LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-13-2005, 04:29 PM   #1
little_penguin
Member
 
Registered: Nov 2004
Location: Scotland
Distribution: Suse 10 - Running KDE
Posts: 314

Rep: Reputation: 30
Angry PGP Signature?


Being the very nostalgic sad geek that I am (and very new to linux) I was about to install this -
http://fuse-emulator.sourceforge.net (a zx spectrum 48k emulator)
Did I mention I am new to Linux? So I looked at the download section and it is telling me something about PGP singantures, so I think what is this? So I type it into Google and I get back all this stuff that is starting to hurt my brain and looks like binary code, so in essence, can anyone give me a very very very (very very very) basic rundown on what a PGP signature is and how I can use it or even if I need to use it, all I know so far is that it has something to do with security, so Id like to know more, now I am worried this download is insecure, this is beginning to remind me of the dark days (when I had windows and was worried about sypware) can PGP help me be more secure on my shiney new Linux machine?
If so, how, someone tell me, please.

Thanks
 
Old 05-13-2005, 04:51 PM   #2
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,782
Blog Entries: 1

Rep: Reputation: 413Reputation: 413Reputation: 413Reputation: 413Reputation: 413
The short answer.....A PGP signature is a way of verifying that you are actually you.

The longer answer......

PGP (or GPG its open source equivalent) is a piece of software that generates two keys used for encryption, a public key and a private key. The upshot is that anything encrypted using one of the keys can only be unencrypted using the other. So in this case, if you encrypt a signature with your private key, anyone in possession of your public key can unencrypt the signature and be assured that you are actually you. You can also use PGP keys to encrypt a great deal more than just a signature. For example, you could encrypt any text like an email, and it would therefore only be readable by people who have your public key. Furthermore, anyone with your public key could ecrypt email or files and only you could unencrypt them with your private key (assuming you've been good and your private key hasn't gotten loose).

There are actually reams of discussions on proper key security and authentication, but hopefully this gives you a basic grasp of what PGP is about.
 
Old 05-13-2005, 04:57 PM   #3
little_penguin
Member
 
Registered: Nov 2004
Location: Scotland
Distribution: Suse 10 - Running KDE
Posts: 314

Original Poster
Rep: Reputation: 30
Okay cool Thanks for that I understand now

Although - in regards to the site link that I posted, how can I use this system to verify the software has come from the guy who made it? Do I need a picece of software to read his signature files? or doesnt it work like that?

Thanks for your help
 
Old 05-14-2005, 08:33 AM   #4
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
Go to http://www.gnupg.org. Download and install (requires that you know how to 1) compile/install software or 2) RTFM). Then download a file along with the verification signature and do the following:
Code:
$ gpg --verify blah.tar.gz.asc blah.tar.gz
If all is well, you should see several lines of output but one of the first couple will say "Good signature from...". If you see a message such as
Code:
 Checking signature from <whoever> 0x123456
Error: Public key not found
then you need to obtain this individuals public key:
Code:
gpg --recv-keys --keyserver php.mit.edu 0x123456
then run the first instruction again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Pgp Ruishanko Linux - Newbie 13 10-07-2004 03:59 PM
PGP signature sopiaz57 Linux - Security 2 11-25-2003 09:30 AM
Sign pgp facs Linux - General 4 09-25-2003 03:20 AM
Ximian 1.2.2-4 and PGP v6.5.8 pld Linux - Software 1 07-25-2003 08:23 AM
PGP or GNUPG SkYzOpReNiCk Linux - Software 1 02-28-2001 04:49 PM


All times are GMT -5. The time now is 07:49 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration