|
|
|
|
| PGP for Personal Privacy 5.0 for Eudora | Internet &
Intranet Tools Security |
 With the increasing use
of e-mail, particularly in client communications, security and confidentiality are more
important than ever. Unfortunately, Internet e-mail is not secure. To make sure only the
recipient can read it, e-mail needs to be encrypted. The standard in encryption is Pretty
Good Privacy (PGP), developed by Philip Zimmer-mann. PGP is based on a "public
key" encryption technique, which uses two complementary keys to secure messages: a
disseminated public key and a private key.When you want to send secure e-mail to someone, you use their public key to encrypt the message. They can then use their private key to decipher the information. Also, someone wanting to send you secure mail uses your public key to encrypt, and you decode using your private key. Besides message encryption, PGP also provides a digital signature. With this, you "sign" your messages with your private key, showing the message truly came from you and is complete and unaltered. The recipient uses their copy of your public key to check the contents of the message to ensure no one has tampered with the contents. PGP 5.0 is now available as an add-on to popular e-mail programs. One of the first is PGP for Personal Privacy for Eudora, available for both Eudora Pro and Eudora Lite. It is available free for downloading from Eudora's Web site. PGP for Personal Privacy integrates tightly with Eud-ora's interface. There is a new PGP menu option, for setting PGP preferences and running PGPKeys, the program in which you store your public and private keys, and the public keys of others. PGP toolbar buttons display when you're sending messages and reading mail. When sent or queued, PGPKeys automatically launches and you pick the public key of the recipient. The quill icon indicates you want to digitally sign the message. When you're reading mail, there are buttons for decrypting the message and adding any PGP public key in the message to your "key ring" in PGPKeys. One warning--Eudora's signatures will cause the digital signature of your message to fail validation. This is apparently because Eudora's signature is added after the message is "signed," so when it arrives there has been modification to the message. The recipient's PGP will report an invalid signature. To solve this, set your Eudora signature to "<none>." Also note that the version of PGP for Personal Privacy on Eudora's Web site uses a newer encryption version to generate keys called DSS/Diffie-Hellman. Earlier versions of PGP used RSA key generation. If you need to exchange e-mail with those still using RSA keys, you will need to get the PGP version that uses RSA. That version for Eudora is on PGP's Web site, and costs $5 to download. |
Pretty Good Privacy,
Inc. (415) 631-1747 www.eudora.com or www.pgp.com DOS, Windows 3.1, 95, NT DSS version free; RSA version $5 Reviewed by Kenneth E. Johnson, Training and Support Manager, Mayer, Brown and Platt, Chicago, Ill. |
| Home | | Issue Archive | Resources | About Us | Contact Us | Subscribe | | Subscribers | Advertisers | Updated 09/19/01 |
