Highest Voted 'pgp' Questions - IT Security Stack Exchange

221

votes

9 answers

How should I distribute my public key?

I've just started to use GPG and created a public key. It is kind of pointless if no-one knows about it. How should I distribute it? Should I post it on my profile on Facebook and LinkedIn? How about my blog? What are the risks?

cryptography key-management pgp

asked Nov 17 '10 at 07:36

Roger C S Wernersson

3,060
4
18
12

93

votes

2 answers

How many OpenPGP keys should I make?

I am learning how to use OpenPGP keys in GnuPG, and I am wondering what is the threshold people generally use to maintain separate OpenPGP keys. Maintaining an incredibly large number of keys is not good since it makes it difficult to be trusted by…

key-management pgp gnupg openpgp

asked Jan 29 '13 at 04:48

user9117

80

votes

5 answers

What was so dangerous about PGP that its creator was charged in court for it?

I was reading up on the history of the PGP encryption software when I realised its creator was under criminal charges for munitions export without a license for releasing the source code of PGP. What was so dangerous about PGP at that point in time…

pgp historical

asked Apr 07 '14 at 15:02

Computernerd

2,391
9
23
30

79

votes

6 answers

How does PGP differ from S/MIME?

Is S/MIME an abstracted system for general MIME type encryption, whereas PGP is more for email? Why would I want to choose one over the other, or can I use both at the same time?

cryptography encryption email public-key-infrastructure pgp

asked Oct 05 '11 at 04:14

Tyler Gillies

893
1
7
5

77

votes

3 answers

What is a good general purpose GnuPG key setup?

Since most key types can be used for multiple purposes, namely certification, authentication, encryption and signatures, one could simply use one key for everything - which is a bad idea, as elaborated e.g. by Thomas Pornin. So one should use…

key-management pgp

asked Feb 27 '13 at 09:06

Tobias Kienzler

7,578
10
43
66

77

votes

3 answers

Does OpenPGP key expiration add to security?

I've created a new OpenPGP key to sign a software package in a source repository with an expiration date three years from now. It seemed like a good security measure, because if the key is compromised or stolen the damage will be limited. But then I…

key-management pgp digital-signature openpgp

asked May 08 '12 at 11:25

Adam Matan

1,237
2
11
14

67

votes

3 answers

Why shouldn't I bring a computer to a key-signing party?

I'm looking at the event description for the key-signing party at an upcoming BSD conference, and it's mentioned that I shouldn't bring my computer in to the event: Things to bring no computer What risks does bringing a computer into a…

key-management pgp digital-signature

asked Jun 09 '16 at 05:50

Jules

1,240
1
10
20

62

votes

1 answer

Why would I sign my git commits with a GPG key when I already use an SSH key to authenticate myself when I push?

Simply put, I am wondering why would one need to sign one's commits with a GPG key when contributing to GitHub when one's already required to provide an SSH public key?

ssh pgp digital-signature git

asked Apr 16 '16 at 22:36

Mahmoud Tantawy

723
1
5
6

55

votes

8 answers

If I send a plaintext e-mail using Gmail to somebody, including my PGP public key block, is that secure?

I've been trying to figure out "practical encryption" (AKA "PGP") for many years. As far as I can tell, this is not fundamentally flawed: I know Joe's e-mail address: cool_joe@gmail.com. I have a Gmail e-mail address: me_78@gmail.com. I have GPG…

encryption email pgp

asked Feb 23 '20 at 20:16

Joas

559
1
4
3

50

votes

5 answers

Why is end-to-end encryption still not default in mails?

I am not a cryptographer. Maybe that is why I don't see the issues with integrating PGP into SMTP. In my head: Lea requests the server of Luke's domain jedi.com to tell her the public key of luke@jedi.com (The request includes an encryption method…

email pgp smtp

asked Jun 16 '16 at 14:02

Chris Pillen

619
5
6

49

votes

1 answer

Short OpenPGP key IDs are insecure, how to configure GnuPG to use long key IDs instead?

Short OpenPGP key IDs (with 32 bits / 8 hex characters) are subject to collision attacks. It is strongly recommended to stop using 32 bit IDs: Stop using 32bit key ids It takes 4 seconds to generate a colliding 32bit key id on a GPU (using…

key-management pgp gnupg

asked Mar 21 '15 at 12:33

Jens Erat

23,446
12
72
96

47

votes

5 answers

Migrating GPG master keys as subkeys to new master key

Currently I have 3 private GPG pairs which are all master keys. I want to convert these keys into subkeys for a new key pair (and keep that in the vault). I have read the following thread http://atom.smasher.org/gpg/gpg-migrate.txt which involes…

key-management pgp gnupg

asked Mar 20 '13 at 17:31

lz.

571
1
4
5

47

votes

8 answers

HTTPS is widely adopted, why isn't encrypted e-mail as popular?

I don't have an education in computer science, I've just become interested in information security and encryption lately. I'm struggling to understand why encrypted web browsing using HTTPS has been so widely adopted but at the same time most…

encryption email pgp

asked Jun 02 '20 at 13:37

anders

579
1
4
4

45

votes

3 answers

Is it a coincidence that the first 4 bytes of a PGP/GPG file are ellipsis, smile, female sign and a heart?

As the title says, do those 4 bytes carry a meaning (I assume they do as apparently the smile changes depending on the key bitness)? The two files below have been encrypted with the different keys, but within the same key those 4 bytes are always…

pgp gnupg

asked Dec 06 '16 at 19:21

ajeh

503
1
4
6

45

votes

4 answers

GnuPG decryption not asking for passphrase

I've some stuff encrypted with GnuPG using gpg -e. When I decrypt them, the system does not ask for the passphrase, it decrypts it straight away. Does it store the secret key somewhere and uses it (I also stored my secret key in the GnuPG key chain,…

encryption pgp gnupg

asked Oct 18 '15 at 10:58

EsseTi

643
1
5
8

Questions tagged [pgp]