Copyright
Acquiring Editor: Steve Elliot
Development Editor: Benjamin Rearick
Project Manager: Mohana Natarajan
Syngress is an imprint of Elsevier
225 Wyman Street, Waltham, MA 02451, USA
First published 2013
Copyright 2013 Elsevier Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangement with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
British Library Cataloguing in Publication Data
A catalogue record for this book is available from the British Library
Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress
ISBN: 978-0-12-411483-8
For information on all Syngress publications visit our website at www.syngress.com
To the Reader
. GnuPG works at the command line, so OS X and Linux users open a terminal window, Windows users open the command line window.
To encrypt a file ( example.doc ) with a secret passphrase, use this command:
Youll be prompted for a passphrase, twice (to confirm it) and then a file will be written called example.doc.gpg (WARNING: the original file is still there, in plaintext!). The encrypted file can be decrypted back (as example.doc ) with this command (plus the passphrase, when prompted):
The recipient will be prompted to enter the passphrase to decrypt the file.
To verify a digitally signed file, such as when downloading a piece of software from the Internet, given the download file named example.doc and a signature file named example.doc.sig both in the current directory, use this command:
If the file verifies, the resulting message will include the words Good signature, among much more information (which may include a warning that the signing key is not certified--dont worry about this, for now). If not, Good signature will not appear (other information will be displayed, depending on what happened).
Good luck--and if you want to know more about how this works, keep reading!
) for other options.
The monospace font and the $ character indicate this is an example of a command being entered at the command line. The $ indicates the system is ready to accept a command; the command is typed in and after you type it you press the Enter key to make something happen.
, for more about this issue.
Preface
What Is This?
This book is about learning to protect data with encryption. Its a combination primer, story, guide, and handbook on how to use Gnu Privacy Guard (GnuPG) encryption software to protect data in motion (messages or files being sent over the Internet), followed by a brief discussion of how to protect data at rest by using full disk encryption (FDE) on modern operating systems (OSes).
You will learn to use cryptography in a practical way: to encrypt and to decrypt a message or file, to validate a digitally signed message or file, to manage encryption keys, and to work securely with encryption tools.
That means how and why to do it, but not how it works. If you are interested in the science and engineering aspects of how cryptography works--algorithms, acronyms, standards, and specifications--there are many good resources for learning about those topics online. Online is also where youll find the best information about installing encryption software, because online is where its most likely to be up-to-date.
The objective here is to get started doing encryption, not to know why it works or where it came from. However, just for the record--and to make sure were on the same page--here is a brief summary of what cryptography is and what it can do.
What Is Cryptography?
Cryptography is the science/practice of writing in secret (crypto=secret, graphy=writing). Cryptographic functions are generally defined as algorithms or protocols, rules that govern how data is processed to turn plaintext (unencrypted data) into ciphertext (encrypted data).
What Can Cryptography Do?
Encryption is what most people think about when they think about cryptography: taking plaintext and turning it into what looks like gibberish, a.k.a. ciphertext.
Done right, encryption protects private data by making it difficult (in some cases almost impossible) for an attacker to uncover plaintext. Depending on circumstances--such as whether the user creates a strong passphrase or whether the user is careful about leaving information vulnerable on their computer--it may be next to impossible--or trivially easy--for an attack to succeed, depending on a users choices.
The goal of using encryption is to make it harder for others to uncover our secrets. The idea is that whatever amount of expertise and computer time is needed to break our encryption should cost more than the perceived value of the information being decrypted.
Basic Cryptographic Functions