Book Review: PGP and GPG

May 19, 2016

PGP and GPG book cover

One of my new year’s resolutions for 2016 was to read a bunch more books than I’m used to. I feel like I’m in a stage in my life where all of that extra knowledge would serve me well down the road. On top of that, I’d throw in a couple of less intensive learning books, because let’s be honest: I won’t always feel like reading, and having to read through a super dense 750-page tome is going to make me quit soon enough. I hope to have a big shelf of books like that on my room one day, but I also know I’m going to need a rest every once in a while.

Keeping the story short, I bought a bunch of books from NoStarch. They got to me through their Humble Bundle pack, and I basically forked up 15$ for 13 books. It was a steal.

To feel better about spending money on books (let’s just say I didn’t stop at the Humble Bundle pack once I opened their website), I’m gonna review every book here in a new category that I’m nicknaming Honest Book Review (HBR). This way the books will serve a second and final purpose: a no-brainer kind of way to know what to write here on Medium. Plus, with all the reading I’m going to be doing, it might be useful to know afterwards which book I liked best if I ever feel the need to re-read.

With all that out of the way — lets get to it.


Book choice

I had a big deal of curiosity about PGP and GPG, and I had no idea which was which and why somebody thinks one is better than the other, and, like all things about security and privacy, I considered it to be a wise choice at the time. The only thing keeping me back was that I had just over mild curiosity over the subject, and wanting to know more about it could be done with a simple Google search. Having caught it on sale for 9,98$, I thought it might be worth the money. It turned out to be a bad idea, which of course makes it well worth writing about.

First impressions

The book is very well reviewed on the website, and that was what called out for me to buy it. Reading through the first few pages you get the impression it’s going to be a quick read because there are several mentions about installation guides. This generally isn’t a good sign, but after buying it there is little you can do but to try to enjoy it as best you can. The author explains tremendously well the basic concepts needed to understand PGP & GPG, albeit to a high level of abstraction. Having already taken a couple of security courses, you basically nod yourself through the introductory chapter. The author himself tells you to skip it if you know your stuff already, but hey, all non-techy readers trying to learn PGP or GPG would welcome all of his explanations.

Aside from the introductory content, there’s also a great deal of motivation for using PGP and GPG (although I’d wager that people who want to learn how to use it might already know those reasons too well). You read about pretty much every motivation there is for privacy and why your current email solution gives you none. Then there’s the discussion about keeping your secret keys undisclosed, and all of the issues about the Web of Trust. If you don’t know what this means you should probably read the book!

The meat and potatoes

This book is very objective. It branches into two sections, one for PGP and the other for GPG, and each section contains explanations about the inner workings of each system. Each chapter is very detailed while being a very simple read, but of course that has its ups and downs. Aside from the technical words, I didn’t need to use the dictionary. That’s uncommon in most books I read.

Again, there are instructions on how to install both systems, along with guides to setting up email clients to use them with nostalgic pictures of Windows XP. The book is 10 years old!

I wish there was more I could say. I really do.

My opinion

Aside from the introductory chapter going into some detail explaining cryptographic principles, the rest just tells you how to use PGP and GPG and what you can expect of it. Given the hype that privacy news have had over the past few years I’d hope for a new edition, but we’re stuck with this one for now. I’m not even sure if that would help since it would only replace images of Windows XP for Windows 10. I was very disappointed.

A note to the readers: I would recommend this book to a computer science novice or someone that didn’t have a Computer Science background anyday, but I also believe that they would not choose this book themselves. A book with this sort of title will always attract more knowledgeable people, and I feel they will have a similar reaction to mine. I’d go further and say they can skim through the whole book, which is something you’d never want to do as a content creator. But again, it is a good and even important read for beginners and people that are very into the whole privacy thing.

Continuing my rant again, it pains me to think about how small of a group this book actually targets. Not because there are many people that already know what PGP and GPG are, but there’s a very small group of people that care. At least, a small group of people that don’t know what those systems are about and that would enjoy the read.

And the last thing that I want to say and that pains me the most… Is that after reading it, all I could think about is that I should have used Google and be done in an hour with the curiosity I had about the subject, but I ended up spending a couple of days. The upside is that I have a dusty old ebook to remember how dumb I was. I feel bad for spending 9,98$ on it.

That’s life, I guess. We live and we learn, and I was bound to find a book that didn’t please me eventually.