BR Washington Technology Online Infotech and the Law img src="../images/hyper_butt.gif" alt="Hyper
| || |
Encrypting Messages for Privacy
By John Makulowich
From what I've observed, most people shy away from learning and using public key cryptography tools, such as Philip Zimmerman's PGP, for Pretty Good Privacy (www.pgp.com/), to protect the confidentiality of their e-mail messages.
But there are doubtless times they wish they had a public/private key pair, for example, to send account information to a bank, transmit buy or sell orders to a broker or e-mail a credit card number to a company to purchase a product or service.
For those who want to take the leap, Eudora Pro's newest upgrade for 32-bit PCs to 3.0.3 (available at www.eudora.com/) makes the jump less like a Herculean task. Why? The popular e-mail program now puts PGP 5.0 for Personal Privacy on the tool bar if you choose to install it as an option.
With the feature on, all your messages and attachments are automatically encrypted. Of course, the person receiving your message needs the proper tools to read them, that is, an e-mail application like Eudora Pro that supports the PGP/MIME (Multipurpose Internet Mail Extension) standard.
The PGP tool lets you encrypt, or digitally disguise, your e-mail and attachments so only those with the proper authority can get the information. You can also digitally sign your mail to ensure it came from you and has not been tampered with.
So, how do you start? First, you install the program that comes with Eudora Pro 3.0.3, which is PGP50.exe, the so-called PGP 5.0 Demo installer. In the process, you will be asked if you need to create a public/private key pair. Follow the directions and do it. Then store your public and private keys in a key ring file and back it up to a floppy disk. After that's done, you make your public key available to everyone; the private key you keep to yourself.
When someone wants to send you a private message, they use your public key to encrypt the message. When you want to send them a message, you use their public key. When you receive their message, you use your private key to open it. You can also use your private key to sign your e-mail. The person receiving it uses a copy of your public key to see if you really sent the e-mail.
What does a public key look like? That depends on a number of things, including the length of the key - all spelled out when you install the PGP option. The fact that the key is text makes it easy to exchange with others and to append to your .signature file. Here's a condensed version of mine, for those who are interested. If you are still perplexed, visit Zimmerman's Web page or read the documentation in Eudora Pro; it's very well-written.
John Makulowich writes, talks and trains on the Internet. You can reach him at firstname.lastname@example.org; his home page is http://www.cais.com/makulow/. You can retrieve his public key by sending e-mail with the subject, "public key."
NEXT STORY: Washington Technology Hypertext