GPG… anyone?!?

September 24th, 2007 by exhuma.twn

I can sympathize that GPG (a free and toolset to encrypt and sign digital data) has not been used by the wide public in the past. It was complex to set up, the concept of private/public keys was a bit flaky to most people, PGP (not GPG!) costs precious money, and integration with mail clients was not trivial.

With the spreading of Mozilla Thunderbird this has changed drastically however. With enigmail (a mozilla-addon to use GPG with the mail client), things are becoming much easier and accessible. It offers most of the functionalities you wish to see in such a tool. It allows you to create a new private/public key pair, has a simple management tool for keys, and lets you very transparently sign and/or encrypt e-mails.

In my opinion, the main reason why GPG is still a thing for “geeks” or “professionals” is the ignorance (or naiveté) of people about how easy mails can be intercepted. Yesterday I demonstrated somebody this exact fact. And him still being quite computer-literate, he was still baffled that I could show him the text of a mail he sent with his password along the lines (All done with his consent of course). And I do not consider myself a hacker. Just a few minutes of googling, downloading and installing the right tool did it for me. And if I can do this, so can many other people as well. With a little bit more effort, it’s even possible to alter the text of a mail in transit. Needless to say, the emails are stored on somebody else’s server. An this in plain text! Even if the server does support SSL, TLS or whatnot. This only means that the transmission between mail-client and mail-server is secured. Not the storage. And you never know who sit’s behind the screen of that server.

Granted, most of the time, people managing servers like this are most likely geeks themselves, which usually share the concern about security, and thus keep things safe.

Considering this, it can become easy to demonstrate the advantages of mail encryption/signing. And usability is increasing steadily. With the mozilla suit (and thunderbird) now having a user-friendly tool at the ready, people are not yet easily convinced to keep security in mind. Other mail-clients offer easy user-interfaces as well. The KDE-Suite (with KMail and KGPG) had brilliant supoprt for this already a long time ago. And there are more free tools available to make it a user-friendly experience. The Swiss-Army-Knife for a Windows environment would probably be GPGShell. It still resorts to the GPG-Cli application from time-to-time, but it keeps it to a minimum. It also offers easy file-encryption via Windows Explorer shell entries. Another alternative is Evolution, which has built-in supoprt for GPG.

Suffice it to say, there is widespread support for GPG (and PGP) in mail-application across all OS’es. To become more widespread in use, people should be made aware of the risks that are posed by e-mails and how easy it can be made to keep personal information really personal.

Posted in Babble | No Comments »


Recent Posts