|RICHTER, MILLER & FINN
Northern Virginia &
P.O. Box 216
Catharpin, Virginia 20143
Richter Miller & Finn provides the following information
about the PGP encryption software and the Public Encryption Keys used by
the law firm.
Please let us know if this information is helpful. We are particularly interested in how to make it more useful!
The PGP Encryption / Decryption software may be used to encrypt e-mail or files in a very highly secure manner so that it is virtually impossible for anyone other than the intended recipient (and the sender) to be able to decrypt and recover the original e-mail message or file. Cryptography experts estimate that the present PGP encryption scheme (using 1024 bit or larger) keys would require many, many years of effort by someone with enormous computer resources to break, rendering such efforts wholly impractical for the foreseeable future. These security benefits may be obtained with the PGP Software using either PGP Conventional Encryption or the recipient's PGP Public Encryption Key.
When PGP Conventional Encryption/Decryption is used and careful controls over the key is maintained, only the recipient (and the sender) will know the encryption/decryption passphrase which is required for encryption and for successful decryption. The sender and the recipient need exchange and agree upon a secure passphrase (i.e., the key) only one time, and in many situations, there is no need to change the agreed upon secure passphrase once selected. The same passphrase is used by both the sender and the recipient. This simplifies both encryption and decryption procedures for routine, highly secure, point to point electronic communications.
The procedurally more difficult, PGP Public Key Encryption techniques may be used for the electronic exchange of secured passphrases which will later be used with PGP conventional encryption procedures. However, in many real world situations, much simpler procedures are acceptable for the exchange of passphrases for use with PGP conventional encryption for sensitive files or email text which will later be exchanges between the parties: e.g., passphrases may be sent in fax messages, plain text email and/or by voice (telephone) calls. These simpler procedures for exchange of secured passphrases are particularly appropriate when the primary risk of compromise for the sensitive electronic communications is an inadvertent interception or loss while enroute over the Internet. Most of the people we are currently exchanging sensitive electronic communications with who wish to use encryption prefer the simplicity of the PGP conventional encryption approach.
The most current versions of the PGP security (encryption/decryption) software run on Windows and Unix platforms and are fully upwardly compatible with the earlier PGP Version 2.6.2 software for PGP conventional encryption.
When the intended recipient's PGP Public Key is used with the PGP software for encryption, then the e-mail message or file may only be successfully decrypted, read, understood or used by the recipient. When the recipient's PGP public encryption key has been used for encryption, only the recipient will have the secret key which is needed for successful decryption. (In practice the sender usually also encrypts with a second public key, the sender's own public key, so that the sender can also recover the encrypted e-mail message or file.)
The basic communications security considerations which favor the use of the high level encryption provided by the PGP software in certain situations are discussed elsewhere on these WWW pages.
Information about where to obtain various versions (including "free" and commercial versions) of software which implements the PGP Conventional Encryption and Public Key Encryption schemes is available at the MIT PGP Server. The PGP Software Version 2.6.2 which is available to run under DOS (including in DOS boxes under Windows and Unix) and under Unix is not the most current version, but is still widely available, widely used, and fully supported. Later versions which run under Windows and Unix and are upwardly compatible in most respects with Version 2.6.2. The PGP software is also available as freeware from many sources, within and outside of the U.S. for these computer types.
Those who are concerned with communication security issues and not already familiar with the PGP software should obtain a copy for evaluation. Details about where and how to get the commercial or freeware versions of the PGP encryption software are provided elsewhere on this WWW server. The written (or printable) documentation accompanying the PGP software explains how to use it. An excellent book -- from the end user's perspective -- on how to use the earlier versions of the PGP software (Version 2.6.2) is: PGP: Pretty Good Privacy, by Simson Garfinkel, Publisher: O'Reilly & Associates, Inc. 1995.
Below, we provide copies of the two PGP Public Encryption Keys which are published and which can be used for secure electronic communication with this law firm. These keys are based upon the PGP Version 2.6.2 software. We are not currently using published public keys based upon the PGP Version 5.0+ software. The reason for this is simple: as mentioned above, almost all of our current needs for highly secure, point to point, electronic communications and file transfers are being met with PGP conventional (as distinct from public key) encryption techniques. Almost everyone we deal with finds this much simpler to use and completely adequate once a secure passphrase (i.e. conventional key) has been exchanged and agreed upon. Use of public key encryption does provides a very high security method to exchange such a secure passphrase for conventional key encryption, but as noted above, much simpler procedures to exchange such secure passphrases are available and adequate in many (most) circumstances.
We are providing here our two PGP (Version 2.6.2) Public Encryption Keys, either of which may be used to send us encrypted E-mail (or files) with very high security over the Internet or via other methods (e.g. mailed or messengered diskettes). Those who are already familiar with the widely available PGP Public Key encryption/decryption software will know how to use this information immediately. Others should consult the documentation or the book recommended above.
This first PGP Public Encryption Key (which immediately follows) corresponds is the PGP Public Key for the law firm. You may copy the following text directly from this WWW Page and save it to a file on your local computer:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy6y114AAAEEALlszSOU3Te4OfHJGEKHNlvoRSMBgeBtl9mPma37bTcX/vLH vKu+GK3q/LcfKUNG1JIkWQxG21KGQBUc0AXHBPHN4l4do0x86QYspCAp2l/n8WKk rz99sEyVatSsq2dsuSNiPOTl+mXXIYNmHUhOMK7A+6+/Y2GbPsrS9ds+GIi1AAUR tBdSTEFXIC0gV2FzaGluZ3RvbiwgRC5DLg== =gjVY -----END PGP PUBLIC KEY BLOCK-----
Also you may click here to download the file: RLAW.ASC from this WWW Server now using your Web Browser. The file, RLAW.ASC, contains this PGP public key for the law firm. Be sure to set your Web Browser to save this file to harddisk before starting to download.
This second PGP Public Encryption Key (which immediately follows) corresponds is the PGP Public Key for the Paul S. Richter, senior partner in the law firm. You may copy the following text directly from this WWW Page and save it to a file on your local computer:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy6yzRcAAAEEAMPTOpQ2tcI7fr172HSIUK3MTjSawNhyR6WPGoeLjKMXgxY3 YDO1MqIOJzIl8rO3iToFDLkMaZEzCKWFXJGKdsQr6MuLlTfCR+Ybp9QFQk7XnMlB HttW75HcsjoLZOCA7n1wkrS0les3flRiyAbQi7m4jUbaP9koaO7Z5JMLG2MlAAUR tCNQYXVsIFMuIFJpY2h0ZXIgLS0gV2FzaGluZ3RvbiwgRC5DLg== =LTgo -----END PGP PUBLIC KEY BLOCK-----
Also, you may click here to download the file: PSRWSHDC.ASC from this WWW Server now using your Web Browser. The file, PSRWSHDC.ASC, contains this PGP public key for the Paul S. Richter. Be sure to set your Web Browser to save this file to harddisk before starting to download.
Your Web Browser will permit you to save a copy of this page as a file on your local computer. If you do that, you can later access that saved file and then copy either or both of the Public Encryption Keys (as set out above) from that saved file to another file for use with the PGP software.
No matter what means you use to obtain copies of these Public Encryption Keys, you should use the PGP software to verify that the "signature" associated with each key conforms to the following:
Type bits/keyID Date User ID pub 1024/3E1888B5 1994/10/29 RLAW - Washington, D.C. Key fingerprint = 3C 35 46 E3 48 03 09 EA 2F 9A A0 8D A6 99 53 F3 pub 1024/0B1B6325 1994/10/29 Paul S. Richter -- Washington, D.C. Key fingerprint = EC E6 F7 EC 3D 1D 3A 80 12 F8 18 D4 EB E9 4A 32
|Copyright © 1994 - 2009 - Richter, Miller & Finn - Last Update: June 2009
Constructive suggestions for improvements are always welcome!