Digital Signatures and Encryption with GPG/PGP
In this day and age, I think it is wise that people use digital signatures with methods such as GPG/PGP to prove authenticity and using its encryption capabilities for privacy when storing mail on untrusted networks, such as those hosting mail in other countries, especially those countries who have questionable laws regardng privacy.GNU Privacy Guard (GPG) is a free-software drop-in replacement for Symantec's proprietory PGP cryptographic software suite.
It is useful in many ways, from saying "Yes, I really sent that message", to using it to encrypt a message or files for privacy, to something as important as signing a checksum file, after all, what's the point of creating a checksum for a file, since if your machine is compromised, all they need to do is to recreate a new checksum and you're none the wiser, but this is harder to get around when it is also expected to be digitally signed by someone.
GPG is available for Linux, Mac, and Windows.
Windows users should install GPG4Win
Apple users should install GPGMail
GPG with Linux/Unix
This is not designed to be an indepth guide, it's a quickstarter. Most distros by default include GNU Privacy Guard (gpg) in the base install so you should not need install anything, we will be using command line, so if you're in X, open a terminal window...
Some things to remember, when creating keys, it is important to remember to create a revocation key, and to backup not only your public key, but your private and revocation keys as well. It is also important to upload your public key to a key server and make it publicly available via your website so your signature can be confirmed for authenticity and recipients can decode encrypted files you send them.
Continue reading "Digital Signatures and Encryption with GPG/PGP"
