The PGP encryption tool guarantees almost one hundred percent protection for your correspondence and data that you transmit online.
User
PGP is an abbreviation for the name of the program “Pretty Good Privacy” - or “Good Protection of Personal Information”. PGP allows two users to securely exchange messages and data online.
User B
Due to the fact that the Internet is a decentralized structure, interested parties with bad intentions can gain access to the correspondence of many users.
To help protect the privacy of communications, PGP uses three sets of "keys" or ciphers - to encrypt and reverse encrypt messages
Individual key
Used to decrypt messages sent to the user
Session key
The key is re-selected for each new communication session from the public key database
Public keys can be used freely. Today there is a whole set of such keys.
Individual keys should be stored in a password-protected space
Even if your messages are intercepted, they will not be able to decrypt or read them without an individual key.
PGP was developed in the early 90s by engineer Phil Zimmermann and has been updated and expanded several times since then. Today it is a powerful cryptographic tool.
Online encryption is the process of translating the text of a message into a secret code, which can only be opened using an electronic “key”. For outsiders, this message will look like an incomprehensible set of symbols, in order to understand which it will be necessary to crack the code. The more complex the cipher, the more difficult it is to crack.
PGP allows you to encrypt email, text, documents, and even the memory of an entire computer through a combination of very powerful encryption tools. Once PGP encryption is completed, the user can be relatively confident that almost no one - not even the most talented programmer - will be able to break the code and monitor the exchange of information.
How PGP works
The first thing a new PGP user needs to do is generate his public and private keys, which are long strings of code that appear to be a disjointed set of characters. Its length may vary depending on the level of code complexity required by the user. The most important thing is that the public and private keys must be completely different.
Public keys are exchanged among PGP users on an as-needed basis. Individual keys must remain secret and are intended for only one recipient. They are also password protected, since if such a key is lost, the document encrypted by it will be lost.
Once the email message or document and the shared key for the recipient are ready, he must “sign” or encrypt the text using a so-called “PGP passphrase” or “PGP passphrase” and send the data back to its recipient.
Once the recipient receives this information, he will be able to decrypt it by removing this electronic combination "lock". This process works exactly the same in the opposite direction. The process is similar to opening mailboxes, the keys to which only the addressee and recipient have.
Although there is ongoing debate among cryptologists about whether a digital encoding system can be considered truly "impenetrable", there is a general consensus among programmers that PGP provides one of the best options for ensuring that private communications remain private.
With the most complex PGP codes, cracking such a document without the help of a supercomputer and a whole team of hackers is almost impossible.
If you have data that you need to send online without anyone but the recipient seeing it, PGP gives you the level of security you need.
Cons of PGP
Despite the high level of secrecy of information sent using PGP, there are no guarantees of anonymity of the parties conducting the dialogue. PGP only provides security for the information exchanged between parties, which in turn means that authorities will see that encrypted information is being exchanged without being able to read these messages.
PGP is not a simple tool. Even very experienced users should think through the steps for encryption and code removal in detail. Beginners should think twice before using PGP for their purposes.
Results
If you need to send or store documents completely securely, and you're willing to put in the time and effort to do so, then PGP is for you. If you need to bypass Internet censorship, protect your personal data from being shared, or if you don't want to delve into the intricacies of message encoding, PGP will not be a useful tool for you.
Here is a GUI way to create a new PGP key.
You can find your key in the tab My private keys applications " Passwords and keys ».
Uploading your key to Launchpad
Generating OpenPGP Keys Using gpg
Step 1: Open a terminal and type:
Gpg --gen-key
Step 2: GPG will now ask you a series of questions about the type of key you want to create. Follow these steps to select the default option every time.
Step 3: Verify that your key has been created by typing gpg --list-keys and, if successful.
pub 1024D / 12345678 -> this is an important number
Step 4: Launchpad doesn't save your key directly so you need to export your public key to a key server, for example keyserver.ubuntu.com:
Gpg --keyserver keyserver.ubuntu.com --send-keys 12345678
Replace 12345678 the pub ID you noted in step 3.
If successful, GPG will display a message similar to:
Gpg: sending key 12345678 to hkp server keyserver.ubuntu.com
Importing your key into Launchpad with gpg
Step 1: Launchpad identifies your OpenPGP key with its fingerprint. In a terminal, you can request GPG for your key fingerprint by typing:
Gpg --fingerprint
GPG will display a message similar to:
Key fingerprint = `0464 39CD 2486 190A 2C5A 0739 0E68 04DC 16E7 CB72`
copy the number fingerprint only: 0464 39CD 2486 190A 2C5A 0739 0E68 04DC 16E7 CB72.
Step 2: Visit OpenPGP
Step 3: Paste the fingerprint you copied in step 1 into the Fingerprint text box, then click the Import Key button. Launchpad will use your fingerprint to check the Ubuntu keyserver for your key and, if successful, send you an encrypted email asking you to confirm importing the key.
Note: this is a short... of the process of launching the panel... both processes take a while, so just take your time...
On some systems such as lubuntu where it is not available password and keys(seahorse), a good and simple way to make a PGP key is to use gpa(GNU Privacy Assistant). This is a GUI for gpg. This method also applies to other ubuntu derivatives.
- set gpa
sudo apt install gpg gpa
2.launch gpa from your applications menu
3. In the menu " Keys" select " New key". you are presented with a new window
4. Enter your full name, click forward, then enter your geniune email address. Click forward. Now select the option for backup later .
enter a passphrase (can be a word or phrase) to protect your PGP key
You have now successfully created a pgp key. This is actually a pair consisting of your private key and public key
To use PGP in oral communications, such as secure email exchanges, you need to provide the other party with your public key. So export your public key first, then you can send it to them. To export, open gpa and select your key. Now click key " Keys", and then export keys. Give your public key a name and save it
tip: in order for you to export the public key, open it with a text editor and check if the start line is there
`-----BEGIN PGP PUBLIC KEY BLOCK-----`
Also a library of functions that allows you to perform encryption and digital signature operations on messages, files and other information presented in electronic form, including transparent encryption of data on storage devices, such as a hard drive.
| Pretty Good Privacy | |
|---|---|
| Type | privacy software [d] And encryption software |
| Author | Philip Zimmermann |
| Developer | Philip Zimmermann |
| Written on | Multi-language |
| operating system | Linux, macOS, Windows |
| First edition | 1991 |
| License | commercial software And proprietary software |
| Website | openpgp.org |
General information
PGP has many implementations that are compatible with each other and with a number of other programs (GnuPG, FileCrypt, etc.) thanks to the OpenPGP standard (RFC 4880), but with a different set of functionality. There are PGP implementations for all the most common operating systems. In addition to freely distributed implementations, there are also commercial ones.
Compatibility
As PGP evolves, some systems allow you to create encrypted messages using new features that older systems do not have. The sender and recipient must know each other's capabilities or at least agree on PGP settings.
Security
The cryptographic strength of PGP is based on the assumption that the algorithms used are resistant to cryptanalysis on modern hardware. For example, in the first versions of PGP, the RSA algorithm, based on a one-way function (factorization), was used to encrypt session keys. In PGP version 2, the IDEA algorithm can optionally be used. Subsequently, additional encryption algorithms were added. None of the algorithms used have any known vulnerabilities.
In 2010, a group of scientists from Switzerland, Japan, France, the Netherlands, Germany and the USA managed to decode data encrypted using the RSA algorithm using a 768-bit key. The simple factors were found using the general number field sieve method. The first step (selecting a pair of polynomials of degree 6 and 1) took about six months of computation on 80 processors, which was about 3% of the time spent on the main stage of the algorithm (sifting), which ran on hundreds of computers over almost two years. If we interpolate this time for the operation of one AMD Opteron 2.2 GHz processor with 2 GB of RAM, it would be about 1500 years. Processing the data after sifting for the next resource-intensive step (linear algebra) required several weeks on a small number of processors. The final step after finding non-trivial solutions to the OSLU took no more than 12 hours.
The OSLU solution was carried out using the Wiedemann method on several separate clusters and lasted just under 4 months. In this case, the size of the sparse matrix was 192,796,550×192,795,550 with 27,795,115,920 non-zero elements. It took about 105 gigabytes to store the matrix on the hard drive. At the same time, it took about 5 terabytes of compressed data to construct this matrix.
As a result, the group was able to calculate a 232-bit digital key that allows access to encrypted data.
The researchers are confident that using their factorization method, cracking a 1024-bit RSA key will be possible within the next decade.
According to the researchers, after their work, only RSA keys with a length of 1024 bits or more can be considered as a reliable encryption system. Moreover, encryption with a 1024-bit key should be abandoned in the next three to four years. .
Knowing the decomposition of the modulus into the product of two prime numbers, an adversary can easily find the secret exponent and thereby crack RSA. However, today the fastest factorization algorithm is the General Number Field Sieve, whose speed for a k-bit integer is exp ((c + o (1)) k 1 3 log 2 3 k) (\displaystyle \exp((c+o(1))k^(\frac (1)(3))\log ^( \frac (2)(3))k)) for some c< 2 {\displaystyle c<2} , does not allow one to decompose a large whole in an acceptable time.
How PGP works
For RSA legacy keys, the key length can be from 1024 to 2048 bits, and for Diffie-Hellman/DSS and RSA - from 1024 to 4096. RSA legacy keys contain one key pair, and Diffie-Hellman/DSS and RSA keys can contain one master key and additional keys for encryption. In this case, the electronic signature key in Diffie-Hellman/DSS keys always has a size of 1024. The validity period for each type of key can be defined as unlimited or until a specific date. A secret phrase is used to protect the key container.
Digital signature
Criminal investigation
Soon after its release, PGP began to be used outside the United States, and in 1993, the US government began investigating Zimmerman for allegedly violating export laws that regulate the distribution of cryptographic systems with key lengths greater than 40 bits. PGP used keys of 128 bits or longer.IETF IPsec VPN. After legalizing the export of cryptographic software in 2000, NAI stopped publishing source code, despite the objections of the PGP team.
In 2001, Zimmerman left NAI and NAI announced that it was selling PGP and stopping PGP development. In 2002, NAI discontinued support for all PGP products PGP E-Business Server (the original console version of PGP).
Current state
In 2002, several former PGP developers founded PGP Corporation and bought PGP (except for the console version). In 2003, PGP Corporation developed a new server product, PGP Universal.
In 2010, Symantec Corp. bought PGP for $300 million.
Cryptographic Applications PGP Corporation
PGP was originally developed for client-side email encryption, but since 2002 it also includes encryption of laptop hard drives, files and directories, instant messaging program sessions, batch file transfers, protection of files and directories in network storage, and in modern versions - It also encrypts HTTP requests and responses on the server side (mod openpgp) and client side (Enigform).
Client programs are combined into the PGP Desktop family (including PGP Desktop EMail, PGP Whole Disk Encryption and PGP NetShare).
PGP Universal Server allows you to centrally administer PGP Desktop-based clients from the command line.
In 2010, the rights to the application were acquired by Symantec for $300 million.
Legal aspects of use in Russia
To date, there are no direct legislative prohibitions on the use of PGP in Russia. The use of cryptography is limited by law only in state and municipal institutions. The FSB orders all government agencies to use only certified cryptography tools. Individuals and companies themselves determine what information is a trade secret for them, methods of storing and transmitting such information. The information resource Helpdesk24 in the article “Legality of using cryptographic means of information security” provides excerpts from federal laws explaining this issue. Also, the authors of the “openPGP in Russia” project claim that there are no laws prohibiting the use of PGP Links
This article is a quick guide to using GnuPG (aka GPG). In it you will find basic commands, examples of use, as well as instructions for attaching GPG to email clients. Further, it is assumed that you are familiar with the principle of operation of GPG and there is no need to explain, for example, what asymmetric cryptography, public and private keys, digital signatures, and so on are. Over the several decades of GPG's existence, no one has been particularly successful in cracking it, which seems to hint to us that it is a fairly reliable solution both for exchanging encrypted messages and simply encrypting files.
Terminology
There is some confusion in terminology. For example, not everyone can clearly explain how PGP differs from GPG. Let's figure it all out.
- OpenPGP is an encryption standard described in RFC 4880 and RFC 6637. Not to be confused with specific implementations such as PGP and GPG;
- GnuPG or GPG— a specific open (GPLv3) implementation of OpenPGP, which will be discussed in this article;
- PGP is a highly proprietary implementation of OpenPGP from PGP Corporation. In 2010, the company was bought by Symantec, and its products were renamed something like Symantec Desktop Email Encryption;
Often, when people say “PGP,” they mean the encryption method described in OpenPGP, and therefore any of its implementations.
Basic GnuPG Commands
Generating keys:
gpg --gen-key
It is a good idea to select the RSA algorithm and a key length of 4096 bits.
Important! Don't forget the private key password.
A common problem is a message like this:
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 204 more bytes)
It can be solved by installing a daemon to collect entropy:
sudo apt-get install rng-tools
View a list of keys:
gpg --list-keys
gpg --list-secret-keys
gpg --list-public-keys
Getting a key fingerprint:
gpg --fingerprint afiskon@ example.ru
Example output:
pub 4096R/8640D6B9 2016-09-27
Fingerprint = DB5E AA39 0745 427D ED31 D189 3197 3F00 8640 D6B9
uid Aleksander Alekseev
sub 4096R/5982B4BF 2016-09-27
Fingerprints are used primarily to verify that the correct key was actually imported from the keyserver (see below). They are not used for searching.
gpg --armor --output privkey.txt --export-secret-keys 8640D6B9
Import public key:
gpg --import key.txt
Import private key:
gpg --allow-secret-key-import --import privkey.txt
If you don't specify --allow-secret-key-import , only the public key is imported, and when you try to sign something you'll get weird errors like:
gpg: no default secret key: secret key not available
gpg: msg.txt: sign+encrypt failed: secret key not available
Exporting a public key to keyserver:
gpg --keyserver pgp.mit.edu --send-keys 8640D6B9
Important! Once you have uploaded a key to keyserver, it will be impossible to delete it, you can only revoke it. Make sure you have made a reliable backup of the key. If you have never worked with PGP/GPG before, Very I advise you to first practice on postal addresses in the example.ru zone.
It doesn't really matter which keyserver you specify. For example, there is also keys.gnupg.net, as well as others. They all exchange data with each other from time to time. It makes sense to make send-keys to several servers at once so that all PGP/GPG users can see them faster. Server synchronization, according to my observations, takes 10-15 minutes.
Hint: to avoid specifying --keyserver all the time, just add to ~/.bashrc:
alias gpg ="gpg --keyserver pgp.mit.edu"
Importing a public key from keyserver:
gpg --keyserver pgp.mit.edu --search-keys afiskon@ example.ru
In the PGP/GPG world there is a so-called web of trust. In a nutshell, this means that GPG does not trust the key unless it is signed by someone you trust. In addition, if you trust Petya, and Petya trusts Kolya, then you automatically trust Kolya. In particular, by default, when checking a signature and other actions, GPG will complain like this:
To fix this, we say:
gpg --edit-key afiskon@ example.ru
Then in the dialogue we say trust, press 5 (“I trust ultimately”), and say quit. Other keys can be signed with the tsign command. By the way, there you can also change the password for your key (passwd command), change the key expiration date in any direction (expire command), add a name/email (adduid command), delete a name/email (revuid command), see the encryption algorithms used default (showpref) and do other interesting things.
Note: What to do when the key is expired? In this case, you can change the expiration date to a later one and re-upload the key. Or create a new key, sign it with the old one, and upload the new key to the keyserver. There is no need to revoke.
You can sign anyone's key and upload the signed key to the server, thereby confirming that the key really belongs to the person specified in the description:
gpg --sign-key 7EFE74E5
On some other machine you can download the key again and see who signed it:
gpg --keyserver pgp.mit.edu --search-keys eax@ example.ru
gpg --list-sigs eax@ example.ru
gpg --check-sigs eax@ example.ru
From time to time it is worth updating the keys, in case the keys have new signatures, or some keys have been revoked:
gpg --keyserver pgp.mit.edu --refresh-keys
An example of encrypting and signing a file for a given recipient (the -r switch can be specified many times):
gpg --encrypt --sign --armor -r eax@ example.ru msg.txt
Decrypting the file and checking the signature is carried out with the command:
An example of signing and verifying the signature of a binary file (for example, an ISO disk image):
gpg --detach-sign file.iso
gpg --verify file.iso.sig
Symmetric file encryption/decryption (useful, for example, for storing passwords):
gpg -o nonsense.gpg --cipher-algo AES -a -c nonsense.txt
gpg -o nonsense2.txt -d nonsense.gpg
Symmetric encryption with storage in binary format (convenient for encrypting backups):
tar -cvzf - /home/eax | \
gpg --symmetric --cipher-algo AES256 --digest-algo SHA256 \
--compression-algo Uncompressed > backup.tgz.gpg
Decryption of a file encrypted in this way:
gpg --decrypt backup.tgz.gpg | tar -xvzf -
However, by default GPG requests a password through the GUI interface, which I personally find not very convenient. You can change this behavior like this:
echo "pinentry-program /usr/bin/pinentry-tty" >>
\
~/ .gnupg/ gpg-agent.conf
killall gpg-agent
It may turn out that your private key is compromised, that is, it was stolen and the password for it was guessed. Or you lost it. Or you simply can’t remember the key password. For such cases, key revocation is provided. It's done like this. In advance, immediately after creating the keys, you need to create a revocation certificate:
gpg --gen-revoke --armor --output =revocation.crt eax@ example.ru
Using it, the key can be revoked like this:
gpg --import revocation.crt
gpg --keyserver pgp.mit.edu --send-keys 7EFE74E5
Important! The revocation certificate is not encrypted and can be used by anyone. Make sure to store it in a safe place (preferably in several places) and in encrypted form!
Attaching GnuPG to Claws Mail
In Ubuntu we will need the following packages:
sudo apt-get install claws-mail-pgpinline claws-mail-pgpmime
In Configuration → Plugins → Load we load pgpcore.so, pgpinline.so and pgpmime.so. Next, we simply configure the plugins through the client settings. In your account settings, you can specify which keys to use, as well as generate new keys and send them to the keyserver. When writing a letter, the Encrypt and Sign checkboxes will become available in Options.
In the account properties in the Privacy tab, you can configure plugins so that messages are always signed, encrypted when replying to encrypted messages, and so on. I advise you to use PGP/MIME, since PGP/Inline can be quite annoying for users who do not use PGP/GPG. That is, almost everyone.
The only problem I encountered with the plugin was that in the settings you need to specify the full path to the gpg executable file, after that everything worked.
Attaching GnuPG to Mutt
Conclusion
GPG is screwed to a lot of other things. Let's say there is an Enigmail plugin for Thunderbird. There are mobile applications that support GPG. For example, for iPhone there is oPenGP and iPGMail. In addition, there are plugins for IM clients, in particular for Psi. Unfortunately, it is not possible to consider them all in one article.
As homework, you can add me to your keyring, sign my keys and send me an encrypted letter by email.
Do you use PGP/GPG?
Everything about investments and blockchain is clear to the average consumer, but why does PGP encryption work here? The name itself is not too clear for the average user, who is far from software gadgets. The technical sound can even be intimidating. But in vain! Understanding the simplest principles of cryptography provides a certain basis for further understanding of currently popular technologies.
Simply put, PGP encryption is a way to protect your information. So that no one else can view or change it. This is working with keys and digital signatures that allow you to confirm ownership of data or protect it from prying eyes.
In the article we will look at how it works, where you can use a cryptographic tool, and how to use it with PGP applications.
Pretty Good Privacy, also known as PGP, is a cryptographic program that allows you to encrypt information so that no one else can read or change the data. Essentially, it is a secure way to transfer files that guarantees complete and complete secrecy. If you are conducting private correspondence that is not intended for the eyes of friends, employees, the government, or evil spies (underline as appropriate), this solution will help protect every letter in the message.
Another tasty feature of cryptography is proof of ownership. Let's say you have made a document available to the public, but you want to be sure that no one will take credit for your work. PGP will work for this too.
To understand exactly how this happens, let’s break down the complex into simple components.
And the box just opened: keys for secret locks
How to make sure that information from character A gets to character B, but not to other letters of the alphabet? Everything is quite simple: you need to pack the message in a safe, the code to which two people know. The function of such code in PGP is performed by keys.
The key is a large number. This is a VERY large number that takes up 1024 bits. The more symbols it contains, the more difficult it is to find an analogue, that is, to hack it.
The scheme is simple: you create a message that is displayed to outsiders as a string of incomprehensible characters. But the one who has the key can decipher the data and understand what exactly you wanted to say with a set of numbers. Another question: if your correspondence can be intercepted, where is the guarantee that the transferred key will not be intercepted?
And this is the right question, allowing us to move further and consider the types and uses of keys. So, our “secret password” when encrypted with PGP can take two forms:
- public key - one that falls into (you won’t believe it) public access and can be downloaded by anyone;
- a private key is one that only the owner has and is never disclosed.
How does this juggling of keys happen? Technically it is difficult, but in essence it is elementary. Let's say a public key is posted online, and you want to send a message to its creator. Using an encoding program, you send an encrypted message. Only someone who has the private key can decrypt it. Everyone else, who, like you, only owns the open one, will see the same indistinct set of signs.
Digital signature: ironclad proof
Now let's talk about authentication, which also involves keys. The main thing to understand is this:
What is encoded with a public key can only be decrypted by the owner of the private key, and vice versa - what is encoded with the private key is available to the owners of the public keys.
Therefore, if character A writes, for example, a cool market research and shares it with the owners of public keys, everyone will know exactly who owns the text.
This is exactly how a digital signature works in the real world (at least they try to use it, for example, in digital tax returns). It confirms authorship and protects the document (material) from reuse in someone else’s name, editing and appropriation.
The signature, as you understand, is tied to the private key. And if the person checking/studying the material wants to verify the authorship, he can verify the authenticity of the document using the public key.
Key Pair: What Could Go Wrong
The main rule you need to learn to use PGP securely is: KEEP YOUR PRIVATE KEY IN A SAFE PLACE. This, as you understand, is not any third party, cloud storage or anything that does not belong to you. If the key exists in one copy - on your PC - no one will be able to take it away without confiscating the computer itself (although, of course, do not forget about the likelihood of hacking). So, if you want to use cryptographic programs and be confident in your security, transfer the key to a physical medium, for example, a notepad that is stored in the top drawer of your desk.
Entering keys over and over again in order to read a message is an incredibly boring process, but that is the price of security. Agree, it’s not too high to refuse to pay.
Okay, actually it can be simpler. The private key is protected by an additional passphrase. This is a set of words that you enter to confirm the right to use the key. The longer your phrase, the better, and ideally, use different registers and punctuation marks. Such a code is easy to remember (for example, if you use a favorite quote or line from a song) and difficult to crack.
But what to do if the key is “stolen”? PGP programs allow you to revoke a key and indicate that it can no longer be trusted. But this is little consolation for those who use digital signatures and are constantly in contact with the audience.
Why is the wonderful PGP not used by everyone?
If PGP encoding is so wonderful and useful, why doesn't everyone use it? - you ask. In fact, the answer is obvious. In order to encrypt something, you need to install the application, understand how to use it, find people who will do approximately the same thing and will be able to decrypt this information.
Today, cool technology remains somewhere in the geek zone, if only because the interface cannot be called user-friendly. Commands are given manually, written on the command line, they need to be remembered or the guide must always be kept before your eyes. Writing scripts is necessary for:
- creating private and public keys (there is also a difference in generation);
- adding/removing/selecting a key;
- creating a secure space on your hard drive to store keys;
- encoding messages for one or more recipients;
- placing a signature in a message;
- decryption of the received data.
A little different from what a Windows or MacOS user is used to.
By the way, something like this keeps many “ordinary” users from using cryptocurrency. There you need to understand something about numbers, letters and commands. It’s great if the crypto wallet offers a clear interface and any process is automated. And if not? Few people will climb into these jungles. It’s the same with PGP - if you had to press the “encrypt” button before sending the message, and “decode” at the time of receipt, the application (and all its analogues) would gain much more popularity.
Where encryption is used today and where it will be used in the future
As already mentioned, PGP encryption today is used mainly by individuals familiar with programming and corporations to save information within the company. But given the increasing relevance of the issue of digital security, cryptography will soon be used more widely and, probably, automated.
Already, some email services (for example, Mozilla Thunderbird) use additional message protection. True, for this you still have to install applications and configure them in every possible way. But with further optimization, we simply will not notice how the encoding occurs.
Yes, yes, we are all spoiled users who don’t bother too much with questions of “how and why this or that thing works.” What's really important to us is that it just works - efficiently and safely.
With the spread of crypto technologies and the expansion of the geography of their adoption, the likelihood of obtaining new security standards on the Internet increases significantly. This is worth remembering when capturing the essence hidden behind modern crypto-hype.
Crypto is not only about . This is about functionality, security, proof of ownership, freedom from intermediaries and much more.
