Skip to main content.
Saturday, July 16th, 2005

New PGP Key

For all of you responsible emailers, I’ve posted my public key for greg at gregrperry dot com at “Contact Me” in the Pages section at the upper left hand corner of my blog. You can cut and paste this key into your keyring. I’ve also posted the key on several of the top keyservers.

Exchanging public keys is a requirement for people who wish to communicate securely using cryptography. Encrypted communications is not just to safeguard the contents of communications, it’s also useful to verify that a communication from another person has not been forged or altered. Have you ever signed an important document and faxed it, or scanned it and sent it by email? Do you know how easy it would be for someone to forge something like that? At work it is not uncommon for us to exchange contract agreements in this way, and I just have to shake my head in wonder. I’ve used a similar system for my work email since 2000, and sadly, I hardly ever use it – only with techie friends, and only to transmit private emails that we didn’t want the company to read, since they have every right to do so.

Did you ever get a phishing email? You know, like the ones that say they’re from Paypal or a bank saying they need you to update your information? All of these would be so easy to verify if companies that engaged in online financial transactions required the use of digital signatures. I just don’t understand why encryption and digital signatures haven’t yet caught on – but then, identity theft didn’t even register in the media until last year or so, and I’ve been destroying personal identifying information in the papers I have thrown in the trash since the mid 80’s. Since shredders were so expensive back then, my favored technique was to tear the relevant information – account and social security numbers, etc. – out of the mail and chew up the paper to a pulp. It seemed easier than burning it and stirring the ashes.

If you want to know more about cryptography and digital signatures, I would recommend reading this intro.

PGP, the organization that distributed the first publicly available strong encryption, has gone through a lot of changes over the years, as the original was taken over by commercial interests. The best place to get your free, non-commercial copy of the last uncompromised version of PGP is still MIT. There is no need for using a version of PGP later than 6.5.8 – unless you want to pay for something that was originally intended to be free. There is an open source variant – GNUPG, but it’s clunky to use, and encryption needs to very easy to use. Hell, it needs to be automatically included with any email application (hint, hint, Microsoft Outlook & Express,) and every free webmail service – Hotmail, Yahoo and Gmail especially. Hushmail is the only free email that I know of that incorporates encryption, and they’ll get you – their site has a lot of problems with pop-up blockers, and if you don’t successfully log in every three weeks, it’s $30 a year to get back into your account. ( Do I sound like I know what I’m talking about?)

If you’re truly paranoid, and want to disguise the fact that you are sending encrypted emails, I would recommend that you search for “steganography.”

Any encrypted, or even just signed, emails that are sent to me will be treated with the highest priority.

Posted by Greg as My Website, Posts About Me at 04:21 PST

Comments Off on New PGP Key