Some organizations use encryption tools based on the OpenPGP standard, rather than the International Telecommunications Union X.509 standard. OpenPGP uses the same basic Public Key Infrastructure principles for exchanging encrypted files, but uses a decentralized “Web of Trust” method of authenticating signatures.
PK Protect extracts and decrypts files that comply with the OpenPGP standard, RFC 4880. It can also create OpenPGP files encrypted using passphrases, public/private key pairs, or both; it will apply digital signatures with OpenPGP public/private key pairs too. In this section, you’ll learn more about the OpenPGP standard, and how to use PK Protect with OpenPGP.
Overview: OpenPGP vs. X.509
The X.509 standard relies on a hierarchical “trust chain” model, where an individual digital signature is issued by an intermediate Certificate Authority (CA), which is assumed to have received enough documentation to determine that an individual is who he says he is. The intermediate CA’s certificate gets its certificate, in turn, from a Root CA. Each certificate says who issued it, and theoretically if you question the authenticity of a certificate, you can find the documentation presented to the original CA.
OpenPGP certificates are typically created by individuals, and authenticated by other individuals. In the real world, you have friends who can vouch that you are who you say you are. If you walk into a room full of strangers, your friend can introduce you to the people he knows. Since you trust that your friend is correctly identifying his friends and acquaintances, that trust extends to his friends too.
When you translate the above experience to the electronic, OpenPGP world, it works this way: You create an OpenPGP certificate to identify yourself. When a friend comes to visit, display the certificate. The friend can now sign your certificate (often called “key signing”) and certify that this certificate represents you. Now everyone who trusts the person who signed your key can also trust that your certificate is authentic. A Web of Trust is developed as more people authenticate each certificate. Everyone in the Web of Trust can also exchange messages in the OpenPGP format.
Applying OpenPGP to Archives
To apply OpenPGP encryption or a digital signature to an archive, make sure that the OpenPGP Options are set appropriately to the task you are performing (including creating a new archive, adding files to an archive, refreshing or updating an archive).
Add files to a new archive as you would normally, then use the Save As dialog to save the archive with the OpenPGP file type. When you apply OpenPGP to a new archive, you actually create a TAR archive, which can be signed, encrypted, compressed (or any combination of those actions) in the same dialog. PK Protect uses only algorithms supported by the OpenPGP standard on OpenPGP files. These algorithms are listed in the next section.
Supported OpenPGP Algorithms
This table lists the supported OpenPGP algorithms used for encryption, signing, and hashing.
|ZLIB (RFC 1950)||Data Compression|
ZIP (RFC 1951)