Practical GPG

Over at Hackaday, Pedro Umbelino has a nice article on the practical mechanics of using GPG and, more generally, public key cryptography. Rather than looking at its integration into a particular email client, Umbelino demonstrates everything on the command line. That’s handy because sometimes you want to sign, verify, or encrypt documents that aren’t email. For me, this most often this comes up when I want to verify a signed software download, such as the latest Emacs distribution from GNU.

The hardest part of public key cryptography is the verification of public keys. It’s almost certainly the reason that encrypted emails have never gained traction. Umbelino’s article covers this in more depth than most similar posts but at the end of the day, you’re pretty much stuck with the web of trust and pubic key servers. If you have a few people with whom you need to exchange encrypted documents, you can sign each others keys and the system works well.

If you’ve wanted to try public key cryptography, Umbelino’s article provides a good go-by. You’ll probably want to explore how it’s handled by your email client because unless you’re using it only to verify signed downloads, you’ll likely use it mostly with email. The article is definitely worth a read.

This entry was posted in General and tagged . Bookmark the permalink.
  • Real opportunity for FSF.org to offer some sort of public key repository service.

  • Sauli H.

    "Practical GPG" gave me a bit of a chuckle.