GPG(GNU Privacy Guard)




1.      Description of GPG – what does it do and how, and the components of GPG4win.
GPG(GNU Privacy Guard) is PGP cryptographic software suite. Basically it is a hybrid encryption software because it uses both symmetric key encryption and asymmetric key encryption. Symmetric key encryption for the speed purpose and asymmetric key encryption is for security purpose. In Symmetric key Encryption we use only one key for encryption and decryption both. And in Asymmetric key Encryption we use two keys ,one is for encryption and other one is for decryption. GPG is used for encrypting files and mails. It is used for transporting mail securely with the help of encryption and digital signature. Encryption protects the data from the intruders and digital signatures are used to make sure that it is send from a specific sender. GPG4win supports the OpenPGP and S/MIME (X.509). Gpg4win is a free software. Gpg4win is the installer for the windows and contain several free softwares.
The components of GPG4win are as follows:
1. GnuPG
2. Kleopatra
3. GpgOL
4. GpgEX
5. GPA
 The configuration of X.509 root certificate is also made by Gpg4win. Gpg4win uses a key the length of 2048bit and the algorithm which is used for signing and encrypting by default is RSA. It also create and verify the checksums of the files from kleopatra from which the integrity of the message is also checked. Gpg4win is used to create a unique checksum for each file. Basically checksums means the hashed value of the files. Gpg4win also supports SHA-1, SHA-256 and MD5 the hashing algorithms. GPG4win supports the Windows version which are newer than Windows 7 with 32 and 64bit. In Windows XP it some part of it can work, but it is not officially supported.

2.      How do I know that the file I downloaded has not been tampered with?
By doing the integrity check we get to know about the integrity of file. We have to check the hash value of file. If the hash value matches with the correct hash value then it has not been tampered and if the hash value is not same then definitely the file has been tampered.

3.      Compare and contrast Private Key (symmetric) and Public Key (asymmetric) encryption. 
Symmetric Key Encryption:
1.    Symmetric key encryption uses the same key for encryption and decryption of the     message.
2.     Mostly the Symmetric encryption is used for speed purpose.
3.     Symmetric key encryption is also called as Private key Encryption.
4.     Examples of symmetric encryptions are DES,AES etc

 Asymmetric Key Encryption:
1.      Asymmetric key encryption uses the two keys one for encryption and other for decryption.
2.      Mostly the Asymmetric encryption is used for security purpose.
3.      Asymmetric key encryption is also called as Public key Encryption.
4.      Examples of asymmetric encryptions are RSA, ECC, Diffie Hellman etc.

5.    Why do we need PKI for secure email?
     The sensitive data can be in encrypted and exchange without PKI but there would be no     assurance of the authentication of the other party. Any form of sensitive information which is exchanged over the internet is dependent on PKI for security. The PKI consists of software, policies and standards to create, manage ,administer, distribute the keys and digital certificate. The heart of the PKI is digital certificate because it is the identity of the subject and the identity is bind to the public key contained in the certificate. The elements of the PKI include Certificate authorities and Registration authorities.

6.      In what ways can we share our public keys with others? 
1.      Key Server 
2.      Email public key 
3.      Email signature with public

Comments

Popular posts from this blog

Snort (Intrusion Detection System)

Web Security

Wireshark(Network Protocol Analyzer)