~ SVW ~ Internet Security

~ S V W ~ Internet Security

Security in the digital world is a much ignored topic. For anyone with the slightest technical knowledge almost all communication across the internet is visible. Emails, passwords, web pages, ICQ chats, you name it, someone can easily access and change it. This is the equivalent of sending your bank account PIN in the post to someone in another country, living in a sharehouse, written clearly on a postcard!

I am not an expert in these matters, but I have an interest and here are some links that might be useful to you even if you are not a particle physicist living in the UK.

"As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It's true for cryptographic algorithms, security protocols, and security source code. For us, open source isn't just a business model; it's smart engineering practice." - Bruce Schneier, 15 Sep 1999

All the links are for Free Software, not because I am a cheapskate, but because privacy and security are a Human Right (Article 12, Universal Declaration of Human Rights) and everyone should be encouraged to support these Rights.

Contents
§ OpenPGP - File and email security.
§ OpenSSH - secure connections between machines.
§ Signed Web Pages - How to verify and create them.
§ Links to other related topics.

The Gnu Privacy Guard, GnuPG is a complete and free replacement for PGP. GnuPG is a RFC2440 (OpenPGP) compliant application.
My OpenPGP keys - so you can verify the pages I've signed.
My OpenPGP Signing Policy. This shows the policy I use when signing keys, emails and files.

OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on.
My page on making connections in ssh transparent. Based on my experiences with keychain.

Signed Web Pages - Verifying and Creating

If you see any of my pages that have as their first line

-----BEGIN PGP SIGNED WEB-PAGE-----

then the contents of the page have been digitally signed to prevent tampering.

Verifying [From PGP signed web-pages]

These pages are digitally signed with GnuPG. You can check to see if it has been altered, by using GnuPG or some other OpenPGP compliant software.

To do so, download or save the web page to your hard drive.

In Mozilla and Netscape, click on the word "File" on the menu-bar, then click on "Save as". In the "Save File as Type ..." box, make sure that "Source (*.htm)" is selected. Save the file with a ".htm" or ".html" extension, such as "index.html". Similar methods will apply to other browsers. Just make sure you save the file as html source code.

If you haven't already got my OpenPGP public key, you will need to get it now, and add it to your public keyring. Now, in the same directory that you have saved the file to, run "gpg --verify pgphtml.html" and PGP should tell you that the signature from me is valid. This proves that the page has not been tampered with.

Creating

To create a signed web page I recommend one of the following tools:

PGPHTML from SANFACE Software
Edward Bell's PGP signed web-pages.

I use PGPHTML to sign my web pages.

The fantastic A (not so) Short Rant / FAQ on the Subject of Signed E-Mail and Public Key Infrastructure by Karsten M. Self (local copy, please report if it's not up to date).
Why do you need PGP?

Stewart V. Wright <stewartvwright@gmail.com>

Last modified: $Date: 2006-05-05 16:18:09 -0500 (Fri, 05 May 2006) $