by July 7, 2001 0 comments



You’ve read about using PGP with Outlook Express in Windows
to encrypt and decrypt messages. PGP software is also available for Linux. (See
article ‘Secure win PGP’, page 111) We configured PGP to work with Kmail,
which is an e-mail program in Linux. To set up PGP, mount this month’s CD and
copy the file pgp50i-unix-src.tar.gz to a directory, say /opt. Uncompress and
untar the file as follows:

mount /mnt/cdrom

cp /mnt/cdrom/cdrom/linux/pgp/pgp50i-unix-src.tar.gz /opt

cd /opt

tar -zxvf pgp50*

This will create a directory pgp50i in /opt directory. Change
to the src sub-directory in this directory and issue the following:

./configure

make

make install

Next, edit a file named profile in /etc directory to append a
line:

export PATH=$PATH:/usr/local/bin

This will include /usr/local/bin in the path. PGP executables
are placed in this directory.

Creating the public-private key pair

The next step is to create your public-private key pair.
These are generated as follows:

pgpk -g

You’ll be prompted to answer some questions. The first lets
you select between DSS or RSA encryption techniques. The next step lets you
choose the key size. This specifies the number of bits to be used in keys, and
can be between 768 to 2,048 bits for RSA and 768 to 4,096 bits for DSS. Higher
number of bits takes more processing power, so it takes longer to generate the
keys, and encrypt and decrypt mail messages. Next you are asked to enter a user
ID, which can be just your name, or in the form of ‘name ’ like ‘shekhar < shekharg@cmil.com>’. The latter is
preferable as it also tells the recipient the e-mail address associated with the
key.

In the next step, you enter the number of days for which your
key will be valid starting from the date of its generation. The key will never
expire if you set this value to zero, which is the default value. Next, you’re
asked for a passphrase or password, which will be used each time you encrypt
your or decrypt your e-mail. The next step is the key generation process. To
generate a truly random key pair, it’s better to generate movement in your
system, for example, through your keyboard or mouse. You can then submit your
key on a key server by entering its URL, for example, http://pgpkeys.mit.
edu:11371.

Configuring Kmail

Now that PGP’s configured, it’s time to use it with an
e-mail client. First ensure that you have the K-Desktop installed. If you want
it to run whenever you give the ‘startx’ command, type ‘kde’ in a file .xinitrc
in your home directory. Now run Kmail by selecting K>Internet>Mail client.
Next, select Settings from the File menu and click on the PGP tab. Enter your
PGP user ID, which is ‘shekhar < shekharg@cmil.com>’ in our case. You’ll
now find two check boxes. The first one gives you the option of storing the
passphrase. If you check this option, your passphrase will be asked only once
and then be stored in memory. Checking the second option lets you see the
encrypted e-mail which you send.

The Indian scenario

There are many who would like to believe
that Open Source software is ideally suited for a resource-challenged country like India.
Those who do so, miss the point that lies at the core of the Open Source movement. The
success of Open Source software has very little to do with the fact that it’s mostly
(though not always) without cost. While many Open Source users are attracted to it because
it’s free, almost always, they stay with it for a much better reason—Open Source
products are also better. A quick look at the list of Indian corporates who’ve
embraced Open Source solutions will drive home a pertinent point—not one of them is
on the list because they couldn’t afford a commercial solution. Free beer gone flat
never attracted anyone.

As one regular poster to the Linux-India
mailing list said: "To believe that cost is an issue with Open Source, is to
misunderstand the etymological roots of the word "Free". Indians are Free, but
Indians are not cheap". He wasn’t just waving the tricolor. He was talking
reason—pure, sound, technical reason. That he was economically right too, was
incidental.

The success of the Open Source development
model derives from the opportunities provided by the Internet. It’s commonly
acknowledged that cheap (free) Internet access in American (not to forget Finnish)
universities was the fuel that drove the movement. The corollary to this is also sadly,
true—since the bulk of Indian universities took an inordinately long time to get
connected, the list of native Indian Open Source products while growing, still remains
miniscule. What little (but commendable) development that exists here is initiated by
commercial firms porting popular Indian applications to Linux (Tally is a superb example).
The message is clear—as you sow Internet access, so shall you reap Open Source.

It’s time to reverse the trend now.
And fast. Several institutions and universities, notably the IIIT (Hyderabad), as well as
small universities like the Goa University are setting up infrastructure and facilities
for students to jumpstart local Open Source development. Short-term training
programs—like the recent ones on the Linux kernel at the IIIT and on Open source for
corporates at Goa University—are first lunges in clawing our way back into the race.
The list of speakers and resource persons at these two programs reads like a who’s
who of Indian Open Source gurus. The Advanced Center for Informatics (ACI), set up at Goa
University with generous support from the National Informatics Center (NIC) of the
Government of India, aims to promote development, and disseminate support and training for
Open Source products in India. With a firm and steady eye on the economic opportunities
presented by Open Source, the ACI even plans to set up an Open Source incubator for
student projects to help them raise venture capital. It always helps to have a bank next
to a lab.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.