
Photo by Amol Tyagi on Unsplash_Key.jpg
Securing email communication with GnuPG
Key Master
GNU Privacy Guard (GnuPG) [1] is an open source tool used worldwide for encrypting and signing mail and files. Its implementation and use can be challenging when it comes to distributing certificates on a large scale and authenticating their origin. Flexible trust models such as the hierarchical model with a trusted key as the trust anchor and optional trusted introducers for domain-specific authentication simplify management.
The trusted key (certificate authority (CA) certificate) authenticates keys throughout the organization, while trusted introducers (intermediate certificates) add trust relationships to specific domains in a targeted way. Further details and background information can be found in the GnuPG white paper on certificate management [2].
GnuPG forms the basis for other tools designed for different security requirements: GnuPG Desktop [3] and Gpg4win [4] are user-friendly desktop versions. GnuPG VS-Desktop [5] is available for particularly secure use in government agencies and companies in which security and data integrity are paramount, especially when it comes to information with EU-RESTRICTED and NATO-RESTRICTED information [6].
Provisioning Keys in the WKD
A Web Key Directory (WKD) provides a simple and secure way to make public keys for email addresses available over HTTPS. The underlying standard was first implemented in GnuPG version 2.1.12 and has been enabled by default since version 2.1.23. The Web Key Service (WKS) complements this process by automating the management and publication of keys in a WKD, but it is not mandatory. Many
...Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
