Minggu, 09 Juli 2006

Book Review : PGP & GPG Email for the Practical Paranoid

How many people are in the habit of encrypting their email or even digitally signing it before sending it to a recipient ? It will be fairly correct if I state that a majority of us do not think twice about these things. But if you are a person who, in the process of conducting business is forced to rely on communicating and sharing sensitive details via email, then you should be concerned about the security and validity of the mail you send and receive from your clients and business partners. In such a scenario, tools which allow one to encrypt/decrypt data and digitally sign ones email gains a lot of prominence. And the tools PGP and GPG are two such robust tools which make use of advanced cryptography to achieve this.

The book titled 'PGP & GPG Email for the Practical Paranoid' authored by Michael.W.Lucas and published by 'No Starch Press' is a book which in my opinion is aptly titled and which I found to explain these concepts in an informative and entertaining manner. This is a relatively small book containing 11 chapters and spanning just around 200 pages. Irrespective of its small size, I found that the whole book covered all that one needs to know about the encryption technology and how to put it to practical use via PGP and its free alter identity GPG.

But to use the two tools PGP and GPG effectively, it helps if one is aware of the basic concepts behind the working of these tools. And in the first chapter titled "Cryptography Kindergarten" the author explains in a simple manner all the terminology related to cryptography and encryption that one will encounter while using PGP or GPG. The second chapter titled "Understanding OpenPGP" is an extension of the first chapter where the author elaborates on concepts such as keypairs and keyservers which play a very important role in the effective use of these two tools.

The third and fourth chapter of this book deal with installing both PGP and GPG on ones machine. And surprisingly, the author does not limit the discussion to just one operating system rather, installing on both Windows and Unix like operating systems are given equal importance. And these two chapters form an important part of the book as other than installing the software, one gets to know for example, how to generate the public/private keys and more. Interestingly, in these chapters, the author also give a couple of hints on the various steps to take in running the programs in a secure manner.

It is comforting to know that every aspect of using GPG and PGP has been covered in lucid detail in this book. For example, in one of the chapters, the author goes into a detailed explanation of managing ones keys and how to decide whether to trust a person or not.

One of the biggest uses of PGP and GPG are in their integration with any of the email clients available. By integrating these programs via plugins, it is possible to encrypt, decrypt and digitally sign all or selective emails one send or receive with the click of a button. In the 9th and 10th chapter of this book, one gets to know how to use either of these programs in conjunction with an email client. These chapters explore the concepts of digital signatures, creating custom policies and how to send and receive PGP signed email.

For the command line enthusiasts, two very good appendices are also included in this book which explain how to achieve most of the tasks using command line switches of the programs.

The concept of encryption is a rather dense subject to understand especially for people with a less technological bend of mind. But encrypting email or digitally signing ones email become inevitable where the stakes get high such as while conducting business and it is here that programs such as PGP and GPG adopt a larger role. And this book contains all that need to be known about the concepts of encryption technology and how to make use of it with the aid of tools like PGP and GPG.

On a different note, I found the design of this book quite pleasing and a joy to read with many tips provided in an eye catching light green background. And in my experience, just because a book contain good content will not guarantee that the book will actually be read. It should also be packaged in a way which is pleasing to the eye. And this book from No Starch Press comes on top in both content as well as structure and design.

Chapters at a glance
  1. Introduction
  2. Cryptography Kindergarten
  3. Understanding OpenPGP
  4. Installing PGP
  5. Installing GNUPG
  6. The Web of Trust
  7. PGP Key Management
  8. Managing GNUPG Keys
  9. OpenPGP and Email
  10. PGP and Email
  11. GNUPG and Email
  12. Other OpenPGP Considerations
  13. Appendix A : Introduction to PGP command line
  14. Appendix B : GNUPG command line summary
About the Author
Michael W.Lucas is a network and security engineer with extensive experience working with high-availability systems, as well as intra-office and nationwide networks. He is the author of the critically acclaimed Absolute BSD, Absolute OpenBSD and Cisco Routers for the Desperate books.

Book Specifications
Name : PGP and GPG - Email for the Practical Paranoid
ISBN No: 1-59327-071-2
Author : Michael W.Lucas
Publisher: No Starch Press
No of Pages: 200
Price : Check Amazon.com
Rating : Very Good

Tidak ada komentar:

Posting Komentar