[ale] PGP/GPG

Jeremy T. Bouse jeremy.bouse at undergrid.net
Wed Mar 22 21:38:53 EDT 2017


On 3/22/2017 5:02 PM, Alex Carver wrote:
> On 2017-03-22 13:48, Kyle Brieden wrote:
>> I would love to have a key sign party and maybe a talk on PGP theory,
>> why it works, how it works, how to use it, etc... :D
>>
>> As far as making it easier to use, keybase.io is just about the most
>> user-friendly implementation I've found thus far.  Definitely worth
>> checking out.
> I'm sure it's easy for me to use but I don't have a problem with
> Enigmail either. My parents would have a problem with Enigmail or
> anything command line driven.  It would have to be something very well
> integrated with a mail client that is nearly transparent.  Engimail
> isn't transparent though it is reasonably integrated.
>
> As it is I finally got them to start using a password manager (KeePass)
> which is transparent enough.  It reduced the logic level down to "Press
> these three keys anytime you need to log into a website" from what it
> was before ("Go find the Post-It note").  They haven't done all of their
> websites yet but they're slowly changing them.  So a PGP workflow really
> has to be that simple to use.  The ideal case in that respect is to be
> able to configure the mail client such that "This recipient always gets
> encrypted mail." and everything is sorted out in the background.  Since
> there would only be a very select few recipients that would need it, I
> can help them with the initial setup and after that it works in the
> background.
Public key cryptography is not a simple matter. That's really the long
and short of it.  I don't use GPG as much to sign my emails these days
as I used to. I never really encrypted that many emails but I would sign
them so they could be verified as coming from me. These days I use
simple S/MIME mostly. For me my GPG usage is much more complex than most
reading this email which is why any GPG/PGP discussion I could put
together would definitely be more than a 101 primer. Those that know me
might agree with that. My primary GPG keys are stored on encrypted USB
drives stored in a fire safe and only pulled out for signing keys and
issuing subkeys. My GPG subkeys are actually generated and live entirely
on OpenPGP smartcards which means a requirement of a smartcard reader
and PCSC daemon. The cards themselves can not be brute forced and they
also serve as my SSH identity keys which is used way more than signing
or encrypting these days.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4521 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.ale.org/pipermail/ale/attachments/20170322/5bfcf261/attachment.p7s>


More information about the Ale mailing list