TER Volume 14, Number 1, June 2007: Review of PGP & GPG: Email for the Practical Paranoid

Technology Electronic Reviews
Volume 14, Number 1, June 2007

~ Return to more reviews in this issue

REVIEW OF: Michael W. Lucas (2006). PGP & GPG: Email for the Practical Paranoid. San Francisco, CA: No Starch Press. (ISBN: 1593270712; 9781593270711). 216 pp. $24.95.

By Wilfred (Bill) Drew

This work is a how-to book on using Pretty Good Privacy (PGP) and GnuPG (GPG) to encrypt e-mail messages. PGP and GPG can be hard to set up and configure. Lucas’ goal is to provide instructions and assistance in doing that.

PGP & GPG includes an introduction, 11 chapters, two appendices, and an index. The introduction provides a general background on both software packages as well as a very interesting history of the development of PGP including legal issues.

Chapter 1, Cryptography Kindergarten, is of particular value to those, such as the reviewer, new to the world of cryptography. It explains hashes, public-key encryption, and digital signatures. This chapter also defines the terminology used in cryptography and encryption.

In the next chapter, Understanding OpenPGP, Lucas examines the OpenPGP standard released in 1998 by the Internet Engineering Task Force (IETF). He explains the Web of Trust and parts of the technology involved in OpenPGP. He also discusses how to handle your key, get it signed or revoked, and the procedures for making it publicly available.

Chapters 3 and 4 provide detailed instructions on installing PGP or GnuPG. However, there is a major problem with Chapter 4, Installing GnuPG if your computer is on a Windows platform. It does not mention the package available at GPG4Win ( http://www.gpg4win.org). It is much easier to install than using what is suggested in Chapter 4. The only problem is that all manuals are in German.

The Web of Trust, Chapter 5, examines how keys are related to each other, verification, and keysigning. Along with Chapters 6 and 7 where management of keys is discussed in PGP and GnuPG, this is perhaps the most valuable part of the book.

Chapters 8, 9,and 10 tells the reader how PGP and GPG interact with and are used in e-mail systems. Chapter 10, GnuPG and Email, is especially valuable for Windows users of Microsoft Outlook Express, Microsoft Outlook, and the open source email client Mozilla Thunderbird.

The last chapter of the book, Other OpenPGP Considerations, looks at many issues including where to store your private key. It also discusses other features found in various software packages written to supplement PGP and GPG. One concern does arise though. Lucas suggests storing your private key on a USB flash drive. What is to prevent someone from stealing a flash drive even if it is on your car key chain or in your watch?

Michael Lucas has written an excellent book that should be in every academic and public library. It contains an excellent index and also two appendices for the more skilled techno-geeks out there.

Wilfred (Bill) Drew is Associate Librarian, Systems and Reference at Morrisville State College Library.

Copyright TER LITA Library Technology Reviews © 2007 by Wilfred Drew. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author.


Technology Electronic Reviews (TER) is an irregular electronic serial publication of the Library and Information Technology Association, a division of the American Library Association, 50 E. Huron St., Chicago, IL 60611. The primary function of TER is to provide reviews of and pointers to a variety of print and electronic resources about information technology. Resources include books, articles, serials, discussion lists, training materials, bibliographies, and other items of interest to librarians and information technology professionals. The topics covered may include, but are not limited to, networking technologies and standards; hardware and software; operating systems; databases; specific programming languages; management tools and utilities; technical project management; training and personnel issues; library perspectives; and research and development.

Opinions expressed in this publication are those of the writers and do not necessarily represent the viewpoints of LITA, ALA, or organizations involved in the storage and/or distribution of the publication.

TER is distributed electronically via Internet. There is no subscription fee.


LITA provides its members, other ALA divisions and members, and the library and information science field as a whole with a forum for discussion, an environment for learning, and a program for action on the design, development, and implementation of automated and technological systems in the library and information science field.


LITA home page | TER home page