To summit page of drpartha.org.in

Partha's GPG public key

You will need my GPG public key, if you use GPG for doing any of the following:

• send encrypted emails to me
• send encrypted documents to me
• verify the authenticity (absence of tampering or modfication) of documents containing my digital signature

Meet the Professor and learn some cryptography

---

Never take chances with security !

What is GPG ?

• What is this GPG Public key ?GPG stands for GNU Privacy Guard , an excellent, public domain, FOSS tool for ensuring privacy and security on the Internet (plus more). GPG is distributed under GPL (GNU Public License, a liberal license which grants you several liberties). GPG is gratis software. With GPG and my public key, you can encrypt any message, or file, and send it to me. Only I can decrypt your message because only I know the corresponding private key (aka "secret key") for doing this decryption. The encryption cannot be broken by anybody else. This is the principle of what is known as public key cryptography (PKC). GPG does many more things, in addition to PKC. The GPG web site has lots of very well written tutorials on cryptography, and security. You can also download the GPG tool from this site. In general, GPG comes free, with all standard Linux distributions (unlike that other fliMSy-cluMSy-MeSsy operating system).
  
  A neat overview and intro to GPG is here.
  
  A well -organised catalogue of GPG commands is here.
  
  

• Wish to learn more about cryptography, GPG and e-security ? Learn some cryptography from Prof. Partha. We can organise training programs on cryptography and GPG for you, at your institution and at your convenience. Send an e-mail to drpartha@gmail.com, for details.

• Defend yourself :
  • Read this self-defense guide , from FSF. Read this tutorial thorougly, first.
  • Learn and use GPG : An interactive GPG tutorial [sorry, this is not yet ready ;( ]
  • Download a copy and keep this GPG cheat sheet handy.

Partha's GPG public key ( AE6D555C )

Download the key ( AE6D555C ) and verify its authenticity

GPG software

• First check the md5sum of the file you downloaded. The md5 checksum of Dr. Partha's public key (keyAE6D555C.asc) file is here You can use this md5 checksum, to detect if this file (keyAE6D555C.asc) has been tampered. You can also ask Dr.Partha how to use md5 for verification. If the md5 verification fails, delete/discard the above file. Report this failure to drpartha@gmail.com
  Go to the next step, only if the md5 verification succeeds.
  
  
• If the md5 verification succeeds, use GPG software to add the key to your GPG keyring. Since crooks can go to any extent, I have electronically signed the md5 file using my own secret key and GPG. The signed md5 file is here. To use this signature file, please see the explanation of this procedure. If the signaure verification fails (impossible to verify signature , or "bad signature" error), delete/discard the key from your key ring.
  Report this failure to drpartha@gmail.com .
  Go to the next step, only if the signature verification succeeds.
  
  
• Then, check that the fingerprint of the key you got, matches the fingerprint given above. If the fingerprint verification fails, delete/discard the key from your key ring. Report this failure to drpartha@gmail.com.
  Go to the next step, only if the fingerprint verification succeeds.
  
  
• To make absolutely sure that you have indeed an authentic copy of my public key, you must reconfirm the "fingerprint" of this key with the "fingerprint" of the original key with me, by directly contacting me. You must do this confirmation process in addition to, and after making the comparisons mentioned in the earlier paragraphs. Since you have not yet confirmed my public key, do not use email for making this confirmation. You can start secure and confirmed email correspondance, after my public key has been verified by you.

To be absolutely "absolutely sure" : Follow the public key negotiation protocol

What next ?

You will have to do the above authentication/confirmation tests only once, before you can start using Parha's public key. After you have installed and tested GPG, and after you have obtained and confirmed Partha's GPG public key:

1. Send an encrypted test message to Partha using Partha's public key which you have just downloaded and verified.
2. Try to create a GPG key pair for yourself. "Export" your public key to a file and send me this public-key file. I will then send you an encrypted test message (using your public key), for you to decrypt (using your private/secret key). In fact, you can even encrypt the public-key file you send me (i.e. your public key), using my public key !
3. Inform all your friends and colleagues, and make your public key visible to as many people as possible. You may even decide to upload your GPG public key to a public GPG key server, or distribute your public key yourself.
   Partha does NOT use any public key server.
4. To make the best use of GPG, build or join a web of trust
5. Join a community of cryptography practioners.

^^ ADMINISTRIVIA -- drpartha ^^

---

This file is located at :
https://drpartha.org.in/drpartha/publikey.htm
This file was last modified on: 10/16/21 (mm/dd/yy)
Comments / suggestions to : drpartha@gmail.com
Page developed by: Algologic
Visit : Warning and Disclaimer
We support standards

---

Go to TOP