ALA |: “REVIEW OF: Michael W. Lucas (2006). PGP & GPG: Email for the Practical Paranoid. San Francisco, CA: No Starch Press. (ISBN: 1593270712; 9781593270711). 216 pp. $24.95.
By Wilfred (Bill) Drew
This work is a how-to book on using Pretty Good Privacy (PGP) and GnuPG (GPG) to encrypt e-mail messages. PGP and GPG can be hard to set up and configure. Lucas’ goal is to provide instructions and assistance in doing that.
PGP & GPG includes an introduction, 11 chapters, two appendices, and an index. The introduction provides a general background on both software packages as well as a very interesting history of the development of PGP including legal issues.
Chapter 1, Cryptography Kindergarten, is of particular value to those, such as the reviewer, new to the world of cryptography. It explains hashes, public-key encryption, and digital signatures. This chapter also defines the terminology used in cryptography and encryption.
In the next chapter, Understanding OpenPGP, Lucas examines the OpenPGP standard released in 1998 by the Internet Engineering Task Force (IETF). He explains the Web of Trust and parts of the technology involved in OpenPGP. He also discusses how to handle your key, get it signed or revoked, and the procedures for making it publicly available.
Chapters 3 and 4 provide detailed instructions on installing PGP or GnuPG. However, there is a major problem with Chapter 4, Installing GnuPG if your computer is on a Windows platform. It does not mention the package available at GPG4Win (http://www.gpg4win.org). It is much easier to install than using what is suggested in Chapter 4. The only problem is that all manuals are in German.
The Web of Trust, Chapter 5, examines how keys are related to each other, verification, and keysigning. Along with Chapters 6 and 7 where management of keys is discussed in PGP and GnuPG, this is perhaps the most valuable part of the book.
Chapters 8, 9,and 10 tells the reader how PGP and GPG interact with and are used in e-mail systems. Chapter 10, GnuPG and Email, is especially valuable for Windows users of Microsoft Outlook Express, Microsoft Outlook, and the open source email client Mozilla Thunderbird.
The last chapter of the book, Other OpenPGP Considerations, looks at many issues including where to store your private key. It also discusses other features found in various software packages written to supplement PGP and GPG. One concern does arise though. Lucas suggests storing your private key on a USB flash drive. What is to prevent someone from stealing a flash drive even if it is on your car key chain or in your watch?
Michael Lucas has written an excellent book that should be in every academic and public library. It contains an excellent index and also two appendices for the more skilled techno-geeks out there.
Wilfred (Bill) Drew is Associate Librarian, Systems and Reference at Morrisville State College Library.
Copyright TER LITA Library Technology Reviews © 2007 by Wilfred Drew. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author.
