Pretty Good Privacy

Page version 2.7 – Now with 90% less geek speak!

So, you’ve received an email from me, (or you’ve found this page when googleing!) and wondered what this PGP signature is all about.

Basically, PGP (which stands for Pretty Good Privacy) is a program, created by Philip Zimmermann (sadly, no relation to Robert Zimmerman, A.K.A. Bob Dylan) in 1991 as a way of beefing up security on emails!

It can be used to create a unique digital signature that can be used to verify that the message you’re reading, hasn’t been tampered with or can be used  to totally encrypt the complete message to stop anyone else from reading it!

PGP works be using a key based system. When a user sets up PGP, they need to make a pair of keys. These are known as their public and private key respectively. The public key is distributed out, either via an email attachment, on a disk, or via a name server. With this key, people can encrypt a message that only you can decrypt (as long as you’re the only person that that message has been encrypted to). The public key can also be used by someone to verify that a signed message from you is valid.

The following scenarios show when using PGP comes in useful:

  • You need to send an email to someone from your workplace/college etc. You want to make sure that the email you send hasn’t been doctored or tampered with! In this case, you would sign your email, so when the message gets to the recipient, they can be sure that the message they’re reading is the same message.
  • You need to send an email to someone that contains personal information. (e.g. Credit Card number, or even just a phone number) To avoid anyone intercepting this message and using it for identity fraud, or something similar, you could use their public key to encrypt the whole message. The recipient would then use their private key to decrypt the message again!

Only the user with the private key (and its passphrase) can decode the message, so if you need to read back what you’ve sent, you need to encrypt the message to both your recipient and yourself!

I personally use GPG (GNU Privacy Guard) which is included with most Linux based systems. For Windows users, there is GPG4Win which includes tools to assist in making your key pair, and plug-ins for Microsoft Outlook. There is also a plug-in for Firefox for using with Gmail. And a plug-in for Mozilla Thunderbird (Enigmail)

Finally, this is my public key: Robert Ian Hawdon (0xE62825B5) pub

Here is my key for my older email address: My Old Public Key

On rare occasions, I will be using a different email account, this uses a different key I created in 2004: Download robert_hawdon_gawab-pub.asc (The company providing this email address has been down for almost a year, so I’ve abandoned that address)

 

My University key is available here: sunderland-bf78gz.asc (I have since graduated)

Have fun with PGP, cheers! 🙂