Cryptography on Linux

Crypto Services

Cryptography is not just algorithms and numbers. It would be much simpler if it was. Cryptography often requires, or provides, addition services to make it effective.

It's one thing to simply hand someone your key. It's another thing when that person is miles away. Keyservers on the network provide central repositories for keys where anyone can retrieve. They can have their downside, however. Bruce Schneier says that he has been unable to remove a bogus key in his name from the PGP key servers because they keep resynchronizing and readding faster than he can get it removed.

While PGP can help authenticate who you are and can secure messages coming to you, with a little help it can also nail down when something occured. PGP TimeStamping services will sign and date messages in a non-refutable maner.

PGP Key Signing Services are also available from some organizations such as USENIX. This is in addition to keysigning BOF's which occur at conferences like this one. A key signing service sits somewhere between the web of trust model and the certifying authority hierarchy model.

Certification Authorities are required for certain models of key distribution and management, while other models can optionally take advantage of them.