PGP

matthias on 2013/10/22

German manuals I do recommend

Background

In light of ever increasing surveillance online, I’d like to encourage everyone to go the extra mile and encrypt their email communications.

It’s admittedly a bit tricky with some email clients and especially difficult with online interfaces such as google mail, but in my opinion the recent events show that it is worth the effort.

Encryption Techniques

Although encryption with S/MIME certificates works very well with both Thunderbird and Outlook, you quickly come to a point where you will have to pay for a certificate. I also didn’t like that the certificate authority may or may not have special access  to my communication. Using a self-signed certificate proved very difficult however.

Therefore, I went back to OpenPGP where you create your own key and then form a web of trust with your communication partners by signing their keys and uploading them to public key servers for easier access.

OpenPGP Software

Unfortunately, OpenPGP is still a bit rough around the edges overall. It is quite simple to set up using the Thunderbird add-on Enigmail and the older gnupg version 1.4 (using the newer 2.0 branch was a pain). I have it running on both Windows 7 and Ubuntu Linux computers. Consider the following quickstart guide if you want to go this route as well: https://www.enigmail.net/documentation/quickstart.php

I haven’t set up OpenPGP for Outlook yet. GPG4Win looks the most promising. Also consider this post where the author details that outlook-privacy-plugin broke after recent updates.

My data

If you want to write me an email (me@matthiaskauer.com), consider encrypting it beforehand. My public key is here at MIT’s key server: pgp.mit.edu