Protect Privacy Online: Join the Golden Key Campaign!
Are your communications secure?
It's become a truism that "the Internet is not secure". Anything you send is theoretically able to be intercepted,
and sometimes simply goes astray, getting mailed to the wrong person (yes, it's happened to me!). If you are sending
sensitive information, you really do need to protect it.
Note: most of this page was written prior to Sept. 11, 2001, after which many countries changed their laws.
The links here have been verified (2004): you are advised to follow them to check the current state of things.
PGP
The de facto standard for Internet security is Phil Zimmerman's Pretty Good Privacy (PGP) and it's successor, the
Gnu Privacy Guard (GPG). PGP is regarded by many governments
(including both the US and Australia) as a munition of war (!), and as such, may not be exported. Nevertheless, it has been
posted on Net sites worldwide. To minimise any possible legal repercussions (remote as the risk may be), I suggest you download
from a site in your own country, if there is one. Bear in mind also, that far more countries prohibit export of
cryptographic software, than prohibit its import. If there is no site in your country, it may be quite legal to import
it (but please, do check!), so if you can find a site in a country with no export restrictions; you're OK. Just don't try to
send a copy of PGP out of your country again! (Sounds crazy? Many people would agree.)
Recent relaxations in the rules may allow you to carry a copy of PGP overseas with you, for your own personal use.
You may be required to maintain taxation-like records of where, when & how you carried that copy, to prove you
never passed copies to anyone else. Bit pointless, when it's available on-line, but it weren't me wot dun it :-)
Useful Sites
- PGP Resources: Here are some useful pointers, if you're planning to use PGP:
- Other Resources
My PGP 2.6.2 Public Key
If you have read the on-line documentation on PGP, then you'll know what a public key is. If not, please read first!
To send me encrypted email, you'll need that public key.
You can also get the key from the public key servers.
PGP 2.6 Public Key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2i
mQCNAjAt5VIAAAEEALyqxrQ6SDNkP+7RV/PWmP2uYTbuJPqVn36dM4BtwwNxxWYW
PIQxRUupDzyT0LLjWjuCa9kELAj+rg+WuLcsnEya4aXPaBMw+3GNYzrvtLEL4kJG
sez7n+JTgXwCa9fht05AisBN3XAKbc/RcC+HZfb6Mc5OPKiFWTYNUzPb7m2BAAUR
tCREYXZpZCBSLiBCcm9va3MgPGRhdmViQGlpbmV0Lm5ldC5hdT6JAJUDBRAxEZSv
TgyARbT8CbkBAWC8A/9x4pOZPy/Q6adFw/qCBZ2t/6DflKjdDvcFAUjsO7wH/Tlg
D7Rch8M9sIa8AIMdIxA7u33Yy5DBS852kSAQtygFvVinarcr9208OoF6CBdubDRW
Be1ZKSlBXmprYyyTreNywcFjqxq7DbMtpyrcEgFrflOHH74WZkTYlsv63TTtL4kA
lQIFEDDWdAo2DVMz2+5tgQEBcsUD+weeFedMH2hPTEfXxAE2bKkSBtdWvSTaxNjL
8OytSWcV4h/g2nfjTRnnEd1hLd612QpCqhB8EH2OH4TPu9DEa6/RBo0ZXBhSS8S+
BJ25tmRH8X700DZ6zeQDsNqxnF+CxVXpCjLuitWgm0/xC1IcPCd1pRKZJTjVXMOf
lq/V2LtrtCpEYXZpZCBSLiBCcm9va3MgPGRhdmViQHBlcnRoLmRpYWxpeC5vei5h
dT4=
=Gqm0
-----END PGP PUBLIC KEY BLOCK-----
GPG and OpenPGP
The original PGP went commercial a while ago, and the free software community responded with
the GNU Privacy Guard (GPG) and OpenPGP.
These offer similar capabilities to PGP, but are free.
OpenPGP can be integrated with common email clients such as
Thunderbird, using
Enigmail.
This is my public key for GnuPG/OpenPGP. You can also get it from the servers at
GnuPG Public Key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (MingW32)
mQGiBEcE0cERBADqBPPCCt39OXXUavOhYACROqWiVI1GslMEl92PbbcTDZmt9FVS
bnGrWOSmEfpyKihoVY5bRPREIT/RKx9HboqjCg8vpn//Lszcz39/YN/YlpStZzwK
kT32TDgtTsg2iRKI1Az6gJHoFgT+ctXJEkdUld9COe0ahlpNAYy/vlNXhwCgvuNg
4Ww2s5LwtmbB61PgyLQjJSED/24A9bFNQ7PwDzdYy1XjXNLy1xptFZ5KV7v1rVBy
KMq9HT4b65OJ+yRd7p98zmgWFFBw2LNhE7hRf35EL67B5GdHhkKZPPbd/j5Rr5A3
fhObsnzGN5PztFND6lWplHrtpxz1D/4e5lrqw73Ys0uXrqrk6L4T98R4uZD5ktEF
3qhbBADHaaoxvwjcZH2VieHyCUQtpWAnK+n+d6oFtBLP8UJdZfocs8lMvKWvhz2V
+nZ81vUgWd9y32CXX+xVKHwPKo7cKjm1sMMO+uMsb6/KJhAnKr+LBmbpIFZ9PbNm
ru60gOVYZoylKy2NK9emjrr0RJLheWrfL5+/NKdPD/Ilwb5Iy7QjRGF2aWQgUiBC
cm9va3MgPGRhdmViQGlpbmV0Lm5ldC5hdT6IZgQTEQIAJgUCRwTRwQIbIwUJCWYB
gAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEI+w85BmXh1MzNcAn1SKLZ05Th+o
7lti2cOUIqe8YoDsAKC+Jf16DUuyUNHaoXZEu4Aqb92OeLkCDQRHBNHBEAgA+wge
zQ9KfZZcomLMf1JMzvprKiGQDDsOHOAUu3SFawiIHVXVcQSZUDkiLnlR5kTiZM6A
EnBKPvDF7/GDgzJXMIyGem9JgBuqsgSmOfosaqx9ZdGmSrfxZaEBeI+/V7MSJ3Vx
5ynf3gV2rBezPHTWmQxeaCx20bQ1k1McIjXqpQgOgd6EA6sBIebdS502uBTmUQSP
selXxGwJDCShJENjNyx4qTbH0MnrRWTlSl8y3Dex1sncSRVlwFerPeGtQF1HevSI
xcb75WyYV2nlS6/3XxV4cmueBdebYf6EcKona7BdoELZhbw/W4p4uZGV0M2pSWyz
YuYHh1NDFBMwRRxlLwADBQgAtGksiYacBJoI2P1o8m/tGgPZrAznC6B+6p4J6roC
gw1xYIBUrxHlbiTsH2sWCNszpZaVykOZ7QsnjGWlIDH91j+iy0DUhPF1gu/ZS4ng
A93u+c34U1GlR4LJoBcdFy3XqDHIuwA5KXze2dYxGOmeqjQyx422n3PscQQp7uQm
etgjrmCdQI6keE5AWtasQyUTyxqCwit1vjxhQykXPG/TJjOu8sJIxDFn9ez86J5v
Nh1PAHcQ1La6t+o7CLcO3s2iBfDH/OVYcTU2xCVuXIjhIBTYI4WAlUsXyd05Xxmo
O2TWZCJWiB/xzx/+r+S4mrzc39hsSxE2lOMOw4nfFa4Zz4hPBBgRAgAPBQJHBNHB
AhsMBQkJZgGAAAoJEI+w85BmXh1McagAnjHNcJL5yJGoT2y3dqkIlR6nDMXXAKCO
vJ6eFCVsJZQE7fTX1QUN5vSHLA==
=Zcd/
-----END PGP PUBLIC KEY BLOCK-----
File Security
OK, so I've stitched up my email, but what about the data left on my computer?
There are really two approaches to this, one mechanical, one digital. To
dispose of the mechanical one first, it simply amounts to keeping all your
sensitive data on removeable media, and locking that media in a
safe! Simple, and positive.
If that isn't practical, you may need to look at storing your data
in encrypted form on the disk. There are a number of programs that
offer this function.
SFS (Secure File System)
Peter Gutmann's
Secure File System
enables you to protect a logical drive (under MS-DOS or Windows) with a passphrase, rather like the passphrase
used by PGP. (Don't use the same passphrase for both!)
TrueCrypt
TrueCrypt is a more recent file-protection system,
offering some interesting features, including "plausible deniability". That is, the designers have considered
the case when you may be coerced into revealing your keys: it is possible to have a second level of secrecy,
whose existence may never be suspected.