This is an old revision of the document!


PGP and GPG

I will talk on this page of everything related to security and authentication on the Internet.

Personal use

PGP and GPG are two compatible asymmetric encryption and signing software. Their features are:

  • encrypting emails or files: you use the public key of the receiver to encrypt the message so that only the receiver can decrypt it (using his associated private key).
    gpg --recipient <user-id> --encrypt <file>
    gpg --decrypt <file>.gpg
  • signing emails or files: you use your own private key to sign the message so that anyone can verify with you public key that you are the author of the message, and that the message was not altered.
    gpg --detach-sign --armor <file>
    gpg --verify <file>.asc

For emails, you should use some software to automatically manage your keyring and sign, verify signatures, encrypt and decrypt messages, like the Enigmail addon with Thunderbird.

Trusted timestamping

If a trusted third party signs with its private key a document of yours, then it will prove the integrity and the timestamp of your document.

There are a few working and easy enough to use services for individuals:

Others have more critical limitations:

You can also use a software client to use the RFC 3161 protocol, with a server providing the service:

File size problem

One problem I encountered with all providers I tried is that they limit the file size (at least for free services), around 1 MB.

So what I do is that I sign the large file with my own PGP key, then I officially timestamp my signature. My PGP key doesn't need to be reliable, only the algorithm used to sign with it needs to be reliable in order to prove that the file was not modified. Actually only a hash would be necessary, and this is what RFC 3161 clients do when the service is not limited. But of course it is better to directly timestamp your file if you can do so.

software/pgp.1649376982.txt.gz · Last modified: 2022/04/08 00:16 by cyril
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0