Just looking over the list of Microsoft vulnerabilities, including the infamous Microsoft Passport security hole last year, is enough to make any IT pro tremble. Data doesn't seem to be safe anywhere, whether it's stored on a workstation, the Web, or a PDA or sent via e-mail, wireless networks, or the Internet.
One of the best ways to secure data, whether in storage or in transit, is by using PGP (Pretty Good Privacy) by PGP Corp. of Palo Alto, CA. Since the program's creation, PGP has always been more than pretty good. It's been cutting-edge. PGP was invented in 1991 by Phil Zimmermann, and it's been distributed free in some version ever since. The software is now available as freeware and as commercial enterprise, desktop, and personal versions for Windows OSes (95-XP), Macintosh (OS9 and OSX), Palm, and Windows CE.
All PGP versions secure e-mail and stored data; the enterprise and desktop editions even encrypt ICQ messages. The enterprise version adds administration tools and a keyserver, which works with Microsoft Exchange, Lotus Notes, and Novel GroupWise servers. The desktop version, useful for SOHO operations, provides the same level of encryption but without the admin and server apps. The mobile computing version for Palm provides e-mail and disk protection. Windows CE devices get only mail protection.
PGP Personal is similar to the workgroup product but works only on ISP e-mails. The freeware, licensed to home users and nonprofits only, protects desktop e-mail and files. It lacks many of the cool commercial features, such as automatic encryption and plug-ins for Microsoft Outlook, Outlook Express, and other e-mail programs.
PGP requires a Pentium 166 or greater processor and 32 MB of hard disk space. It runs on Windows 9x, Me, Windows NT 4 (Service Pack 6a), Windows 2000 (Service Pack 3), and Windows XP (Service Pack 1).
Information about licensing is available from the PGP Web site. The various licenses are named subscription, perpetual, and personal. You can purchase upgrade insurance, as well as additional level 2 support. Fees range from $25 to $325 per seat. You can find the current prices at PGP's Online Store. Note that with the exception of a perpetual license, all other licenses expire after one year.
How does it work?
PGP uses a modified two-key cryptographic system. This is far more secure than simple cryptography, in which the same code is used to encrypt and decode data. (Data Encryption Standard, or DES, is a simple cryptographic system used by ATM machines.) The downside to simple cryptography is that you risk your single private key any time it's in transit to the recipient.
In two-key systems, one of your keys is public and the other is private. Senders deliver messages coded with your public key, but only you can decode the message with your private key. You send others messages coded with their public keys, but only they can decode these messages with their private keys. Whitfield Diffie and Martin Hellman invented the two-key system in 1975. (Having claimed naming rights, their method is called Diffie-Hellman.) You may have heard of two other popular double-key systems invented since then: RSA and DSA.
In PGP's modified two-key system, the program first compresses the unencrypted message, called plaintext, using a Zip algorithm. This step eliminates many clues used by code busters to reverse-engineer a secret key based upon redundancies in the plaintext. PGP then creates a one-time session key derived from random patterns picked up from mouse movements and keyboard strokes. This session key is used to code the ciphertext from the compressed plaintext using one of five encryption algorithms set as a program option.
The message recipient's public key is used to encrypt the session key. Both the ciphertext and the encrypted session key are sent to the recipient, whose private key is used to recover the session key, which then decrypts the message.
Downloading and installing
The latest PGP versions are 8.0.2 for enterprise, desktop, and personal, 2.0.2 for Palm OS, and 1.6.2 for Windows CE. For our examples in this article, we'll be using the desktop edition. During the install process, be sure to look over the Read Me file before continuing—it has important information about included features and bugs.
If you're a new user, answer No when the installer asks if you already have PGP keyrings. PGP preselects components needed on your machine. The Select Components dialog box (Figure A) lets you choose any additional components you want to install.
|During installation, you can add or remove PGP components.|
Check the summary of installation information, and use the Back button to make changes. Otherwise, click Next to begin installation. Reboot your computer after program files have been copied.
PGP installs three suites of applications: PGPmail, PGPdisk, and PGPkeys (for key creation and maintenance). Click the PGP Tray icon to access these apps, or launch them through Start | Programs | PGP. (If you want, you can disable the Tray icon via Options.)
After rebooting, open PGPkeys and insert your license information, name, and organization, exactly as provided by PGP Corp., and then click Authorize. PGP will connect with its Web site and verify your license. If, for some reason, you're not prompted to add your license, click the PGP Tray icon and select License. After verification, an information box will display how many seats your license is valid for and the license's expiration date.
Creating and backing up a keypair
Next, you'll want to create public and private keys, called a keypair, and publish your public key to the world. Keys are created so that the public key can't be used to crack a private key. Launch PGPkeys through the Start menu or by clicking the PGP Tray icon and selecting PGPkeys. If you've never used PGP before, the Keys list will be empty.
From the menu, select Keys | New Key. A wizard will walk you through the process. As you type, a useful Passphrase Quality bar, shown in Figure B, will indicate your passphrase's quality. In PGP, passphrases are case-sensitive. Although the program lets you create a passphrase with as few as eight characters, this approach is not secure. Passphrases should use multiple words with a mixture of uppercase and lowercase letters, numbers, and special characters. The passphrase should be unique and easily remembered without your having to write it down. It shouldn't be a phrase—such as an entry from Bartlett's Familiar Quotations—that can be cracked from a hacker dictionary.
|Create a passphrase that's easy to remember but lengthy and complex enough to give a high level of security.|
A passphrase about 30 characters long should suffice. When you complete the wizard, PGP generates a keypair. Each key of the pair consists of a key (used for signing) and a subkey (used for encryption). When the program finishes this operation, click Next and then Finish. Your key will appear in the list, as shown in Figure C.
|Your new key appears in PGPkeys.|
Before moving on to other PGP features, back up your key to a different drive or media. If your private key were ever lost, all messages and data encrypted with that key would be irrecoverable. Though you'll be prompted to back up when you first exit PGPkey, don't wait. Right-click on your key and choose Export. Choose a destination, make sure to check Include Private Keys, and click Save.
Publishing your public key
Your public key will be used for all secure messages sent to you. Therefore, the practical next step is to publish it on an Internet keyserver, where interested parties can look it up. Click your key to highlight it, and choose Server | Send To | idap:// keyserver.pgp.com (and idap://europe.keys.pgp.com, if you want). The program notifies you when the key has been successfully uploaded.
Start PGPmail through the Tray icon or the Start menu. A free-floating menu bar will appear with seven buttons (Figure D):
- Encrypt And Sign
- Freespace Wipe
|The PGPmail menu bar suite of apps|
PGP's desktop version also attaches to your e-mail program. For example, Outlook's menu bar adds a PGP item from which you can encrypt/decrypt messages, launch PGPkeys, and set options. Two icons appear in the Standard toolbar to let you quickly encrypt/decrypt and launch PGPkeys.
Before you can send someone an encrypted e-mail message, you'll need to obtain that person's public key. Open PGPkeys and choose Server | Search. By default, the search is called User Id Contains. Type a name or portion of a name in the text box, and the server will return a list of keys, as shown in Figure E.
|A search for the last name "Wallen" brings up these public key hits.|
If you don't find the key you're looking for, use the drop-down lists to try other search criteria, such as Creation Date or Expiration Date. Or if you get too many hits, click the More Choices button to refine the search criteria. Add the key to your desktop's keyring (where the keys you use will be stored) by right-clicking and choosing Import To Local Keyring.
When you compose an e-mail, you'll note that PGP icons are now part of the message screen menu in compatible applications such as Outlook, Outlook Express, Lotus Notes, and Eudora. When you're finished composing, encrypt the message or set PGP to Encrypt On Send by clicking the Encrypt On Send button or selecting PGP | Encrypt On Send from the menu bar.
To encrypt before sending, press [Ctrl][Shift]E. If nothing happens, you may need to enable that hot-key sequence in PGP | Options first. From the Key Selection Dialog, drag a key from the Recipients List to the Recipients window, as shown in Figure F.
|Drag keys stored on your keyring to the Recipients window for all people receiving the encrypted message.|
The message is encrypted and appears in a format similar to that in Figure G.
|The encrypted message appears as a block of nonsense text between a PGP header and footer.|
To guarantee a message's authenticity, you may want to digitally sign the message. You can do this for any message—you don't have to encrypt it first. Press [Ctrl][Shift]S, and a digital signature will be appended below the message. To decrypt an e-mail, open the message and click the Decrypt button. You'll be asked for your passphrase. Enter it and click OK. The procedure is the same to verify a signature.
Microsoft Outlook can edit received messages. After decrypting, Outlook will ask if you want to save your changes. To keep the message copy encrypted, select No. Otherwise, click Yes.
Through PGPmail, you can also secure your files and decode them for reading. To do so, launch PGPmail and click the Encrypt or Encrypt And Sign button. Select a file from the browser window and click Open. You can also right-click on any filename from Windows Explorer and choose Encrypt from the PGP context menu.
Drag to the Recipients list any keys for people you're authorizing to decrypt the files. If the files are for your eyes only, leave your key on the list as is and click OK. The file will be coded, and its icon will now show a lock. Note that this does not erase the original unencrypted file, in case you'll be attaching the encrypted file to an e-mail but leaving the original in plaintext. If you store the file on disk, don't just delete it later; be sure to select Wipe Original during encryption wipe. The wipe process is secure because the data is completely overwritten and not left on the hard drive as it is in a simple delete process.
To decrypt an encrypted file, double-click the filename or icon and type in your passphrase. PGP will create an unencrypted copy and leave the coded original in place. For security reasons, wipe the copy rather than simply deleting it when you're finished. The easiest way to do this is to right-click the filename in Windows Explorer and choose PGP | Wipe.
You can also wipe all free space on your media by clicking the PGPmail button Freespace Wipe. Overwriting free space prevents file remnants left on your drives from being recovered. When you click the button, a wizard opens and allows you to choose the drive to clean up and the number of times to overwrite the free space. Three times is the suggested minimum number of passes, but keep in mind that advanced forensic techniques allegedly can recover data wiped up to nine times.
Choose more wipes depending on your data's sensitivity and your paranoia level. PGP defines paranoia as follows:three passes, good for personal use; 10 passes, commercial; 18 passes, military; 26 passes, maximum security. Naturally, the more passes you choose, the longer the wipe takes to run. At high levels, take a break to read a novel or remodel your home. And be sure to turn off file sharing and close all applications accessing the volume or disk before running the wipe.
Remember to periodically overwrite your free space, since data is left there during normal disk activity. You can schedule Freespace Wipe to run automatically.
Creating a PGPdisk
What PGPmail can do for file and e-mail security, PGPdisk can do for hard drives and other writable media. PGPdisk creates a file that acts as a drive. When a PGPdisk is mounted, you can open, edit, save, and perform any other file functions just as you can with any disk with a drive letter. When a PGPdisk is unmounted, it is encrypted and therefore protected. Mounting an encrypted disk requires entering a passphrase.
Start PGPdisk by clicking on the PGP Tray icon and choosing PGPdisk | New Disk. This will launch a wizard. You'll be asked for a location and size for your disk, as shown in Figure H. Fill in the information and click Next.
|Configure your PGPdisk using this wizard.|
Click Advanced Options to choose the following:
- Drive letter (I use Z: for clarity.)
- Whether the drive should be a directory on an NTFS volume (available in Windows 2000 and XP)
- The encryption algorithm to use
- The type of file system (FAT or NTFS)
You can also choose whether to mount the disk automatically at startup. The next screen asks whether you prefer to use a public key or invent a new passphrase to encrypt the PGP drive. Choose your method and click Next. You'll either be prompted to enter a passphrase or choose a public key from your keyring. Either way, you'll be asked for a passphrase when mounting the drive, so remember which one you used. When you click Next, PGP encrypts and formats the drive, showing the program's progress. Click Next and then click Finish.
You can unmount the disk by right-clicking it in Windows Explorer and choosing PGP | Unmount. You can mount the disk by clicking the PGP Tray icon and choosing PGPdisk | Mount. Browse to the file location of the disk, click Open, and enter your passphrase.
PGP Desktop contains many features not detailed here, such as the ability to create distribution groups of recipients, create self-extracting decryption files (it's still secure, requiring a passphrase to decrypt), work with smart cards and ICQ, and even to display decrypted text in a window secure from TEMPEST interceptions (even though some think the screen-image stealing threat is a myth).
PGP is a great option for security-conscious computer users. It contains an excellent user guide and introduction to cryptography. It is frank about its intentions and possible vulnerabilities. Zimmermann, the inventor of PGP, remains a technical advisor to the company, adding credibility to the program. By studying the user guide and properly configuring PGP, you'll be able to control your privacy with relative ease and a high degree of security.