ZNHOO Whatever you are, be a good one!


In this post, security refers to cryptography, authentication, signing, password management, confidential communication and implementation thereof.


Security -> Privacy -> Anonymity.

  1. Security (of data)

    When talking about security, we refer to securing the data contents, which must meet three basic prerequisite: confidentiality, availibility, and integrity. To guarantee data security, people encrypt data, store data in private place, etc.

    Please be noted data security is a static state of data management, serving as the mean to data privacy.

  2. Privacy (of data)

    Unlike static state of data security, privacy concerns utilizing secure data to ensure only authorized users can access it while unauthorized user cannot.

  3. Anonymity (of user)

    Anonymity means disconnection between user identify and Internet activity. Identity is user's electronic representation, mainly consisting of computer mac address, browser fingerprint, email account, etc. ISP and end web servers can easily trace your identity by sniffing Internet communication.

    Without security and privacy, anonymity is impossible.

PGP - Encryption

  1. Open Pretty Good Privacy (OpenPGP)

    OpenPGP is an IETF standard proposed by PGP inc.

  2. PGP

    PGP is a proprietary software in accord with OpenGPG standard, previously own by PGP inc. now acquired by Symantec Corp.

    PGP software comes before OpenPGP standard. In order to let PGP software thrive, PGP inc. proposed OpenPGP standard (PGP-complicant) to IETF.

  3. GNU Privacy Guard (GnuPG)

    GnuPG is another OpenGPG implementation free of distribution that obeys GNU General Public License (GPL).

  4. There are other PGP-compliant software such as GoAnywhere OpenPGP Studio.

SSH - Transmission

  1. Secure Shell (SSH)

    SSH is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users.

    SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols.

  2. OpenBSD Secure Shell (OpenSSH)

    OpenSSH started as a fork of the free SSH program, developed by Tatu Ylönen; later versions of Ylönen's SSH were proprietary software, offered by SSH Communications Security. OpenSSH was first released as part of the OpenBSD operating system in 1999.

    OpenBSD is a free and open source Unix-like computer operating system descended from Berkeley Software Distribution (BSD), a Research Unix derivative developed at the University of California, Berkeley.

  3. SFTP/SCP etc.

    SFTP/SCP are secure version of FTP/CP.

Cryptography library

GnuTLS and OpenSSH are different implementations of SSL/TLS/DTLS protocols.


GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them.

GnuPG depends on GnuTLS library.


OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide.

OpenSSH is a program depending on OpenSSL the library, specifically OpenSSH uses the libcrypto part of OpenSSL.


  1. OpenGPG/SSH - protocol standard.
  2. GnuPG/OpenSSH - implementaion.
  3. Gnutls/OpenSSL - underlying library.

Public/Private key

Losing sole possession of your private key is catastrophic.


  1. Public key encrypts message to you. Private key decryptes message recevied; signs document in your name.
  2. The term key usually refers to key pair which is a coulple of public key (--list-keys) and private key (--list-secret-keys).
  3. By default, two key pairs are generated, of which one pair is called master key pair for Signing and Certifying while another one is subkey pair for Encrypting.

    When addkey, a new subkey pair will be generated.

  4. Each subkey pair can be identified by hexadecimal --fingerprint --fingerprint, keyid (low 64 bits of fingerprint), uid, email address, etc.


  1. Check key information by ssh-keygen -lv and ssh-add -l.
  2. Use ssh-copy-id to distribute public key to remote server. It simply appends the public key file contents to remote ~/.ssh/authorized_keys.
  3. SSH key does NOT hold uid. On the contrary, email and notes are called comments which can be changed by ssh-keygen [-o] -c.