I have finally uploaded my public encryption key to the main pgp server that is the default on KGPG, the encryption program I use on my Linux computer. I also set up my Thunderbird email program to digitially sign all of the messages I send with my public key so that anyone who gets an email from my Gmail account will now have the assurance that I sent them the email and not someone spoofing me. In fact, if they have the ability to check GPG keys on their computer, they will be able to check the key against the server and make sure that the email has not been changed since I wrote it.
Additionally, by using my public key, anyone who wishes to send me an encrypted file can now do so. Once they encrypt the file, I will be the only one able to open it since I’m the only one who posesses my private key.
You may say that I have no need whatsoever for either encryption or digital signing of my emails. Afterall, who the heck am I sending emails to that it is so important to validate my identity? Who is sending me stuff that is so top secret that no one must be allowed to intercept the attachment or file transfer? If you are saying this, you are obviously not a computer geek. We do things because they are l337 and just all around something neat to do. At this point in my life, I’m not doing anything that requires me to use encryption, but it’s fun to be able to.
There IS one important reason for the encryption, though. Spam is getting crazier and crazier with spammers now spoofing other people’s identities. By having a public key that others can check, if my dad gets an email purported to be from me that looks like spam, he can automatically know whether or not I sent it. There’s no need for him to email me back or call me to see if I truly sent the message. The same applies to anyone who might get an email from me.
Additionally, since I have set up Thunderbird to automatically sign all messages I send, it requires my encryption password to be typed when I send an email. Although I’m currently using it only on my Linux machine and there aren’t really viruses for Linux, assuming there was a virus or worm that replicated by sending emails, it probably wouldn’t be able to do so because they wouldn’t know my password. I don’t know this for a fact, since I don’t know how worms function, but if I’m right, it’s just one more reason for everyone to start using GPG digital signing of their messages.
Finally, in the case that you don’t have access to the server I uploaded my public key to, you can access it here! You may want to right-click on the link and pick “Save As” to save it to your computer and add it to your list of public keys on your “key chain”.
As a completely unrelated sidenote that I didn’t think warranted its own post: I received my first comment from someone I don’t personally know. (It’s on my Milestones post) I had this happen a few times before on my Tripod blog, but this is the first time on this one. Hopefully there will be more of those.
2 responses to “Let the flow of encrypted bits henceforth flow!”
I just got off of skype with Jorge of Drqueue. I will be getting a drqueue email etc. I also want to start using php keys for all of my mail. I use debian on my linux box so do you have any suggestions on how I can set this up.
Just get Thunderbird and the Enigmail extension and it’ll use your GPG or PGP keys to sign your email. That’s what I use and I love it!