Erm, first of all, this blog is NOT dead, I didn’t post for quite sometime is because I am really busy with my school works…
Seemed that many doesn’t know how to verify files….
Many’s impression of crytpography is that you have a key, that you can use to encrypt and decrypt. Like this:
“This is a message” ==> Encrypt with Key ( 561173 ) ==> “VGhpcyBpcyBhIG1lc3NhZ2U=” ==> Decrypt with the same Key ( 561173 ) ==> “This is a message”
( This is just a demo, erm… no Base64 is harmed?! )
The above type of cryptography is called symmetrical cryptography, meaning that the key that is used to encrypt can decrypt the data. With this type of cryptography, it is hard to keep the key secure. If the oth
er side need to decode the message, he will need the key, and if the key is send along with the message, then whoever’s evasdropping can get the key also…
Therefore, there’s a new type of cryptography… I mean, newer than symmetrical cryptography, but older than most of us anyway. ( and yes, that includes YoYo too, one of the leet-est member I ever have in DA, and he’s 38 last year. )
It is called asymmetrical cryptography, as the name suggest, the key to encrypt, and to decrypt is different. Furthermore, you cannot derive one key from another.
How is this applied? Let’s take an example:
Bob wants to send a message to Alice.
Alice generate a pair of key. She send the encryption key to Bob. ( Eavesdropper gets the key too… )
Bob encrypt the message with the encryption key, he then send it. ( Eavesdropper can’t decrypt it, since the encryption key cannot decrypt, and the decryption key cannot be derived from the encryption key. )
Alice gets the message and decrypt it.
Let me introduce some terminology:
- Public Key is the key that you would allow everyone to know. In the case of signing files, it will be the decryption key. In the case of encrypting files, it will be the encryption key.
- Private Key, opposite of public key. No one, except you, should have it.
Also to note, most modern cryptography algorithms allows encryption or decryption with a key. Meaning that it is not fixed that this key can only be used for encryption or decryption. If you use a key to encrypt, then you would need the other key to decrypt. And vice versa.
Ok, enough Cryptography-101… I mean enough basic stuff, let’s move on to real applications.
Cryptography software allows us to:
- Create a pair of key
- Encrypt a file, that only the recipient can
- Sign a file
.. etc..
The software that I propose is Gnu Privacy Guard, also known as GPG. This software is compatible with PGP.
Although it is a CLi software, but you won’t need to touch the CLi interface anyway… There are GUIs out there.
For Windows:
Please go to http://www.gpg4win.org/ and download the software.
Here’s a step by step on how to verify a signed file:
1. You need to import the author’s public key.
– Start GPA.
– If prompted to generate key pair, it is up to you that when you want to do it, or if you want to do it at all.
Default Startup Scene.
Now Click Server->Retrieve Key:
Next, key in the key ID.
Then, it will tell you that it got the key. ( It requires internet access to fetch the key. )
Just to ensure nobody meddled with the key, you can verify the fingerprint:
Ok, now we are done with importing the keys.
2. Verifying the file.
– Go to the directory where the file is.
– Right click -> GPGee -> Verify/Decrypt File
– Then, it will tell you if the signature and the file is valid, or not.
– OK, now you are done!
For more information on my public key, visit the About page.
Feel free to tell me if any of you created any key pairs, so I can add them in also.
There are also many information on cryptography software like GPG, Google It!
====================================================================
Just some side news here:
- GMS GG rev 1000, MzBot survived it.
- Debian GNU/Linux 4.0 ( Codename `Etch` ) Released! Finally! I have been waiting for it for 5 month! Beta testing it for 3 month! ( and met no bugs… LoL! )
- Gonna help in the K Desktop Environment Project, possible areas:
+ Kig, part of the KDE Edu package. If possible, I will persuade the school to drop GSP.
+ Plasma, the shell. I got some idea for Application Launching methods….
+ Chinese i18n
But before that, I gotta brush up my Qt skills…. The last time I did Qt C++ programming was…I can remember then…
…
That was my PSLE year… before I started fiddling this 10-year old online game called MapleStory, before I started writing mailing spammer/flooder….
April 12, 2007 at 4:32 am |
Haha I really like this. I find this blog interesting. Good to see that mzbot survived rev 1000.
Good introduction and explanation of cryptography. I noticed some confusion regarding cryptography. I wouldn’t know about it though, if I hadn’t read about it before.
Qt is great. The only thing I’ve been focusing on learning in C++ so far except for combining man pages and a asset of standard libraries.
Great entry!