Thursday, May 12, 2011

Dynamic and Lexical Scope in Perl

1 What is Scope?

1.1 The dictionary definition of "scope:"

  • The range of one's perceptions, thoughts, or actions.
  • The Breadth or opportunity to function.

1.2 As applied to variables in computer languages:

  • Scope refers to the visibility of variables within a program; for example, whether one function can see a variable created in another function.
  • Scope is a context within which to resolve names.

2 Why We Care About Scope

  • We want to know where a variable be seen in our program.

2.1 Two Questions

  1. If I declare a variable in a subroutine, will other subroutines be able to access it?
    • I \textcolor{red}{don't} want them to be able to access my variables!
    • I \textcolor{red}{do} want them to be able to access my variables!
  2. If another subroutine creates a variable, can I use it in my subroutine?

2.2 Bottom Line

  • Different kinds of scope used in different situations may make our programs easier to write and debug.

3 Two Types of Scope

  • Today, we'll be investigating two types of scope that are defined in Perl (and many other languages).
    1. Dynamic
    2. Lexical

4 Dynamic Scope — What is it?

  • Dynamic scope is a property of program execution.
  • Dynamic scope is global:
    • That is, variables that have dynamic scope can be seen everywhere.
  • Dynamic scope allows shadowing
    • Multiple instantiations of a variable hide previous instantiations.

5 Dynamic Scope Implementation Overview

  • Each variable has a global stack of bindings
  • Introducing a variable, for example, 'x' pushes a binding on x's global stack.
  • Evaluating x in any context yields the top of x's stack.
  • When program flow leaves x's scope, the binding is popped off x's global stack.

6 Dynamic Scope: Pseudo-code Example:

6.1 C-Like Pseudo-code 

int x = 0;
int f() { return x; }
int g() { int x = 1; return f(); }
g();
print x;

6.2 Note

  • When function f() is called from g(), what is the value of 'x' inside of f()?
    • The value of x inside of function f is 1.
  • What is the value of x in the print statement?
    • In the print statement the value of x is 0.
  • With dynamic variables knowing the flow of control of the program is essential.

7 Dynamic Scope Summarized

  • Dynamic variables are global
  • New instantiations shadow previous instantiations
  • Dynamic variables depend on the path of program execution.

8 Lexical Scope — What is it?

  • Lexical scope is a property of the program text.
  • With lexical scoping, the name of a variable always refers to the \textcolor{red}{local lexical environment}.
  • Thus, when a lexical environment is created, only variables created in that lexical scope are visible.
  • A lexically scoped variable is private to the block in which it is declared and is available only to that block.
    • It is not available to subroutines that are called from the block.
  • Sub-lexical scopes can, by definition, see variables in the outer lexical scope.

9 Lexical Scope: Pseudo-code Example:

9.1 C-Like Pseudo-code 

int x = 0;
int f() { return x; }
int g() { int x = 1; return f(); }
g();

9.2 Note

  • When function f() is called from g(), what is the value of 'x' inside of f()?
    • It would be 0.
  • Assuming lexical scoping, why can the function f see any x at all?
  • Notice that with lexical variables, the code becomes immediately more modular.

10 Dynamic Scope in Perl (1)

10.1 Perl Code: 

$x = 0; 
sub f() { 
  print "From function f:\$x=$x\n";
}
sub g() {
  $x = 1; 
  f();
}
g();
print "Finished:\$x=$x\n";

10.1.1 Output: 

From function f:$x=1
Finished:$x=1

10.1.2 Note:

  • "$x = 0;" at the top of the program is unnecessary.

11 Dynamic Scoping in Perl (2)

11.1 Perl Code: 

sub f() { 
  print "From function f:\$x=$x\n";
}
sub g() {
  local $x = 1; 
  f();
}
g();
print "Finished:\$x=$x\n";
if (not defined $x) {
  print "x is not defined\n";
}

11.2 Output: 

From function f:$x=1
Finished:$x=
x is not defined

11.3 Note:

  • $x is instantiated as local in function g and therefore available in function f.
  • At the end of the program, x is not defined.

12 Dynamic Scoping in Perl (3)

12.1 Perl Code: 

$x = 0; 
sub f() {
  print "From function f:\$x=$x\n";
}
sub g(){
  local $x = 1; 
  f();
}
g();
print "Finished:\$x=$x\n";

12.2 Output: 

From function f:$x=1
Finished:$x=0

12.3 Note:

  • We see in this case that using local caused the initial value of the global $x to be shadowed.

13 Summary of Dynamic Scope in Perl

  • Dynamic scope is global
  • Dynamic scope allows shadowing
  • Dynamic scope in perl is created using the keyword local.

14 Lexical Scoping in Perl

14.1 Perl Code: 

$x = 0; 
sub f() {
  print "From function f:\$x=$x\n";
}
sub g() {
  my $x = 1; 
  f();
}
g();
print "Finished:\$x=$x\n";

14.2 Output: 

From function f:$x=0
Finished:$x=0

14.3 Note:

  • Lexical scope is created with my
  • The lexical variable x in function g is not available in function f.

15 Global Lexicals

15.1 Perl Code: 

my $x = 0;
sub f() {
  print "From function f:\$x=$x\n";
}
my $x = 1;
sub g() { 
  print "From function g:\$x=$x\n";
}
f();
g();

15.2 Output: 

From function f:$x=0
From function g:$x=1

16 Lexical Scope in Perl Summary

  • Lexical scope makes a variable private so that it can only be seen in its lexical block.
  • Lexical scope in perl is created using the keyword my.

Date: 2011-05-12 09:45:34

Author: Karl Stump

Org version 7.5 with Emacs version 23

Validate XHTML 1.0
Posted by at No comments:

Friday, March 12, 2010

Lisp Insertion Sort: Beautiful!

Table of Contents

1 Insertion Sort in Lisp 

CL-USER>(defun i-sort (lon)
          (cond ((null lon) nil)
                (t (ordered-insert (first lon) (i-sort (rest lon))))))
I-SORT
CL-USER> (defun ordered-insert (num lon)
           (cond ((null lon) (cons num nil))
                 (t (cond ((>= num (first lon)) (cons num lon))
                          (t (cons (first lon) 
                                   (ordered-insert num (rest lon))))))))
ORDERED-INSERT
CL-USER> (i-sort '(4 1 2 3 5))
(5 4 3 2 1)
CL-USER>

Ahh!! Beautiful.

Posted by at No comments:

1 Introduction

I'm working through Paul Graham's excellent 1993 book, On Lisp.

In one sections he discusses how to make recursive calls to closures. As the Wiki entry says: "In computer science, a closure is a first-class function with free variables that are bound in the lexical environment."

This is exactly correct. I guess I've known about closures for at least 15 years, maybe longer. Thus, when reading Graham's discussion of closures in Lisp, I didn't figure that I'd learn much new, but was certainly looking forward to the discussion from a Lisp perspective.

His first example caught me off-guard: 

(defun list+ (lst n)
  (mapcar #’(lambda (x) (+ x n))
          lst))

He writes: "If we look closely at the function which is passed to mapcar within list+, it’s actually a closure. The instance of n is free, and its binding comes from the surrounding environment. Under lexical scope, every such use of a mapping function causes the creation of a closure." (p.18)

I'd never thought the nature of the lambda expression when using mapcar in a lexical scope. I wouldn't have called it closure. Probably because the lambda expression is created and destroyed within the lexical scope of the enclosed variable.

Graham's definition was forcing me to call something a closure, before the lexical scope had been destroyed.

I was introduced to closures through Perl and blessed pointers. Anonymous functions were created, closed around my variables (free lexical variables in perl are my variables) and their reference returned. With the lexical environment destroyed upon that return, the variable entry removed from the symbol table, there was no way to get to it, unless you could manipulate it through calls to the closure. (Hello object oriented programming.)

Graham's presentation made me question whether or not the value of the enclosed variable could be changed after the function had been instantiated, but before the lexical scope was destroyed.

What if I played with the enclosed variable before the lexical scope vanished?

Of course the question is really this: does the closure have the address or the value of n?

I felt like I knew the answer, even though my brain kept repeating, "you cannot access variables contained in closures, you cannot access variables contained in closures, warning, warning."

But I knew I could. I became a mad scientist, or at least like Gene Wilder's interpretation of one: "It could work!" 

(defun test (n)
  (let ((x 0))
    (setq x #'(lambda () (setq n (1+ n))))
    (setq n 33)
    x))

Then: (setq x (test 1) and (funcall x)

What's the value returned by the funcall?

That's what got me. My brain kept repeating that enclosed variables could not be changed, therefore the value 2 must be returned. After all, n is enclosed.

But then comes the realization that the lexical scope of n had not vanished after the instantiation of the closure into x. The variable n is still very much accessible outside the closure for one brief, fleeting, s-expression, (setq n 33).

Of course the value 34 is returned. It's obvious.

2 More

Graham follows up with another problem:

"a function defined in a lambda-expression doesn’t have a name and therefore has no way of referring to itself. This means that in Common Lisp we can’t use lambda to define a recursive function." (p. 21)

This means that one of the most common idiom's in Lisp (recursion, the sine qua non of Lisp, it would seem) is not available when using another common idiom mapcar.

Of course,there is a way around this using labels. On page 22 he gives the following example: 

(defun count-instances (obj lsts)
 (labels ((instances-in (lst)
           (if (consp lst)
             (+ (if (eq (car lst) obj) 1 0)
                (instances-in (cdr lst)))
             0)))
          (mapcar #’instances-in lsts)))

This function works as follows: 

> (count-instances ’a ’((a b c) (d a r p a) (d a r) (a a)))
(1 2 1 2)

This illustrates recursion, but I don't like the function.

If the list is something like: 

> (count-instances ’a ’((((a)) b c) (d (a r p a)) ((d a) r) (((a)) a)))

Then the result is: (0 0 0 1)

I don't think that's as interesting as returning the number of first level grouped objects, no matter how deeply embedded in the tree, or in this case: (1 2 1 2).

I decided to try and modify it to suit me. Fortunately it's pretty easy to do: 

(defun count-instances-new (obj lsts)
  (labels ((instances-in (lst)
             (if (consp lst)
                 (if (consp (car lst)) 
                     (+ (instances-in (car lst))
                        (instances-in (cdr lst)))
                     (+ (if (eq (car lst) obj) 1 0)
                        (instances-in (cdr lst))))
                 (if (eq  lst obj) 1 0))))
    (mapcar #'instances-in lsts)))

3 Conclusion

Learn Lisp. You'll be a better programmer!

Posted by at No comments:

1 Introduction

For whatever reason, after I upgraded to Ubuntu's Karmic Koala (9.10) (review here and here) browsing was very slow. Or rather it was slow when my laptop was hooked into one network, but not another.

It seemed to be caused by the DNS nameserver configuration.

I did some research and found that changing DNS nameservers is a piece of cake.

What's is DNS and how does it work? Read this Wiki entry for the details. The short answer is that DNS is the Internet's phonebook. DNS nameservers convert names (like LinuxDoe.blogspot.com ) into IP addresses, just like the traditional phone book converts names into telephone numbers.

There at least three DNS nameservers that you can choose from, right now. You can pick the one you want.

Not only could this affect the speed at which you cruise the Internet, but a DNS nameserver might provide a phishing filter, domain blocking, and typo correction.

2 What DNS Nameserver Am I Using Right Now?

The DNS nameserver that you're currently using is in the file /etc/resolv.conf/ 

kes@Cyclone:~$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 8.8.8.4
kes@Cyclone:~$

The first namserver listed is the primary and the second is the secondary.(8.8.8.8 and 8.8.8.4, for those in the know are the Google DNS nameservers. More about that later.)

For the next section, you'll also need the name of your network interface. 

kes@Cyclone:/etc/modprobe.d$ ifconfig -s # netstat -i works too
kes@Cyclone:/etc/modprobe.d$ ifconfig -s #netstat -i works too
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0    187707      0      0 0        126029      0      0      0 BMRU
lo        16436 0       102      0      0 0           102      0      0      0 LRU

3 Change To Another DNS

The easiest way to do this is to edit /etc/resolv.conf. And then bounce the interface (you'll have to use the name of your interface). 

kes@Cyclone:~$ sudo cp /etc/resolv.conf /etc/resolv.conf.bak
kes@Cyclone:~$ sudo vim /etc/resolv.conf
kes@Cyclone:~$ sudo ifconfig eth0 down && ifconfig eth0 up # You Iface may not be eth0

But this won't work if you're using DHCP (you probably are), because it will overwrite your /etc/resolv.conf file.

In that case, modify =/etc/dhcp3/dhclient.conf 

# Configuration file for /sbin/dhclient, which is included in Debian's
#       dhcp3-client package.
#
# This is a sample configuration file for dhclient. See dhclient.conf's
#       man page for more information about the syntax of this file
#       and a more comprehensive list of the parameters understood by
#       dhclient.
#
# Normally, if the DHCP server provides reasonable information and does
#       not leave anything out (like the domain name, for example), then
#       few changes must be made to this file, if any.
# 

option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;

send host-name "<hostname>";
#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
#send dhcp-lease-time 3600;
#supersede domain-name "fugue.com home.vix.com";
#prepend domain-name-servers 127.0.0.1;

See the last line? Modify it so it looks like this: prepend domain-name-servers 8.8.8.8,8.8.4.4;

The IP addresses 8.8.8.8,8.8.4.4 are the Google Public DNS nameservers.

Don't forget to bounce your interface. 

kes@Cyclone:~$ sudo ifconfig eth0 down && ifconfig eth0 up # You Iface may not be eth0

The above is pretty good, but if you're using DHCP, you'll end up with a /etc/resolv.conf that looks like this. 

kes@Cyclone:/etc/dhcp3$ cat ../resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 10.1.10.1

Which is not altogether bad.

Another way to modify your nameservers is as follows:

  1. System menu => Preferences, => Network Connections.
  2. Select the network interface. (Perhaps called eth0)
  3. Edit => IPv4 Settings.
  4. In the dropdown, select Automatic (DHCP) addresses only.
  5. In the DNS servers field, enter "8.8.8.8 8.8.4.4" (without the double quotes and don't forget the space).
  6. Click Apply

In the above, number 4 means that you are going to use DHCP, but DHCP should not automatically get the address of the DNS nameservers. This allows you to specify the DNS nameserves in the DNS servers field.

And now the resolv.conf looks like this: 

kes@Cyclone:/etc/dhcp3$ cat ../resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 8.8.4.4

4 Other DNS Nameservers

Here are two (you can find lots others, I'm sure).

  1. Google Public DNS is available here.
  2. OpenDNS is here.

5 Conclusion

Congratulations! You have just learned how to configure your DNS nameservers!

Posted by at No comments:

1 Email

In the world of data transmission on the Internet, email is about as secure as your house would be if you removed the front door, the back door, and all the windows. It's not secure at all, and anybody with a network sniffer can see the data packets as they travel on the network. Most people have a vague idea about this, but they don't know the half of it.

Never send any sensitive information using email.

Sensitive information is defined as anything that you don't want prying eyes to see. It certainly includes things like bank account numbers, credit card numbers, and social security numbers, and the password to your online stock brokerage account. We'd never think of sending this information in email.

But what about other stuff? Stuff that is personal and potentially embarrassing? Innocent things that we might say in email, about sick kids, mother-in-laws, and the doctor putting you on blood pressure pills are all things we might not want others to know. Or may be you hold strong political views about any number of current issues: abortion, gay marriage, the war. All of these is potentially personally embarrassing, maybe even professionally harmful. Whatever, it's nobody else's business, is it?

And yet despite the insecure nature of email, we use email almost daily to communicate about all sorts of personal things that we'd rather others didn't know. Some do it because they don't know any better. Others because it's the easiest and most readily available means of dashing off the quick note. Whatever the reason, the temptation is too great. After all, who hasn't sent sensitive information in email?

Is there an easy way to make email secure.

Happily there is.

PGP (Pretty Good Privacy) was created by Philip Zimmermann in 1991. It is used for both privacy and authentication. An implementation of Zimmermann's algorithm has been developed by Gnu, called gpg.

The basic idea of PGP is to encrypt data with one key and then to decrypt it with another. Let's call one key public, because everybody has access to it, and the other private, because it's secret and only the owner has it.

How might we use a public and private key encryption-decryption system?

2 Private Communication

Suppose that you want to send a private email to Mary Jo. Only Mary Jo should be able to see the contents. Fortunately, just like you, Mary Jo uses gpg. She has created a public/private key pair. You have access to Mary Jo's public key (just like everybody else).

You encrypt your message to Mary Jo using her public key.

Now the message looks like a string of random characters, gibberish, and nobody else can read the message.

You send the encrypted message to Mary Jo via email.

Mary Jo gets the encrypted message. She decrypts it using her private key. Nobody else has Mary Jo's private key. She reads the message.

Suppose Mary Jo wants to respond back to you privately. She writes a message to you and she uses your public key (openly available to everybody) and the process repeats. You'll get the encrypted message from her and decrypt it with your private key.

This scenario has shown us that we can use PGP for secure, private, communication.

3 Authenticated Communication

There's another way to use PGP, and that's for authenticated communication.

Suppose you want to send an email to Mary Jo, but Mary Jo needs to be assured that the email is actually from you, or to put it another way, that it's authentic.

Here's how it works. You write your message and then sign it, not with Mary Jo's public key, but with your private key.

Mary Jo receives the message, but how can she know that it really came from you? She tests the signature with your public key. Only your public key authenticates the message, because that message was signed by you with your private key.

This scenario has shown us that we can use PGP for authenticated communication.

4 Using GPG: an implementation of PGP

Your Linux distribution probably already has a PGP implementation called gpg.

On my system, running Ubuntu 9.10 (karmac), I can grep for gpg from the list of packages and get the following: 

dpkg -l | grep gpg
ii  gpgv                                           1.4.9-4ubuntu7                             GNU privacy guard - signature verification t

If you don't have it, you can either install the package, or download from the GnuPGP website.

5 Creating a Private/Public Key Pair

We're going to assume that Mary Jo wants to receive secure communication from Sam. Here's how she sets it up.

First step is for Mary Joe to generate her key: 

mjj@example.com:~$ gpg --gen-key

In order to generate the key, gpg will ask Mary Jo a series of questions: 

gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection?

Mary Jo simple selects the default. 

DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)

And again, she accepts the default. 

Please specify how long the key should be valid.
     0 = key does not expire
  <n>  = key expires in n days
  <n>w = key expires in n weeks
  <n>m = key expires in n months
  <n>y = key expires in n years
Key is valid for? (0)

This is an interesting question. How long should the key be valid? If the key never expires, and the key becomes compromised (i.e., Mary Jo loses her private key), then anything encrypted with it will be compromised. On the other hand, if the key expires in 1 day, she'll constantly be creating new keys. A reasonable compromise? I'd say six months to one year. 

Key is valid for? (0) 6m
Key expires at Wed 02 Jun 2010 01:29:22 PM PDT
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
       "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name:

Now Mary Jo is asked to fill in identifying information. 

Real name: Mary Jo Jones
Email address: mjj@example.com
Comment: 
You selected this USER-ID:
"Mary Jo Jones <mjj@example.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

Enter passphrase:

The passphrase is a long string that only Mary Jo knows. What's appropriate here? Something long with lowercase and uppercase letters, numbers and punctuation. And something she won't have to write down to remember. 

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

.+++++.+++++.+++++++++++++++.++++++++++.+++++++++++++++.++++++++++.+++++.+++++..
+++++++++++++++++++++++++.++++++++++.++++++++++++++++++++++++++++++..>+++++.....
............................................+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++.++++++++++++++++++++++++++++++++++++++++.+++++..+++++++++++++++...+++++..+++
++..+++++..++++++++++.++++++++++.++++++++++++++++++++...+++++..+++++++++++++++..++
+++>++++++++++>+++++>+++++.................................>+++++.................
..........................................................+++++^^^
gpg: key 8888BBD4 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2010-06-02
pub   1024D/8888BBD4 2009-12-04 [expires: 2010-06-02]
Key fingerprint = C61E 14EC 8078 AC8C 59A6  D909 7B07 6A08 8888 BBD4
uid                  Mary Jo Jones <mjj@example.com>
sub   2048g/092F4D36 2009-12-04 [expires: 2010-06-02]

That's it! Mary Jo has created a public and private key.

Now she needs to share her public key with others. It doesn't matter who knows the public key. Public keys are, after all, meant to be public. But her point in doing this is that she wants Sam to have it, so that Sam can send her private messages.

Mary Jo must export the public key. 

mjj@example.com:~$ gpg --armor --export "Mary Jo Jones"
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)

mQGiBEsZcSIRBACmAct8gJeyp84JaZw7mkvx3rVwlkaYMkG4whQ9kVutYHlgzr+8
GhQVB1XEnXfAZdqO2/7vTIZJW3cbjMYkDXFhknXMbIQMUMyEt6N97gpQfw38mXaq
7eYppwjQiiw1vIKmtQl0AkMVhvK6MQVmwwk7U4kAN9o5XG8vLJubG0uFvwCgrw+K
a9k/mEYRjKsS6Zidxrd5s0MD/jvIt6aSdE4nXv2lAx76l/mdvXFvHoJD8N1+zQ04
WM9RA8C7lo96JiBLsqwRR8r9JaoinwSFKegMCR5p/KWjp8MxyBaKHqd4pt5X1Axp
myIm4tbIyq434cvVMVAtHPnPNFowql9FKXjLZ9QK1TgK/2DRElwD1WQrSZT+aJGf
6RnyA/9lUwOG9q41ByEpWZx2iCrIjNL9pkjrSGCQWM88xg81a5VCgBQhZEcDDcFe
W0oElFknUUASElz0vYImA4gf8hsZ7dVMnETzo9DflnlGB3b83Czxd1ys3QeUhJhM
roXWeh3qD9U6fBbdoLOIWPJ0xNLhPx4nqv47SX5WnnYEgfnNzrQfTWFyeSBKbyBK
b25lcyA8bWpqQGV4YW1wbGUuY29tPohmBBMRAgAmBQJLGXEiAhsDBQkA7U4ABgsJ
CAcDAgQVAggDBBYCAwECHgECF4AACgkQewdqCIiIu9SZsQCfej7huito5s4fiLsZ
A7LbDiZEacsAnjbDTlxqfFJgr017vmhSYxgAZiUIuQINBEsZcSIQCACR/Ggqhcle
1FPAGlr29rhEPekFXTXlpezXaWIoMctUmyrHMzzjGwP6cI8B0N/SX6bFGYfyJVk1
FueFTV87dcA791Am/h3d+6Vg4jeizsWzKPkpPRuSycAftz3Nv5jqxfgMTwSvTq92
qRPZmWPTraNJXLqESJKUe0/6CzX7h5oijTDAA8Yq2IvdQp5lkDac3lDC60DbGalb
vas7R4CckfdyMtc9ZOSgrGZ+P5LEq5ivMmi6zv/+ijzjQ7oNpdsAIIobeeX89mDh
2C9RnkGHtx52zqgNCrhzDkyvdWhcjAYpKPDzFwZyzyruYausLQ3pq4x9BBzCe2Jv
xGhPD0YCZxe7AAMFB/9pcLD08sR/1EpvUjDNLGLprQrulXL39tPGixxEhie8E0Pw
jfMckPSUcaXoOMvXDqgqGh/4ITIsA7fg5mQp3bgFxZWxm0JyJq7UQAxzMfhtG2GV
Y8rnmuinPdRpTXMkjswoDqTNvJsVvLcjyqaZjZaXVMgdN+ayqsYI7pLFErkdP1s9
h3Cp874226iSiBzwjxKZuCqmgbt/0RdpCVz+sQwoqXTJcJthGtk4ZFYv9P82CXMi
3N+AwScx7a3zZasH30n4o4Pr/FvDTByQfZempxX+PdGCS8jH31RLGImz9UHLp+52
E0LiMU54V3A8aasViQco2gNpjKjPJprpYTOmUKjSiE8EGBECAA8FAksZcSICGwwF
CQDtTgAACgkQewdqCIiIu9ReSgCgqObqN6FkRwk+9KP01EcpMc9BP4IAoJmKd6xA
wjNXz+WB4+hUzPX7lahQ
=TN4y
-----END PGP PUBLIC KEY BLOCK-----

Now Mary Jo cuts and pastes this into an email to Sam. Sam will then import this key into his keyring. Let's assume that Sam puts the key into a file called key. 

sam@example.com:~$ ls
key
sam@example.com:~$ gpg --import key
gpg: directory `/home/sam/.gnupg' created
gpg: new configuration file `/home/sam/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/sam/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/sam/.gnupg/secring.gpg' created
gpg: keyring `/home/sam/.gnupg/pubring.gpg' created
gpg: /home/sam/.gnupg/trustdb.gpg: trustdb created
gpg: key 8888BBD4: public key "Mary Jo Jones <mjj@example.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

6 Using the Public/Private Keys for Privacy

Everything has been set up for Sam to send encrypted messages to Mary Jo.

So, how does he do it?

First he creates a message 

sam@example.com:~$ cat message
Let's meet mom and dad for lunch.

Now, he encrypts it. 

sam@example:~$ gpg --armor --encrypt message
You did not specify a user ID. (you may use "-r")

Current recipients:

Enter the user ID.  End with an empty line: Mary Jo
gpg: 092F4D36: There is no assurance this key belongs to the named user

pub  2048g/092F4D36 2009-12-04 Mary Jo Jones <mjj@example.com>
Primary key fingerprint: C61E 14EC 8078 AC8C 59A6  D909 7B07 6A08 8888 BBD4
Subkey fingerprint: 130D A4AF 9366 42CE F7D7  272E 06FE EC0C 092F 4D36

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y

Current recipients:
2048g/092F4D36 2009-12-04 "Mary Jo Jones <mjj@example.com>"

Enter the user ID.  End with an empty line: 
sam@example.com:~$ ls
key  message  message.asc

The message.asc is the encrypted message. Let's see what's in it. 

sam@example.com:~$ cat message.asc
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.9 (GNU/Linux)

hQIOAwb+7AwJL002EAf9FggZeDtS9OB9cuXtM/TRsNlKHCtuKMd+aMr2h1m/CpoO
cWpXG3NOBT/0UW5iYntW1N6Ofhjykr1gkJBFvsdCa1dg5rc8Kl2Js6DZh6Y7eNEA
Osto+AvzZDI8dvH4FJjEw8hnSTqpQfnkQEGX0uo0cJdZX8EEeUV0iMmN7UB6r4St
vQdpJYyamoqZaWYx40YUdXZFB+fYQ5xvMS3QDy4es/gTHaNppaGqZitmPK71bZwZ
1VZt2nNemRivvnxWaKgSWW7gTmfDruVaTLfyXfn97jFyAQAdZq/rjWKipZiZuMAl
gXV8yta5z2TmyCmHOBQSA5LeBAg1dyvmATzn2OHmoAf/bIqpLj7lSSmGeffh45Rn
fMatNflNMPaDeHc5aq4kjP9qQELDH8+KIiDXY7o701h4ICtzIZuKepkJNfxEklu5
l25lvEA3Cri75yLIDDphJqsf/NdWyrUnFVSvh+q85nhE8qjCkVsmPFCGAub7mmHL
W7jb4moYWRdpPLgL46zR84wAO5Tu7KAcNAateMi6OEmoGxMExX4uB2vk+GAG7FVR
p9bWKXeH9r++RNke29/rsLHPH9h4gAVLmb8VILzhXep5mXaQOh/yb4oeEZod3HiD
g/JkU2C8y4mXrEkXw0DyxbRw36Sh5r7dFHalUZiG4d8zA0ViS7TFEGCSXVaVESMK
FNJkAS239J/YxWky1b12rkuaY4yEw0vC0MH4DlFa2kQptzneA87XZ6JmQLT/D822
tglvIaVT/0IM8g6fZWnjy6LSdvYBagB6L5mYOuuoxcLmSCe6E49biuctVo7hgqn2
lIu1Ygf9Rg==
=iA+4
-----END PGP MESSAGE-----

So, Sam puts this message (encrypted with Mary Jo's public key) into an email. The only way that this message can be decrypted is with Mary Jo's private key. Let's see how she does it. 

mjj@example.com:~$ gpg --decrypt message.asc

You need a passphrase to unlock the secret key for
user: "Mary Jo Jones <mjj@example.com>"
2048-bit ELG-E key, ID 092F4D36, created 2009-12-04 (main key ID 8888BBD4)

gpg: encrypted with 2048-bit ELG-E key, ID 092F4D36, created 2009-12-04
"Mary Jo Jones <mjj@example.com>"
Let's meet mom and dad for lunch.

7 Using the Public/Private Keys for Authentication

Suppose Sam needs to be sure that a public unencrypted message that claims to be from Mary Jo really is. That is, that the message is authentic.

PGP can do this too.

This is called signing the message.

Mary Jo creates a message and puts it into the file called message. 

mjj@example.com:~$ cat message
I can meet mom and dad for lunch. See you at 1:00!

Now she signs the message with the following: 

mjj@example.com:~$ gpg --clearsign  message.signed

You need a passphrase to unlock the secret key for
user: "Mary Jo Jones <mjj@example.com>"
1024-bit DSA key, ID 8888BBD4, created 2009-12-04

Enter passphrase:

After entering the passphrase, a file called message.signed is created. It contains the signed text. 

mjj@example.com:~$ cat message.signed
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I can meet mom and dad for lunch. See you at 1:00!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksZiN4ACgkQewdqCIiIu9RazQCgjJh11+H5M92ss5qRIj4+FamJ
rRQAniieQI8jIC2t4RN/omrYcV7j6sFN
=hKjl
-----END PGP SIGNATURE-----

Sam gets the message from Mary Jo. Now he wants to verify it. 

sam@example.com:~$ gpg --verify message.signed
gpg: Signature made Fri 04 Dec 2009 02:10:38 PM PST using DSA key ID 8888BBD4
gpg: Good signature from "Mary Jo Jones <mjj@example.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: C61E 14EC 8078 AC8C 59A6  D909 7B07 6A08 8888 BBD4

So you see that the signature is good. Sam is assured that this message has come from Mary Jo.

For a test let's change the text in message.signed to this: 

sam@example.com:~$ cat message.signed
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I can meet mom and dad for lunch. See you at 2:00!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksZiN4ACgkQewdqCIiIu9RazQCgjJh11+H5M92ss5qRIj4+FamJ
rRQAniieQI8jIC2t4RN/omrYcV7j6sFN
=hKjl
-----END PGP SIGNATURE-----

The time has been changed from 1:00 to 2:00. What happens when Sam tries to verify the message now? 

sam@example.com:~$ gpg --verify message.signed
gpg: Signature made Fri 04 Dec 2009 02:10:38 PM PST using DSA key ID 8888BBD4
gpg: BAD signature from "Mary Jo Jones <mjj@example.com>"

As you can see the signature is now bad. This message did not come from Mary Jo.

8 Conclusion

There's more. Like putting your public key on a key server, and setting up you mail reader to automagically use gpg.

That will come later.

For now work through practicing with gpg.

Posted by at No comments:
Subscribe to: Comments (Atom)