|
|
|
Overview | FAQ | Download | Documentation | Internet Link | My PGP Key
Presented by HZ, People's Republic of China
It is important for all Internet users to understand that regular email is absolutely insecure. Without encryption, the entire Internet email system is like a worldwide bulletinborad. Almost any email can be read by many people other than who it is sent to.
The likes of Echelon and NS* are monitoring Internet traffic 24 hours a day. People who value privacy should feel uncomfortable and do something to protect themselves. PGP is such a great tool.
The purpose of the this webpage is to promote the use of PGP worldwide, and to help international users to jumpstart as easy and quick as possible.
PGP (short for Pretty Good Privacy) is a computer program that encrypts and decrypts data. It's a public key encryption program originally written by Philip R. Zimmermann in 1991. Over the past decade, PGP has become a de-facto standard for encryption of email on the Internet.
Regular Internet email is notoriously insecure and offers no privacy. Typical email travels through lots of Internet computers. The administrators of these computers can read, copy and store any relayed email. Some big governments and organizations (such as Echelon) routinely intercept email and scan it for interesting words or phrases. With PGP encryption, they can still have access to your email, but have no idea as to its content.
Anyone who can intercept your email can alter your email's content. Even worse, anyone can send email that looks as if it was sent by you. With PGP, you can digitally sign your email. When your email and signature is received, PGP can be used to verify that the message is unaltered, and from you.
Why don't you always send your paper mail on postcards without using envelopes? Sending your mail through computers is even less confidential than sending the same material on a postcard. PGP provides secure envelopes that protect your privacy.
Email messages are too easy to intercept and scan. This can be done easily, routinely, automatically, and undetectably on a grand scale. International cablegrams are already scanned this way on a large scale by the likes of Echelon. PGP empowers people to take their privacy into their own hands.
PGP is a type of public key cryptography. When you start using PGP, the program generates a pair of keys that belong uniquely to you. One key is private and stays in your computer. You are responsible to keep your private key confidential. The other key is public. You are encouraged to give your public key to others.
Suppose you give me your public key. I can store your public key in my PGP program and use your public key to encrypt a message that only you can read. One beauty of PGP is that you can advertise your public key the same way that you can give out your telephone number. If I have your telephone number, I can call your telephone; however, I cannot answer your telephone. Similarly, if I have your public key, I can send you email; however, I cannot read your email. This public key concept might sound a bit mysterious at first. However, it becomes very clear when you play with PGP for a while.
See also How PGP Works in the PGP 6.5.x documentation.
Three facts are certain.
There is no known successful attack on PGP's encryption algorithms except when using relatively small public keys of 512 bits or less, so even a 1024 bit public key appears completely secure at this time. Of course, there may be some future mathematical or computing breakthrough that might change this. If your privacy is important enough, it might be wise to use a 4096 bit key. The realistic weakness of the PGP system, is allowing someone to have access to your private key. Unfortunately, if the National Security Ministry/Committee/Agency or some other very powerful organization wants your private key and its passphrase, there is little you can do to prevent this. Perhaps the most likely successful attack against a PGP user would be installation of keystroke recording hardware or software that would capture the user's passphrase.
PGP is easier to use than a word processing program once you know how it works. The latest Windows versions allow you to encrypt and decrypt email messages and files with several mouse clicks.
However, it's not very easy to understand the basic concepts on which PGP is established. It took me one month or two to understand the nature of PGP. Although PGP itself is complicated, PGP is not difficult to use.
Many PGP versions are freeware. People from New Zealand to Poland to Mexico use these versions every day. I'm using PGP 6.5.8 CKT build (Cyber-Knights Templar, or C-KT build of PGP), which is not only free but also full-featured. Source code of PGP 6.5.8 CKT build has been peer-reviewed.
Currently, the only PGP version (for Windows) I prefer is PGP 6.5.8 CKT build. I strongly suggest you to download and use PGP 6.5.8 CKT build. The reasons are
You may download PGP 6.5.8 CKT Build 08 as three separate files here.
| Download Part 1 (2,069 KB) | Download Part 2 (2,069 KB) | Download Part 3 (2,069 KB) |
After downloading them, you need to manually join them to get a complete ZIP file. Please run the following DOS command in the same directory as you store the downloaded files
copy /b pgp658ckt_1.bin+pgp658ckt_2.bin+pgp658ckt_3.bin pgp658ckt.zip
The generated pgp658ckt.zip is PGP 6.5.8ckt Build 08 (without source code). (To verify the integrity of pgp658ckt.zip, you can use my digital signature on it and my PGP public key.)
The lastest PGP C-KT stable build is also available at Zed-Zed-dot-Net FTP site.
Note: The above are all zipped PDF files. You will need Adobe Acrobat Reader to read them.