This page is no longer maintained.

Short story: go to my new website.

Longer story: I graduated in May 2007 and have started a position at the National Renewable Energy Laboratory. My information page at NREL is found here.

Looking for information on PGP and Thunderbird?
If you arrived here looking for information on using PGP with Mozilla Thunderbird, then check out Enigmail. Be sure to read through the help information if you have trouble setting it up.

About this document...

This was written to offer an explanation to people who look at my PGP key but do not know what it is.

Most of the introductory guides that I looked at when I started to learn about PGP (which was only a couple of weeks before this was written) contain examples of the syntax to use the encryption programs. I want this to be more of an explanation of what PGP is, not an explanation of its syntax. It is deliberately very basic and is intended for those who know very little or nothing about what PGP is.

If this document is confusing, hard on your eyes, poorly written, or even really great, I would like to know. Thanks for checking it out!

What is PGP?

Pretty Good Privacy (PGP) is used to encrypt email and files. PGP can also be used to make digital signatures.

Encryption makes it difficult or impossible for others to view the contents of your files or email.

Digital signatures allow other people to verify that you (and not somebody pretending to be you) signed your files or email.

PGP does encryption/decryption and digital signing/verification.

A digital signature has little meaning if there is no way to trust the identity of the signing key's owner. To provide this trust, PGP uses a concept called the Web of Trust (WoT). The ultimate way to be certain about a key owner's identity is to personally meet the key owner and verify their identity. When you do this, you can sign that user's public key using your own key. Signing another user's key tells everyone that you trust that this person is who they say they are.

Another way to trust a user's identity is when someone whom you trust to identify people for you has said that they believe that this user is who they claim to be.

The Web of Trust encapsulates two forms of trust:

1. Trust in a person's true identity.
2. Trust in other users to properly verify the identity of other users.

Why should I be interested in PGP?

I suppose that different people have different reasons for wanting to use PGP. Here are a few that come to mind.

• You are not so fond of the thought that people can easily listen to your IM traffic when you are at the coffee shop.
• You are interested in being able to provide a mechanism which makes it clear that you really wrote that email (it is extremely easy to send email using an email address that does not belong to you).
• You want to be able to send truly private email to someone.
• You want to encrypt some of your files.
• You are interested in communication security and encryption and think this may be a good way to learn a little bit about it.
• You find this sort of thing kind of fun.

Once you have an understanding of how PGP works, you can put a lot or just a little effort into it.

What is the story behind PGP and can I use it?

Phil Zimmermann originally developed PGP in the early 1990s. OpenPGP was derived from PGP and is the most widely used email encryption standard today.

Programs implementing PGP exist for all of the most popular computer platforms. The two most commonly used packages that implement OpenPGP are GnuPG (GPG) and PGP (yes, the software and the concept have the same name). If you are running some form of linux, then you probably already have GPG installed. GPG also runs on Windows and MacOS X, among others.

To use your encryption program with email, you need to be using an email client that supports OpenPGP. You can send email which is signed or encrypted by OpenPGP using Thunderbird, Eudora, Mutt, KMail, Evolution, and many other mail clients. Martin Bretschneider maintains a list of mail clients that can support sending and receiving mail with OpenPGP.

If you are a Thunderbird user, then you can get the Enigmail plugin. If you are trying to get this all running on Windows, there is a good set of step-by-step instructions in the Enigmail help section on setting up GPG.

I am still interested

Good! You should read some more. Many good documents on PGP are out there. You can try looking around on the internet for more reading, but you may also want to check out the links below.

Background

The Wikipedia article on PGP is a good place to start to get more background on PGP.

Using GnuPG (GPG)

The best way to learn how to use the syntax of GPG is to first install GPG on your machine.

1. Go to the GnuPG website to get the software.
2. If you plan to use Thunderbird, follow the instructions on the Enigmail website (see below) to install GPG.
3. Then read through the GNU Privacy Handbook. Work through the examples given in the handbook. Test out different options and do not be afraid; you will not hurt anything. The only action you should not take is uploading any keys that you are using to test out GPG to a keyserver (which is not something that you could probably do by accident).

Email client configuration

Mozilla Thunderbird is the only email client on which I have tested PGP.

• Mozilla Thunderbird PGP Configuration: Enigmail -- make sure you read through the help information.
• All Other Mail Clients:
  • See Martin Bretschneider's list of email clients capable of supporting PGP.
  • The GnuPG site contains a list of frontends (including a link to a plugin for MS Outlook that is not found at the previous site).

Ask questions when you cannot figure it out

Look through PGP newsgroups, or read more web pages to find your information. When you just cannot figure it out, ask someone. Ask on a newsgroup or even email me. I will try to help, if I can.