Why I use GPG

May 25, 2005

What is gpg?

GPG (GNU Privacy Guard) is a piece of software that can basically do two things:

  • encrypt/decrypt every kind of data so that only you or the persons you choose are able to read/use it.
  • sign/verify data so that you can be sure that the data originates from the person you think it originates from.

The encryption gpg provides is generally believed to be sufficiently strong that not even big players like the NSA (a US secret service) should be able to break it.

Why use it?

Whether or not you want to use encryption is of course up to you. Something that many people are not aware of is the fact that e-mail is not cofidential in any way - it's as if you would write a letter to someone without putting it into an envelope. Everyone who happens to handle the e-mail or access your e-mail account on the server can read the entire mail withouth you noticing. If you want any amount of privacy in your e-mails or write about buisiness-critical information via mail you should definitily consider it. I encrypt my mail traffic with some people and you are welcome to send me encrypted mail (for my key etc please go to the contact page). For someone else to read the message he has to use pgp or gpg and you need her public key. Since not every person has gpg installed, this is usually only done when neccessary/available. What I do with every mail tough, is to sign it. This attaches a .sig file to the mail in question that can be used to verify with gpg that I was the sender of this message. The message itself is sent in clear-text and can be read by anyone (this includes the intended reader, regardless of whether she has gpg installed as well as any cracker who might intercept the message). If the receiver wants to be sure that the message originated from me, she can verify the message with gpg and my public key. I invite everyone to do the same as this helps weed out spam - currently every spam e-mail can contain every sender e-mail adress it chooses, which would be immediatly detected were the message signed.

Start using gpg now. Download some tools for windows. Read more on encryption with gpg