What is GPG ? What is this GPG Public key ? GPG stands for GNU Privacy Guard, an excellent, public domain,open source software tool for ensuring privacy and security on the Internet (plus more). GPG is distributed under GPL (GNU Public License, a liberal license which grants you several liberties). GPG is gratis software. With GPG and my public key, you can encrypt any message, or file, and send it to me. Only I can decrypt your message because only I know the corresponding private key (aka "secret key") for doing this decryption. The encryption cannot be broken by anybody else. This is the principle of what is known as public key cryptography (PKC). GPG does many more things, in addition to PKC. The GPG web site has lots of very well written tutorials on cryptography, and security. You can also download the GPG tool from this site. In general, GPG comes free, with all standard Linux distributions (unlike that other fliMSy-cluMSy-MeSsy operating system).
Wish to learn more about cryptography, GPG and e-security ? Algologic can organise a one-day training program on cryptography and GPG for you, at your premises and at your convenience. Send me an e- mail, for details. Algologic can also provide a whole range of training services.
You can download Partha's GPG public key (local copy), and then use GPG software to add it to your GPG keyring. To verify the authenticity of the copy you downloaded, check for its authenticity, using this image. In addition, the md5 checksum of Dr. Partha's public key (parthakey.asc) file is here You can use this md5 checksum, to detect if this file (parthakey.asc) has been tampered. You can also ask Dr.Partha how to use md5 for verification.
To be absolutely sure : You must also download another copy of this key from: GPG- Public-Keyserver. Search for "drpartha". Use the option "Show PGP "fingerprints" for keys". Make sure that the key fingerprint matches the one given above.
Use this one-line GPG command, if you have already a working GPG installed on your machine (and a live connection to the Internet) :
gpg --keyserver pgp.mit.edu --search-keys firstname.lastname@example.org
Or, use :
gpg --keyserver pgp.mit.edu --search-keys F1D99755
To be absolutely "absolutely sure" : To make absolutely sure that you have indeed an authentic copy of my public key, you must reconfirm the "fingerprint" of this key with the "fingerprint" of the original key with me. You must do this confirmation process in addition to, and after making the comparison mentioned in the earlier paragraph. Send me an e- mail, so that I can let you know how to go about this confirmation process.
To be absolutely "absolutely absolutely sure" : Follow the public key negotiation protocol
After you have installed and tested GPG, and after you have obtained and confirmed Partha's GPG public key:
There is a lot of interesting details in
homepage of Algologic
Do not miss it !