Ever since working with OpenPGP, I instantly fell in love with it and helped spread the word around whenever I could for people who wanted a more secure method of communication via email. Just recently, a friend wanted to learn more about this awesome email encryption technology and wanted to know where to actually begin his journey. I was looking over at some books on Amazon and decided to go with PGP & GPG: Email for the practical Paranoid by Michael Lucas. It had good reviews and the book was only a little over 200 pages so it’s not too overwhelming. After borrowing the book and reading it for myself, I can definitely say that it can help someone a whole lot to begin realizing the benefits of utilizing OpenPGP for secure email communications. It won’t make you an expert by any means but I don’t think most users care. If you’re already an expert, I don’t think you should be reading this book anyways because its all about the basics here. if you have no idea on what OpenPGP is, then go ahead and do a little research online first. If you are then interested, come back and pick this book up.
What the author does here is give you a taste of what OpenPGP can do for you as far as email communications is concerned. He explains the essentials such as confidentiality, authenticity and non-repudiation and most important of all, what public and private keys are in an asymmetric encryption scheme. The author does a good job in explaining things without really over complicating it. The good news with OpenPGP is that once you grasp the basic concepts of how it works, the rest becomes fairly easy to catch on. The author goes into great detail about The Web of Trust and how key signing works. This is the area where it might scare potential users away. However, while embedding yourself into The Web of Trust system can be beneficial to you and the overall OpenPGP scheme, it is absolutely not necessary at all if all you want to do is trade secure emails between known party members. If you are going to invest heavily in OpenPGP, then yes, you should learn all you can about The Web of Trust, especially if you will be trading secure emails with people you have never met before.
In the book, the author gives example of how to use OpenPGP with a couple of products. First is Symantec’s own PGP Desktop software. The basics to get the software up and running is included such as generating you own key pair, importing and exporting your key pair, signing other public key’s and generating a revocation certificate. Second, the author explains how to install and use OpenPGP in both Windows and a Linux environment via the command line for the latter. He chooses to show how to get things up and running with the popular Mozilla Thunderbird email client with the Enigmail plugin. Configuration wise, not much else is mentioned.
Like I mentioned earlier, this book won’t make you an expert with OpenPGP. What it will help in is getting users up to date with all the terminologies and concept behind the technology so that other users such as myself can have a meaningful discussion with them without getting the deer in the headlight response! As a strong believer in OpenPGP and email encryption in general, this book is fantastic for me to recommend to people who want more information on the subject but not caring for the “mathematics” part of it.
Purchase here from Amazon:
I’ve also personally written an article on OpenPGP and how to use it with the Thunderbird email client, which you can read here. If you are looking for someone to test OpenPGP with, feel free to download my public key so that we can trade secure emails with each other. If you are still confused about OpenPGP, shoot me an email and I promise I will do all I can until you actually get it!