Articles with tag “OpenPGP”

A review of ProtonMail

Update (2018-07-25)

Shortly after publishing this original post, many of my concerns were addressed. ProtonMail now supports sending mail that is signed and/or encrypted using OpenPGP. This is a huge benefit to the secure-email community. It is also possible to use your own key which allows me to use …

Continue reading…

Securing email to Gmail

I've been working on securing my postfix configuration to enforce certificate validation and encryption on some known, higher-volume, or more sensitive connections between SMTP servers (port 25).

On many of the connections I've setup for secure transport there have been no problems (assuming proper TLS certificates are used). Unfortunately Gmail …

Continue reading…

RFC: Using video conferencing for GPG key signing events

A thought that I haven't had a chance to fully consider (so I'm asking the Internet to do that for me)...

I have a geographically-diverse team that uses GPG to provide integrity of their messages.  Usually, a team like this would all huddle together and do a formal key-signing event …

Continue reading…

Signing PGP keys

If you've recently completed a key signing party or have otherwise met up with other people and have exchanged key fingerprints and verified IDs, it's now time to sign the keys you trust.  There are several different ways of completing this task and I'll discuss two of them now.

caff …

Continue reading…

PGP Keysigning Event and CACert Assertion at SELF2014

SouthEast LinuxFest is happening this upcoming weekend.  I offered to host a PGP (I'll substitute PGP for GPG, GnuPG, and other iterations) keysigning and CACert Assertion event and have been scheduled for 6:30 PM in the Red Hat Ballroom.  Since there is a little bit of planning needed on …

Continue reading…

Generating a PGP key using GnuPG

Generating a PGP using GnuPG (GPG) is quite simple.  The following shows my recommendations for generating a PGP key today.

$ gpg --gen-key
gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY …

Continue reading…

Secure E-mail

E-mail is inherently insecure.  Just as sending a post card, any message sent by e-mail can be read by any number of people, including those monitoring the network path, the servers that process the message along its route, or anyone with access to the distant computer.  Basically you should consider …

Continue reading…

Secure GnuPG configuration

Someone recently asked what my GPG.conf file looks like since he hadn't updated his in... years.  Okay, let's take a look and I'll try to explain what each setting is and why I feel it is important.  I'm not guaranteeing this as being complete and I welcome input from …

Continue reading…

Inadvertant data leakage from GnuPG

I was recently introduced to a privacy issue when refreshing your OpenPGP keys using GnuPG.  When refreshing your public key ring using a public key server GnuPG will generally use the OpenPGP HTTP Key Protocol (HKP) to synchronize keys.  The problem is that when you do refresh your keys using …

Continue reading…

How PGP actually works...

How PGP actually works...

CC BY-NC xkcd

Continue reading…