Email Paranoia

If you’re paranoid about the security of your email or if you occasionally have the need to send secure messages to someone, the grugq, a well known and frequent commenter on security matters has a very nice gist on securing your email with PGP/GPG.

It’s not another in the long list of articles on configuring PGP/GPG but more of an opsec guide to using them securely. A large part of that is controlling the metadata. For example, one of his suggestions is to leave the subject blank or at least make sure it doesn’t refer to the content of the email in any way, even obliquely.

Another pointer is to not publish your public keys to a keyserver. Send them to your recipients only. The gist tells you how to do this securely. It’s also a good idea, he says, to have several keys and to destroy and replace them frequently. This helps deal with the fact that PGP/GPG don’t have perfect forward secrecy.

There are a lot of good ideas in the article so it’s definitely worth taking a look at it if you have a need for secure email.

This entry was posted in General and tagged . Bookmark the permalink.