The good folks over at New York Emacs Meetup have posted their monthly talk. This time, it’s George Brocklehurst with a talk entitled A Pretty Good Introduction to Pretty Good Privacy. It’s a mostly narrated slide show, although there are some terminal demonstrations, that discusses the whys and hows of PGP, OpenPGP, and GnuPG.
Brocklehurst starts with a discussion of what PGP can do and why we should care. There’s the usual encryption and signing functions that Irreal readers will be familiar with as well as some experimental uses that you might not know about.
The bulk of the presentation involves generating a key, uploading it to the key servers, and signing other users’ keys. If you’ve never made yourself a PGP key, you may find it helpful to watch someone do it live.
The most useful thing for me was the demonstration of key signing. The PGP Web of Trust is an important part of using PGP/GnuPG securely and you really should get your keys signed. The basic operation is to retrieve the key from a key server, verify the fingerprint with its owner, sign the key on your machine using your private key, and then upload it to the key server again. It’s really pretty easy and many technical groups have key signing parties where the attendees sign each other’s keys.
The talk is about 53 minutes so you’ll need to schedule some time. If you’re not already familiar with PGP/GnuPG and how to use them, the talk is well worth your while.