Basic on PGP
PGP: a commerical encryption program
OpenPGP: the IETF standard followed by PGP (the problem) and GPG (proglem). The "PGP" in the title also resolves to it.
gnupg: GNU Privacy Guard, anothe encryption program that implementes OpenPGP.
gpg program shipped with most (if not all) Linuxes.
A format that contains one main (cryptology) key, one or more UserID (name + email), and zero or more subkey (attached cryptology key).
- anotomy of a GPG key
- The term 'key' is largely ambigious in a cryptology context. It can mean a number, a encoded form of that number, a file format of key (number) and other metadata, etc.
- A GPG key (file) is identified by fingerpoint (hashed public half of main key)
- This is not a immutable (thought it is).
- With secret half of the main key, one can modify the key and upload it to key servers.
- Key servers are mostly a key for anyone to host keys. One should trust only keys that are confirmed by other way (e.g. meeting offline).
- intermediate GPG
- Creating the perfect GPG keypair
- How to change the expiration date of a GPG key
Basically a PGP client for Android.
I found when used to keep PGP key, fidesmo card have a quite limited capacity:
- Only keeps 1 key
- I cannot save a existing key to it. i.e. A new key have to be created.
- The secret key part is always stored within the card, and cannot be exported.
- It's intended to be an authoritive key holder, rather than a backup key store. Reasonable from a security POV.
My use of them
- Passphrased copy, and
- keep 1