Post Your Public Keys

[Snorkasaurus]

Unfortunately encryption in general (files, emails, data streams, or otherwise) is often feared and misunderstood, because it can be quite complicated. It requires that the user have a fairly detailed understanding of the transport process first, and then they have to learn about how encryption is applied to that transport process. When you throw in keys that are split in to public/private parts, numerous different algorithms, hashing, passphrases, and blah blah blah... a lot of people just shut down and ignore it.

On a related note... right now I am actually working on setting up a jabber server for OTR communications. I have it working in my test environment, but still have a bunch of work to do, like disabling all logging, disallowing plain text, user management, and easier authentication.


s.

[viking60]

Yes I have seen that many people - even techs - don't use encryption because when they lose their passphrase they cannot read their mail anymore.
The solution would be to write it down and put it in that ultra secret hiding place - under the keyboard.

Even if you make a wallpaper with your password in the computer room; your mails will still be encrypted on Google's Microsoft's the ISP's and NSA's servers.

Today your ISP can read your mails - all your mails - as much as he likes. That would probably kill him on the account of all the spam - but technically he can.
If I provide a webhotel for someone that goes for me to.

I give them a Centos/Redhat server with Cpanel where they can create mails and activate spamassassin - the works. It has everything; but the mails are there in plain text for me; operating the server, to see. And that is pretty much the most common hosting solution in the world.

Google has so many data that they use robots to read your mails - they are honest about that.

I consider mails to be almost as public as a web page - and I tell everybody who cares to listen.

With encryption that server is only hosting unreadable data - which is great!
Another "problem" has been the certificate where someone trusted Like Verisign says you are you after you have told them How tall you are and what you eat for breakfast.
There is nothing of that here.
You are asked how well you have checked the signature (I don't know is a valid option) and decide your level of trust.
Verisign did give people certificates as Microsoft employees some time ago - when they in fact were nothing of the sort - so I think this Openpgp thing is a better approach.

[dedanna1029]

I am agreed with Blackcrack.

what the hack need i am again an other pretty good privacy ? for an better Privacy or better tell.. "i am alive" and need more safety ?

Per my signature:

I'd rather be a free person who fears terrorists, than be a "safe" person who fears the government.

However, there was just a hint in this thread to install Enigmail, so just before bedtime last night, I installed it to Thunderbird (Windows unfortunately) and it found my key right off the bat.

Now what I want to know, is what the hell is the private key and how do I get it? I'm doing this for the learning curve, not that I'm really understanding it much.

[viking60]

We are all learning here so that is fine.

1)In Thunderbird clik the Enigmail tab
2)Click Key Management
3)Highlight your account and right-click
4)There you pick Export keys to file and save it to disk

Then open that file with Geany or another editor (Notepad) and copy the private Key (both your private key and your public key will be there).

That is what I did to add my private (Gmail) key to Chromium so that the encryption works there too.

[Snorkasaurus]

Now what I want to know, is what the hell is the private key and how do I get it? I'm doing this for the learning curve, not that I'm really understanding it much.

When you generate a "key" you are actually generating a "key pair" which consists of your public key and private key. You don't actually get two separate files or two separate entries in your key management software, and it is probably easier to think of public and private being two halves of the same key.

The public "half" is the one you give away freely to everyone in the world. It allows them to verify that your signed messages really came from you, and it allows them to encrypt things to send to you (that only your private half can decrypt).

The private "half" is the one you do not give away. It allows you to decrypt messages that have been encrypted with your public key, and it allows you to sign messages (to prove you really are the sender).

Your "keyring" will probably consist of:

• your private half
• your public half
• the public halves of everyone you want to send encrypted messages to.

The gpg4win manual has a procedure similar to the one viking60 describes for exporting private keys.

s.

[dedanna1029]

Thanks.

I'm assuming the safest place to store these would be on a flash stick or other medium not on the computer's hard drive?

[viking60]

Yes I have it in an encrypted part of my disk - and will be a good boy and put it on a dongle ..eventually. When your computer breaks; you still will need to access your (encrypted) mail so a dongle would come in handy then.
But as Snork said 98 to 99% of your mails won't be encrypted so that is as accessible as ever - even without the keys.
....
This should really be more common than it is. I wonder if we can force b1o and jkerr to provide some public keys at least in PM
They need that for their privacy image

[Snorkasaurus]

What I often suggest for external backup drives (for all data, not just PGP keys) is to make an arrangement with a friend who will swap backup drives with you, or bring it to work if you have to. If you keep your backups at home, then a single event (break in, fire, flood, etc.) could damage both your original and your backup - and it is gone. Keeping your backups at a remote location can help protect against some unfortunate circumstances!

Alternatively, if you have the bandwidth available, you have a PC that is always on, and your data is small enough... you could setup a script that backs up to a remote location automatically over the Internet through a tunnel. My web/mail/etc server is at "someone else's house" and I have a script that backups up [both directions] through an SSH tunnel every night automatically. It only transfers changed/new files and works great for most data, but I have to separately use an external drive for very large files like ISO's.

s.

[dedanna1029]

Just my luck, my friend would have the fire. Er, just their luck. Or something.

[viking60]

Yeah friends are the new Clouds It does make sense to have the backup separated from the computer and even the building.

[dedanna1029]

It does, but insofar as until that building burns down or floods. lol

[dedanna1029]

Different email address (I still have and use the one you guys had):

Code: Select all

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2

mQENBFYwRUIBCADGnISbRzA7G6/y6s664ABV0tUg8tF44sfOiQL3IyGmXNkC+T8V
t7Qki1dsZWNC1y4Egb0g4s4HqsaGPCJ6ep1qonM+CxbYg4vhR4rWK7+hZRsJnvNx
r6WVD4G2wB1HYD+IyIULMGjxWMh925OVgoKjEb6VCUJPjkR9tdcnmTJyONWe3HwP
TBdp1gYKm6v7YzsqHvikHQlQUkrtnNvLvkwL/0AwdJta7XXTdDWYilcSLLf6a9aD
M1Tn/TWufoSu3VFLAbXCicemMWby1Z5U39aUyDWkorXtAXCrCvrXfB0MosROH4ew
wlntZP/icUBlPL2nq4GJwRBu5niptb9y6SVLABEBAAG0KUtpbWJlcmx5IEdhcnJl
biA8ZGVkYW5uYTEwMjlAY2hhcnRlci5uZXQ+iQE5BBMBCAAjBQJWMEVCAhsDBwsJ
CAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQRBYkCg8Is11fxAf/dG3b8cemBfsN
KhzwXKy5R8v0OAUQU5BpPQYJyH3tqzEih3z0eXaezmUFlJ+3KlxU4l1EGPhW+kOv
HJr0hrVoyKmBJL0FS+feGfKdmbIRR4r2drsVIZKIVqak5AQa2HNkYBYc27rPn1jm
PQ5yIEnpe12wH48gk1naKOXRLsEiOWMGIx18o55LbnrZLt+Bcmz66rC2kWR6wMLD
LY1719oykT6vTSDHkfP2QngbnmJ/MuOdgUS5iQbhopw78aSbp0s/Q+yHD6wYNQj3
epI02PLw83/EP+W0ymiOws0lpr9zU09sUWeJyrG1gHPgjUmsrEKS7ToyWqzyhrbL
HV9l4x9P57kBDQRWMEVCAQgAoPz3O7KmwHp354YPimvCMgifuJuj37jEihPhlBMZ
w5qr2KFZUzzjDTmWgmwKcYFL7VSJ8nwEfKTXAoF50FgkAvSqJiHL17KvEZ89fLFN
+rTD5Utl5hF4huc7AAgad0mtwCMzepYzyglElEo5nvP2+5z2R0wP5q++k7fDpRxq
wfl5eaeU3SUwqnwakiH+r8AU9lorDXDSDoqJr182DqUnn7ADmFQEaPE11CxtTS4j
NMkr9/a+vFyGNFWtSNjbBAu8hLLs7ZAeRzKC0cVrYQ03OR2/PpCUw4kf4amY5AmB
QagkjaQlNCyER5yTTew+6geIWNVff1nhw5wtLAs18QNIgQARAQABiQEfBBgBCAAJ
BQJWMEVCAhsMAAoJEEQWJAoPCLNd6iMIAJrDA0XfelnD909Ze0fXc7MyIEBiCzDG
Ip4gIFw6w3kv6f08XdQ7OHOJui3PKOJpSPY9kv9pXRTaQvKIa+ULXBvxier8QmTd
i1khhZXk+z5HPa52/qw71CyqF1UMvBVzfMV4t/OgQ34Z0PjsY41Z7A6oObJVPRj0
CKkaaRBphIm2NoRFyOuz3P3M+uqcosYizXjDg6cEgb35Gu5lPY7GU1X9y8d7bKIU
1EGS155NTVS7TSx7+lhyQJfErv/FUmaFCBFrNPhtrptzLifASB5MgoCUOxs4s3gT
b9QRyB2bQ8Ti+26rcH0rhx6cEM/jSeEcvVqYKX8/dCLKwf7Ub+5/qMI=
=B+bo
-----END PGP PUBLIC KEY BLOCK-----

Now with that being said I don't know if I'll ever actually use these things, but in case I do.
I'm still somewhat lost with all this.
It really should be a lot easier to grasp to do something like this, y'know? To be able to keep ourselves safe should be simple and non-confusing.