Book Review: PGP and GPG

I had a big deal of curiosity about PGP and GPG, and I had no idea which was which and why somebody thinks one is better than the other, and, like all things about security and privacy, I considered it to be a wise choice at the time...

Book Review: PGP and GPG

One of my new year’s resolutions for 2016 was to read a bunch more  books than I’m used to. I feel like I’m in a stage in my life where all  of that extra knowledge would serve me well down the road. On top of  that, I’d throw in a couple of less intensive learning books, because  let’s be honest: I won’t always feel like reading, and having to read  through a super dense 750-page tome is going to make me quit soon  enough. I hope to have a big shelf of books like that on my room one  day, but I also know I’m going to need a rest every once in a while.

Keeping  the story short, I bought a bunch of books from NoStarch. They got to  me through their Humble Bundle pack, and I basically forked up 15$ for  13 books. It was a steal.

To feel better about spending money on  books (let’s just say I didn’t stop at the Humble Bundle pack once I  opened their website), I’m gonna review every book here in a new  category that I’m nicknaming Honest Book Review (HBR). This way the  books will serve a second and final purpose: a no-brainer kind of way to  know what to write here on Medium. Plus, with all the reading I’m going  to be doing, it might be useful to know afterwards which book I liked  best if I ever feel the need to re-read.

With all that out of the way — lets get to it.


Book choice

I  had a big deal of curiosity about PGP and GPG, and I had no idea which  was which and why somebody thinks one is better than the other, and,  like all things about security and privacy, I considered it to be a wise  choice at the time. The only thing keeping me back was that I had just  over mild curiosity over the subject, and wanting to know more about it  could be done with a simple Google search. Having caught it on sale for  9,98$, I thought it might be worth the money. It turned out to be a bad  idea, which of course makes it well worth writing about.

First impressions

The  book is very well reviewed on the website, and that was what called out  for me to buy it. Reading through the first few pages you get the  impression it’s going to be a quick read because there are several  mentions about installation guides. This generally isn’t a good sign,  but after buying it there is little you can do but to try to enjoy it as  best you can. The author explains tremendously well the basic concepts needed to  understand PGP & GPG, albeit to a high level of abstraction. Having  already taken a couple of security courses, you basically nod yourself  through the introductory chapter. The author himself tells you to skip  it if you know your stuff already, but hey, all non-techy readers trying  to learn PGP or GPG would welcome all of his explanations.

Aside  from the introductory content, there’s also a great deal of motivation  for using PGP and GPG (although I’d wager that people who want to learn  how to use it might already know those reasons too well). You read about  pretty much every motivation there is for privacy and why your current  email solution gives you none. Then there’s the discussion about keeping your secret keys undisclosed,  and all of the issues about the Web of Trust. If you don’t know what  this means you should probably read the book!

The meat and potatoes

This  book is very objective. It branches into two sections, one for PGP and  the other for GPG, and each section contains explanations about the  inner workings of each system. Each chapter is very detailed while being  a very simple read, but of course that has its ups and downs. Aside  from the technical words, I didn’t need to use the dictionary. That’s  uncommon in most books I read.

Again, there are instructions on  how to install both systems, along with guides to setting up email  clients to use them with nostalgic pictures of Windows XP. The book is  10 years old!

I wish there was more I could say. I really do.

My opinion

Aside  from the introductory chapter going into some detail explaining  cryptographic principles, the rest just tells you how to use PGP and GPG  and what you can expect of it. Given the hype that privacy news have  had over the past few years I’d hope for a new edition, but we’re stuck  with this one for now. I’m not even sure if that would help since it  would only replace images of Windows XP for Windows 10. I was very  disappointed.

A note to the readers: I would recommend this book  to a computer science novice or someone that didn’t have a Computer  Science background anyday, but I also believe that they would not choose  this book themselves. A book with this sort of title will always  attract more knowledgeable people, and I feel they will have a similar  reaction to mine. I’d go further and say they can skim through the whole  book, which is something you’d never want to do as a content creator.  But again, it is a good and even important read for beginners and people  that are very into the whole privacy thing.

Continuing my rant  again, it pains me to think about how small of a group this book  actually targets. Not because there are many people that already know  what PGP and GPG are, but there’s a very small group of people that  care. At least, a small group of people that don’t know what those  systems are about and that would enjoy the read.

And the last  thing that I want to say and that pains me the most… Is that after  reading it, all I could think about is that I should have used Google  and be done in an hour with the curiosity I had about the subject, but I  ended up spending a couple of days. The upside is that I have a dusty  old ebook to remember how dumb I was. I feel bad for spending 9,98$ on  it.

That’s life, I guess. We live and we learn, and I was bound to find a book that didn’t please me eventually.