Jump to: navigation, search

To be completed.

This page exists to document why I use GPG the GNU Privacy Guard. You may have received an email from me with "BEGIN PGP SIGNATURE" and a load of signature stuff attached. There's a reason for this.

What is all that crap?

The GPG signature is a cryptographic verification that the email is from the person who signed it. Think of it a bit like a signature on a letter, only without the inherent security problems that physical signatures have.

If you download PGP or GPG, you can use that cryptographic signature to verify that the email is signed. You can also see when it was signed. The only person who can sign emails with my key is me. Therefore you can use the GPG key to verify that the email comes from me and not someone pretending to be me.

You can also use GPG to send me encrypted emails - that is, emails that only the person with the decryption key can read.

Why bother?

Because governments and private institutions are engaging in widespread surveillance of internet traffic. GPG is one way to try and prevent them from seeing what is being said.

Personal tools