Recommend a PGP freeware solution.

[ColdHardMetal]

Go!


I remember reading about this in some magazine way, way back in the day, an article about the guy who invented it mainly. I've just never needed it. Recently I've run into some spots where I might, so time to learn something new.

I know I need a key generator or some kind of software package. What do you recommend? Does it even matter since it really isn't doing anything terribly complex?

Thanks.

[theymos]

GPG is the main open source OpenPGP client:
http://www.gnupg.org/

There's a Windows package that includes the Kleopatra GUI for GPG:
http://www.gpg4win.org/

[ColdHardMetal]

Thanks. I'll check it out.

[genjix]

gpg is standard. everyone uses it.

[Nefario]

gpg is standard. everyone uses it.

Pfffft, speak for yourself. I had yet to meet someone I know, in person or online that uses GPG or any kind of email encryption/privacy software.

[grondilu]

gpg is standard. everyone uses it.

Pfffft, speak for yourself. I had yet to meet someone I know, in person or online that uses GPG or any kind of email encryption/privacy software.

By everyone I think genjix meant "everyone who is using encryption for their personnal messages".


Personnally I don't know any other encryption/signing software.

[theymos]

Personnally I don't know any other encryption/signing software.

There's the original PGP. They don't offer any freeware versions that I know of, but the source code is public, so you could compile your own version for free.

[Cryptoman]

If you plan to use it for email, I recommend the Enigmail plugin for Thunderbird.  It uses gpg, which must be installed separately.

[gene]

GPG comes standard with many (most?) Linux distributions.

Here is a good howto for Ubuntu:

https://help.ubuntu.com/community/GnuPrivacyGuardHowto

It works with email programs like Evolution, KMail and Thunderbird. Of course, it can also be used to encrypt arbitrary data.

You can install it on other platforms besides Linux: Windows (with support for Outlook), OS X (with support for Mail.app), Solaris, etc.

[grondilu]

When you become a real linux geek, you'll use mutt and you'll find out how easy it is to use with GPG.

[gene]

Here are some links for the most common/popular GnuPG packages.

For Windows:
http://www.gpg4win.org/doc/en/gpg4win-compendium.html

For OS X:
http://www.gpgtools.org/

For Ubuntu:
https://help.ubuntu.com/community/GnuPrivacyGuardHowto

For Thunderbird (cross-platform):
http://enigmail.mozdev.org/documentation/quickstart.php.html

GnuPG and Bitcoin are complementary tools. Without GPG, a person cannot truly leverage the power of Bitcoin, secure his/her wallet or establish a strong trust identity.

[em3rgentOrdr]

Glad you are using GnuPG.  Here's my PGP public key, if anyone feels like sending me an encrypted message for fun:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mQENBE0tpGEBCADOpInlR/boZxwzU+TlyiZWQPZUyTWpKXIXs0UyTqzWrwQw/Pb7
kn5GfjAaOPvq7s381NpoOt/yCjj+i+8F08DPUB91QMGUN3SDqvlQUnteriWRLee3
rPLn7Y0LGMwDfbz1jzg3uR4/MPR65ZDZEST0nfMAWyf4+Kl4X5SahfgN1/rK1y8A
08l7Xmg6vzHFDfGORnLmS49wFdnr7rElSWZw80Imy9pI9JhMfIuWmNJU3oy9SPH5
DlAmL/n0qsE7rE8tVLtVgSSTz13weZVunQ7E6soDVSS9rOFtM19tKM1SyV5YBqYy
XgQrpR8wKGq5rnL6wAVvjOY77lpLFr7b9V/BABEBAAG0MWVtM3JnZW50MHJkciAo
Yml0Y29pbikgPGVtM3JnZW50MHJkckBiaXRjb2luLm9yZz6JATgEEwECACIFAk0t
pGECGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEIGH99GxvVffomYIAKiz
V8vZUkYvCm0UTPwLQRPJg7BPD12OhEjeFOJN6xNHPvkiEynO47hdia+iepzwweOM
uUCs8Pm0ot/m5IniFvfSGkv6ojKxMXc8X8pWoSE/n7aqk6vHLVX/sbsf7atSe64g
bdxvt3Mij2lUQdCjZTYMCzgQEgIK3/94YR3+HsddqSEPmKvSNYZA6iEE4sG0T0VG
OxsqGjh54wAGridaIfyPg3yoo0NclBV/6IiYBUvzX988IMEXgiuxBYoZ3wzSCpi/
kVlfS9tUtZJ19JRPr5rCu6D40xCijj7ueKTlrATqOONnfOKjHE70rQxlke1zfGJI
E6fcAPxM+ebCPCQKkV+5AQ0ETS2kYQEIAMeWScD2WnUh7oN0Ku0OHzxcysyPwqzT
4Gh3DPKt18pfWCfXrLjuozNlR2EQ9rvwmnR5rgYGcX2J/lJJcQjl7wcyZd4RB/Rq
DbVYIslxTJ9Tumtg/GKlunQCBWjKd+aQ5zGr0tGewGr2F/GWK/X8a7/7JdFwgcdd
Yq92iavrATUAhqfe8BguAREpGOS44AR5AAtaZx6kPuhh0cgxRZYBs4Q8gY72zXEa
WqcIWPXEx3CeFbfoWuNOaJk0riZAV8bN1ZBzgF2tn5/tngH467huQwz5yR2qtQPj
kPCuIp1s1SHQEhmAtjviOQ4E9j0aIbFh7Q4DdxK54mjwBKBXgxq2h80AEQEAAYkB
HwQYAQIACQUCTS2kYQIbDAAKCRCBh/fRsb1X3yV1CAC8be0ElfzcJOnrAZS7AGV3
JlHqqLhR5UsEMKPNQ9OasVcPUrT4hLDbPUx1xol4MripYihWnJ5XkYLIup8erCwE
12E5LQzJa+jADBGjt77xsqVXF1peZ4XDIIbD5BSqDztiFnclEYBdVmTNZbw95KM6
UFJpMpz7Kcso7M6A9h1u3M2PCpypkTTgtUeGSIMh9L8/Jxr691ecA5wtHXqJxadO
MB7+4JCt2jBAAZXytOA6kgZPak9lLQE9NSVjq+P4k218Pzw1gFYeK52hx5Z7MQ6s
MouMddpjgyYj6dq+iB6OStHwBq/4NZEhy3hauyUBsYmQOfoCsey1oJkBnkNzsGbE
=tQ0w
-----END PGP PUBLIC KEY BLOCK-----

[grondilu]

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)

hQEMAxjmd7Mx1KkNAQf+KpqbaipllrbmRrKl7iiz8vBh9EiVpycnfWJrtMeL8HOn
/GdKXWsLanpRQ9GWIT6VF2zc0zVJwJVq1qrnyGZyP2Ro5Z3rrUcekcMm2rlSn7lF
gy2rOMdtZVJmsyZpKTkpGMzNsF9/+g3siLw5jg2kBK34AqA7/I+RUDyHRQ1lhoHo
OhO3JidAqJwTwQil5bsg7Y2hOyN0b9lQEF1jAZdM5UfkoY4CNbHIlKxqgqT3R5J3
mI/NWzNC0qOP7hNzWJnFgZVoNvZlmn2Z4lIWYfJ/91wn+LDiSWX3qVOPQaTyXHfH
R8urm1uk+/LWEl2Z+dFaIqXnxgRJ3trouwKXe9ZfE9J+AQZbbX4+6j4UKs6TYR9M
7uzIf2oB6kq4LWb5JPrc4YRnafuxbEX3tSShVtN11MPC/YeIhDAM+NeSs+i8vgnE
V2BSMaX0omYa+dqpcfKRVehzZBo/EL8TZk0uipF3HiIT1xh3ITGlw4QNid+brwFF
BWntPTZMu7Qu92jkoOgD
=F7zV
-----END PGP MESSAGE-----

[em3rgentOrdr]

 

[jago25_98]

 I use the free hushmail forms and put it in my signature so anyone I email can reply to me privately if they wish.

No one has ever used it.

 GPG works well if you're sitting on a linux box with mutt.

 However, if you're traveling the world logging in from Internet cafes it's a little different. For that the only solution I've found to really work is logging in with a one time password over ssh.
 
 Compare that experience with gmail and it's not great.

It's a shame firegpg is discontinued with gmail.

 I tried setting up my own webmail with squirrelmail to help the process and just something to do. I found that in order to get an SSL cert I had to give my name (`the natural person` - can't use a company), or pay. How a real person can be represented by an SSL cert? I don't want my voice to be used by a machine if possible, because I could be sued for libel if someone says something someone else doesn't like on my wiki.

 Basically because I don't have my own computer with me all the time I find it very hard to use PHP/GPG. Especially with a mobile phone. Then of course you have the problem of the person at the other end not using PGP either.


 ^ all this took a lot of finding out. I generally don't send anything protected or signed anymore until I can find something better.  Hope this helps someone out there though.

[grondilu]

Basically because I don't have my own computer with me all the time I find it very hard to use PHP/GPG.

Normal.  There is no magic :  you can't use key pair cryptography properly if you don't physically own the machine where your private key is stored.

Hopefully this will change in a few years when Smartcard readers will be on most computers and/or smartphones.

http://en.wikipedia.org/wiki/OpenPGP_card

[em3rgentOrdr]

It's a shame firegpg is discontinued with gmail.

shameful.

I tried setting up my own webmail with squirrelmail to help the process and just something to do. I found that in order to get an SSL cert I had to give my name (`the natural person` - can't use a company), or pay. How a real person can be represented by an SSL cert? I don't want my voice to be used by a machine if possible, because I could be sued for libel if someone says something someone else doesn't like on my wiki.

 Basically because I don't have my own computer with me all the time I find it very hard to use PHP/GPG. Especially with a mobile phone. Then of course you have the problem of the person at the other end not using PGP either.


 ^ all this took a lot of finding out. I generally don't send anything protected or signed anymore until I can find something better.  Hope this helps someone out there though.

Could you impart some of your knowledge about this to us.  I am very interested.  Are you saying that SSL Certificate Authorities are centralized possible points of control?  How?  Are there decentralized alternatives?

Is it not possible for me to setup my own mail server on my own VPS, such that all my mail could be provably private (without my VPS or anyone else being able to decrypt my messages)?