« Protecting Cheney | Main | Attempt To "Get" Cheney »


February 13, 2006

My Public Key

-- by Thomas Leavitt

Per Dave's comments to "Watch your back."

I've actually gone ahead and figured out how to use "gnupg" and "Evolution" (the Linux based email client I use on my desktop) to sign and/or encrypt my emails (and other items). To that end, I invite anyone wanting to write me to download my "public key", at: http://www.thomasleavitt.org/thomas.asc

This can be used to verify the "signature" attached to any emails I send you, and to decrypt any file I send to you (assuming you have a public key available). If you supply me with a public key, I can in turn decrypt files you send me, and authenticate any "encrypted signatures" attached to email you send me.

I found these two "tutorials" useful:
Cooking with Linux - Fran�ois, Can You Keep a Secret?, by Marcel Gagné in SysAdmin magazine
Adding a photo id to your GNU PG key.

Caveats: Encryption only secures communications in transport: ultimately, they must be decrypted on the machine which is used to read them, and at that point, the communication is vulnerable (as it is prior to encryption). The simple expidient of sticking a keylogger onto your desktop (hardware or software) or even a small wireless video camera pointed at your monitor, can bypass even the strongest encryption.

What is secure now, may not be secure in the future. Quantum computing and other technologies may well make even the most "secure" encryption vulnerable at some point in the future.

Posted by Thomas Leavitt at February 13, 2006 3:43 PM

Trackback Pings

TrackBack URL for this entry:
http://www.seeingtheforest.com/cgi-bin/mt/mt-t.fcgi/1584

Listed below are links to weblogs that reference My Public Key:

» Speaking In Public from Speaking In Public
. speaking public. Public Speaking & Speech Store Visit. our satisfied customers. "The. eulogies I received were perfect. It was as if you use pr... [Read More]

Tracked on February 22, 2006 7:35 PM


Comments

I was thinking: why is this key so huge? Then I imported it. Very nice.

Posted by: richard at February 13, 2006 5:13 PM

Actually, the public key is used to encrypt stuff for the key's owner. So if I send you something, I will use your public key to encrypt it, and you will use your private key to decrypt it. You don't need any key from me for that. If I sign it with my private key, or if you reply to me, then you will need my public key. I put mine on my website as well. I hope enough people use encryption to bog down these sons of bitches. Send shopping lists, pictures of your dog, etc. Keep 'em busy!

Posted by: richard at February 13, 2006 5:19 PM

Will this key work with gmail?
They have encrytion also, is it compatible?
I'll send emails just to screw with "the man"

Posted by: scrugun at February 13, 2006 5:56 PM

Yeah, the key is large (relatively speaking... a 14k file is nothing these days), because I used the photo id feature (which I think is pretty cool, and helps authenticate me when I talk to someone in person).

... and yes, this key should work with gmail, Outlook, etc., it is based on an open and public standard that is widely deployed. Of course, that's not to say there aren't kinks (as the link I posted to the Linux Journal article on how to set this up mentions), but generally speaking, it should be fairly transparent.

I tried this a few years back, and even though I'm a geek, I decided that it just wasn't worth the hassle to figure out. This time, the "pain threshold" was low enough to make it worth it.

What's your web site, richard?

Posted by: Thomas Leavitt at February 13, 2006 9:06 PM

Thomas Leavitt:

What is secure now, may not be secure in the future. Quantum computing and other technologies may well make even the most "secure" encryption vulnerable at some point in the future.

The reality is that employees of government agencies have often claimed that they are making these huge advances in decrypting stuff. Actually, they are not. It would presumably cost 10's of thousands to decrypt a simple 6 digit key. After about 200 bits of key-length, they are probably never going to decrypt it. Ever.

As far as these quantum computers are concerned, they do not seem to be "scaling up" at all well. (Although other some strange quantum devices are making headway.)

The government hates it when people send encrypted stuff that they cannot spy on. Everyone should do it regularly.

Another kind of encryption simply scrambles the letters and symbols of text, producing numbers. So it can be used anywhere. Such encryption would, in the ways it is most commonly deployed, would be harder to make 100% secure. But it can be used anywhere.

Many foreign governments have outlawed strong encryption.

Posted by: blues [TypeKey Profile Page] at February 16, 2006 4:03 AM

Post a comment

Thanks for signing in, . Now you can comment. (sign out)

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Remember me?



Email this entry to:


Your email address:


Message (optional):


Return to main page