Portfolio-Home

GPG is a general-purpose encryption system. It can be applied to any file or directory. Given a short walk-through, users should be able to brainstorm new use cases for themselves.

Conceptual Prerequisites

The previous guide introduced the GPG public key system for signing and encrypting email messages. Foundational concepts, such as what does it mean to sign an email and what sorts of guarantees does encryption provide, were discussed at the beginning of that guide. If you haven’t completed the first guide yet, please complete its GPG email tutorial first. See the introductory guide for an overview of how public key encryption differs from a traditional password system.

Portfolio-Home

The widely known “three authentication factors” principle says that online security can be divided into the following categories: (1) something you know, (2) something you have, and (3) something you are.

“Something you know” is what most everyone uses on the internet uses to secure his or her online identity: a password, or variants like PIN numbers. “Something you have” is any object or possession that certifies you are who you say you are (e.g., an identity badge that workers use to scan into a building). “Something you are” is often an unchangeable quality of a person, like a fingerprint or a facial scan.

Portfolio-Home

A consumer-driven program like GPG Suite makes it possible for ordinary users to encrypt, sign and decrypt emails with a few clicks. Once everything is set up, working with encrypted documents and email appears to “just work.” GPG Suite conceals with underlying calls to the API that would otherwise have to be performed manually at the command line.

While the everday process of using the PGP¹ system is automated beneath GPG Suite’s graphical interface, long-term successful use of GPG also requires some background knowledge. Users must still be able to manage a public and private keys, a task which includes understanding when and how to create new keys, how to interpret important key metadata, and how to exchange keys with other users of the GPG system.

Portfolio-Home

Background

This guide is a practical overview for everyday users of email, covering how to send encrypted emails using the GNU Privacy Guard (GPG) system. For ease of initial use, we will use the graphical implementation of the GPG system offered by GPG Suite software.

Technical Prerequisites

Although this example uses Apple-based (MacOS) software for teaching purposes, graphical software exists for both Mac and Windows to accomplish these same tasks.

Consumer Public Key Security

This project serves, first, as a sample of my writing abilities and technical knowledge.

It is also intended to be a useful source about a topic that deserves more attention: the increasing availability of public key encryption technology as a consumer-facing product. At the level of infrastructure, this technology is not new. The modern internet would be hard to imagine without technologies like HTTPS, SSL, SSH and other protocols, which rely on public key encryption to ensure privacy between clients and servers. Almost everyone who uses the internet relies on public key technology to keep their sensitive data (e.g., financial, medical) secure while it travels across the network.