The core of it - minimalistic news based on technical facts

Dienstag, 8. Oktober 2013

Safe encrypted mails with PGP and how to get public key of others - sicher verschlüssselte Mails mit PGP und wie man den öffentlichen Schlüssel von Kommunikationspartnern kommt

There are 2 common ways to encrypt your mails:
 - open-PGP, asymmetric, hier RFC4880, open source tools
 - S/MIME, asymmetric, hierarchic key management (CA), X.509, available in most commercial mail products

Since Snowden, it is often said that the central key management properties (CA) for S/MIME based encryption could very possibly be undercut by NSA or others (to sign or send mails in your name). And it is uncertain if commercial S/MIME based products do not have backdoors.

So, if you decide to go with PGP, you need to know an easy way of sharing and trusting the needed keys:

Facts about PGP:
- messages are encrypted by using a one-time symmetric session key
- session key is exchanged thru asymmetric encryption
- use 2048 bit key (safe till ~2019) or 4096 bit key
- possibility to add expiration to keys (also after creation)
- a (changable passphrase) protects your key usage
- every participant gets a public (share it) and a private key (never give it to anyone, store it at home, safe)
- revocation is possible by self issuing a revocation certificate
- fingerprint: is a 40 character hex number that identifies you (crypto hash of your personal informations and the key-ID)
- your public key needs to be certified, this can be done by any PGP participant (WoT, Web of Trust)

- after certification, you can publish your public key

share keys:
- on a keyserver (SKS based):;
- as email footer
- on your website

trust keys:
- function of your PGP software

get keys of others:
- search: http://sks-keyservers.net 
- send mail with subject "get" to

sources: c't 22 7.10.2013 and lifehacker and web!

Keine Kommentare: