() OpenPGP – This is not a piece of software, but rather a standard that was developed out of PGP. PGP – “Pretty Good Privacy” was created by Phil Zimmermann in the early ‘90s and was the first popular method for encrypting data using private and public key pairs. One of the most confusing things for people new to PGP is that you will see mention of PGP, OpenPGP, GPG, and GnuPG in similar contexts. Terminology – PGP, OpenPGP, and GPG PGP is one of the oldest and most prolific means of encrypting messages for digital communication. Public keys can be shared openly because they can only be used to lock messages it is the private key that unlocks the message. So if the message is intercepted in transit, it’s useless to anyone except the holder of the private key. Using our example above, the public PGP key in the signature line can be used by anyone to encrypt a communication, but only our target will be able to decrypt it because they hold the corresponding private key. Terminology – Public and Private Keys PGP encryption relies on a key pair commonly referred to as “public” and “private” keys, which are used to encrypt and decrypt digital files (such as an email message). The following will give you a simple overview of PGP terminology and how you can use open source tools to send and receive encrypted messages. You wish to initiate communication with the target but are unsure of what a public key is and how to make use of it. They also indicate they will not respond to any direct messages which do not use their public key. You locate a post of interest and note that the user has listed a public PGP key as part of their signature line. Let us say that you are investigating targets who are selling contraband on a popular criminal forum. There are, of course, plenty of legitimate use cases for encrypting communications, but for our purposes here, we will use an example of communicating with a target as part of a cyber-crime investigation. References to these keys are often added to online profiles or forum posts as a means of soliciting secure, private communications. From time to time while tracking targets online, you have no doubt seen mention of PGP or GPG public keys. Although many of you privacy enthusiasts may use PGP encryption on a regular basis, some of our audience is new to it, so this post will strive to provide a basic explanation. Recently, one of our members presented the following scenario which provides an opportunity to explain the basic use of PGP encryption. My favorite recommendations are those which reflect real world scenarios that are directly applicable to our intelligence work. In our online training program we are fortunate to have an active community where members can help drive the curriculum.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |