng long since lost the content. But to be honest, they would probably be long since out of date any way.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s