PGP

Practical Security for Developers: A Field Guide Security is a broad, moving target. This guide focuses on core concepts you’ll actually use: keys, hashes, signatures, certificates, TLS/SSL, authentication and authorization (including OAuth), firewalls, and practical tooling with OpenSSL and PGP. It’s aimed at intermediate developers who build and operate networked applications. Contents Security fundamentals (CIA, threat model) Cryptography building blocks Symmetric keys and ciphers Public-key cryptography Hashing and HMAC Digital signatures Digital certificates, Root CAs, and the chain of trust SSL/TLS and the TLS handshake Secure network protocols Authentication vs Authorization (OAuth, OIDC, RBAC) Firewalls and network security PGP and the web of trust Key management and secret handling Threats and mitigations OpenSSL and GPG quick recipes Checklists and common pitfalls Security fundamentals CIA triad: Confidentiality: prevent unauthorized disclosure (encryption). Integrity: prevent unauthorized modification (MACs, signatures). Availability: keep systems usable (redundancy, rate limits, DDoS protection). Threat modeling: identify assets, adversaries, entry points, trust boundaries, and mitigations (STRIDE: Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation). Cryptography building blocks Randomness: Use cryptographically secure RNGs for keys/nonces (e.g., /dev/urandom, crypto libraries). Keys: Symmetric (one key) vs Asymmetric (public/private pair). Primitives: Encryption: confidentiality. MAC/HMAC: integrity with shared secret. Signatures: integrity + origin with private key. Hash: fixed-size digest; no secret. Symmetric keys (how they work) You and the recipient share the same secret key. Fast and suitable for bulk data; used inside TLS after key exchange. Common algorithms/modes: ...