PGP & GPG

I have to say that I’m highly impressed with PGP & GPG these days. The fact that a friend with GPG can send a message and encrypt it with his private PGP key and my public GPG key and then I can perform the reverse operation simply blows my mind. For once they’re interoperable. I remember a few years ago when there were all sorts of problems between the two. I applaud both the open source community for their work on GPG and for the company that owns PGP for their work.
But, we have to look at the other implication here. Is it possible for someone to open up your mail without your permission using an Escrow key? Or perhaps is there a cipher that exists that a three letter organization holds which can open any message and decipher it instantaneously (think Sneakers with Robert Redford and company).
Of course this also brings up yet another topic of discussion, should encryption of e-mail contents be allowed? I’m sure that banks would love to be able to send billing statements over e-mail to users rather than having to send statements in the mail (of course some banks allow their members to log into their SSL enabled server and view dynamically generated PDFs through a viewer), but wouldn’t it make it so much easier to send financial information we all just had keys?
Again, if we all had keys, there would be little or no anonymity on the net since everyone would know who everyone else was, one of the keys of PKI is non-repudiation which basically means that you signed the e-mail you sent, no more prank e-mails using someone elses account since you don’t know their pass phrase… no more accidental e-mails where things shouldn’t have been said. I’m sure that the courts would love this, but something tells me that Joe P. Smith isn’t too much of a fan and would prefer to keep low.
Anyone have any thoughts on this topic that they’d like to share as to why PKI and other encryption will never be widely used by anything except for corporations and binding documents?

[Listening to: Rock N Roll – Bleach – Static (3:47)]
Advertisements

One thought on “PGP & GPG

  1. I’d say PGP works great once you have an established relationship with someone. I always recommend people don’t save their passphrase and instead have their system prompt each time they sign (or encrypt) a message. The only thing I’d worry about (on a Windows box, of course) is that a keylogger could easily be recording my every keystroke. I assume the majority of people who use PGP are pro-active and protect themselves from spyware and keyloggers.

    On the Mac I know Terminal.app has an option that will not allow any other applications to grab the input from a keyboard, which is something I think PGP should add to their application as well.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s