5/10/2008 @ 8:48 pm by Daniel Eisner
I think its a shame that email encryption and signing isn’t more prevalent on the Internet. As a technology that has been mature for over 10 years, there is little or no built-in OS support for it in either Windows or OS X. The latest version of Ubuntu Linux, however, happen to have built-in support for Gnu Privacy Guard, the GPL free implementation of PGP encryption and identity verification.
This software is capable of both making sure that only the recipient can access the email you send them (pretty good when using a public mail server, like Google or Yahoo, for example), and also to guarantee that the personĀ in the “from” field is actually the person who sent the email.
In fact, if GPG became a part of the SMTP standard protocol (or even became used commonly), it would serve to thin out the majority of spam mail, as well as phishing email attempts.
So, in an attempt to get GPG used a little more often, you should read the book Cryptonomicon. Aside from providing excellent information on what GPG is and why you should use it, it is an excellent adventure story.
Then, take a look at the following guide to add GPG support to OS X Leopard.
And, for anyone who wants to contact me, here is my GPG public key. This key will both confirm that you are really receiving an email from me, and also give you the ability to send me encrypted email or files that only I can open, as long as you install GPG (which is free).
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.0.10
mQGiBEglahMRBAD0VD6XlZrPAOSoIwikNfjR6er+IIdWmCxv4aEwXf1ro1iockUicD7+eCvd YGWPTSFf+HTmoOSvhmtf1xshZ913/h9O/Ra2Kj2IT2S/vtZ1bVwhfQOilmazSHrXCA4IObfx KEwOXhoC7rpWoOSYB9NdMJHYmPoibJKU8PXFZ93JIwCg34pI1uMQ5499iJqBDToAum8kfI0D /RRHMB/yS5asHNwZL7k4TeRIu4CWmFkCllHnHMKBVPjQu7roBmYWJGf2axa9y4GtBk38zzVO 3ZmuZwjgZokjJ1HJA/XK9lbs67qJRgJzm2Snb4zebjuqbB/1ooj9ljhRIXdWHA1J66jHvHHn q2uZ4iXRvfsCQVnaEPdE2jdU6lUYBADGVltxQs2IzcZxzpwNlQ4ejA6OwNdJBG81zCxGR6Th iCiS2wkaP/XfFoAxYmok1gVInx9wsJ+BefKX6wXHpRyhWZYwh6zUIMJdLMzXMdRKj6Twhavl yfBHgthNNrNEXvvl+41bpoL6SmmIfGlOY+8MdMdial0DGylxJLjuUvbRiLQiRGFuaWVsIEVp c25lciA8ZWlzbmVyQDJyb2JvdHMuY29tPohgBBMRAgAgBQJIJWoTAhsjBgsJCAcDAgQVAggD BBYCAwECHgECF4AACgkQHD2WOAYQongGPACdHsR8kpFK5+Yar6CyDl2BQxaqNf8AoNSCd/zy D9UTBgwR2pK+U4DY/r3wiGYEExECACYCGyMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCSCV3 xgUJATWSPQAKCRAcPZY4BhCieGyXAJ0SIurwGu0KgpM5bTcwSxY2BItiAgCeMzxCdYvBAzok 08rCbXyod8A0AmK5AQ0ESCVqFRAEALVMtjr93ZEmh0kKudz9IuTtGX9gOndTLPADlL22MBfC ECueI5B2RwYiF+fVU+92L7eytlzpsVg9PFfgppx4gH40ayBtgnYzlX1FGBDOovNUtt/Fyk4G HY1HCL3hi1pafk5MAf658/Gmju7UfqEHKmLgqbdAOCYmkp2N1/e2hKXrAAMFA/wI3MK4zlqg m+8gzbz4emrS3y0Mcbl5N2Q5u5F/BdJUxSjfoTyYhhKBJt4WpVTskZBxdQLcPpC6p8Wayrjp 5JOoKP8+r83ll/57OCQ3Yi51fwAwDTgcN94mqfBYFyFx3Nnm1m2jBxwQmr5hHWHu5bYEB9FM ie+IG7IOW4QG8xl4f4hJBBgRAgAJBQJIJWoVAhsMAAoJEBw9ljgGEKJ4WWsAoLhIFipod9K3 2/eDIgATVxow8cb6AKDACCSt3QGFm1czA1BawcG1uVyjjohPBBgRAgAPAhsMBQJIJXftBQkB NZI7AAoJEBw9ljgGEKJ4YXkAoKO9B9+7OOeJM2qNQKi8d35nYmL7AJ409eb9Mv4qBHsoya3x SvHu+h/EDA== =HfPD -----END PGP PUBLIC KEY BLOCK-----
May 11th, 2008 at 12:09 pm
GnuPG will make the race for sure. The commercial PGP Version just doesnt have momentum enough to win the battle. GnuPG has been implemented in hundreds of security tools.
May 11th, 2008 at 12:46 pm
I agree with all you say but would go a step or two further. In addition to encrypting your messages, you should also ensure the “envelopes” are encrypted by using TLS or SSL links to your mail servers.
For the truly paranoid, there are email services such as “Sub Rosa” from http://www.novo-ordo.com that allow you to have an anonymous account on an off-shore server.
Obviously I thought Cryptonomicon was a great book.
May 11th, 2008 at 8:48 pm
@anonymous – Just one of those security tools: MailCloak brings GnuPG to Webmail users (MSN, Gmail, Yahoo!, Hotmail, etc)!
May 12th, 2008 at 2:41 am
Identity based encryption is much better for encrypted email. Just install the Outlook plug-in or use the web interface and send encrypted email to anyone. Voltage Security Network (www.voltage.com/vsn) makes protecting email much more easy than PGP or GPG.
December 9th, 2008 at 4:30 am
[...] – bookmarked by 2 members originally found by trugiaz on 2008-10-31 Email Security and PGP or GPG http://www.2robots.com/2008/05/10/email-security-and-pgp-or-gpg/ – bookmarked by 6 members [...]