Key Expiration / Rotation

It’s probably a good idea to check if you PGP key has expired. The easiest way to do this is in the tools that you use to manage your keys.

Another is to go to somewhere like pgp.mit.edu, and search for your mail address. Doing this lately have been an exercise in frustration as the servers always seem to be offline, slow, or out of sync.

My most recent key was old and short, so i’ve generated a new one, and expired the old one. As linking to the key servers seems to be hit-and-miss, here it is:

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFwniY4BEAC1IK1bY6Rs8jDBgbFFBeSgvMcvq6qsFrRNAxZoECMh3bO+RcMi
ZSUZsaawsVWOnHzsQUFhNhzge8RKOYR+LQvKSZ0aLDVPOmDuBJQgM17UJSP0BYDv
IwORMrPeHlwC7TlNCNsVUidt8HfFFJINHg8XVolx5QM4EfioD6M2p8UmfK6UQa9h
YhRNnC0mm18hcc91rhNpHw3LzElLGqZR9e9/vyjAskh9cxNodCAMYx3bBKLq4AM5
p5e7CPgBfV6WgKdLxF6lZcMWIt/lfEDygRU1S8RJD4yGPlb08F3iePM+1CBOT3sU
oCwoeC2+FJCxzSBVRB32tMquO7DJOSjqi30yS2d5z9KYJL8A9JgBmsxD3a5Lcwgr
+wtIPW5j1nulcxlC2WFmQrmvQ01Yl5BEt8hMGwoT1ZDCgdfpeYMn1/mmjXfWrRjn
wpFOU6eY7s1uF58q9aaUmQ6EHnfO6l/UHOW1V5Ao3tMUGlW7U33GlNqU+JszDzHg
gOvWmEDZRacFhrlFP2t/kk4Bkb1hYI6fzrcDQabZcoIKVQmyURMag/QV/ehmyT4R
ps7PU7/0SKUawsFjQwe5xpwh67o8k99Kk5L/gEvPoIqiYVQkfsYG4+BqVYcBqdTt
vj/fxRAlrEIRKTB+DtCuetgVX9iT0hetP7LazU9ScOhXpygMu3lWyMCNmQARAQAB
tDRKb24gRWxsaXMgKFJlcGxhY2VzIDdENjlFRTkxKSA8am9uQHBsYW5ldC1lbGxp
cy5uZXQ+iQJUBBMBCAA+FiEEKJCjresbzn2uFRZukmftqRJz8R8FAlwniY4CGwMF
CQeGH4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQkmftqRJz8R/hqBAAkpO8
eo53bGogtgOR6VcPlqGnAgRU/KVXU5jFDkFqEUcWM0/AlJ19S2+ORZ9N8QheQHFP
ii8HPwiZx57YCHvwFVbI117D6q4TY8u6kwRzfNwQKVNhCTns+xcdGk1g9q6lSbUE
qB2PqylNKNLa73b89syPk9YQ2sxL/WSeaVi3iNFHSVR7HaQGOD9V+81Ez9SS5se0
GrxktxCJJ5/LI+OmlOqdkk+R5QG33LmQM8sBB2myBqMXAluxO0HeVFRo3jGongnm
BomUTYBxrR852rR9AEBisL8AAhJw2/79tSyCLjlhTD1zVZhziIH6UVLpiJPq2JEa
rOjTU2hVFj4P59VcZCqAQ7Vd/XA/ny0JfSZhJLc2rQK6Ix1dN2c3PvLqGvL/F+86
VWIC+K1QTmCTcJutW2aIjgFbFcd5+zaPgWud0Ccczv/HdmORIbg8jsqIVZmmL7K3
NF70jZf59hNUkS93GUnPDyxwd7KgCfl+xZQohgqYifrT/s3W0fJl/1eHat4wPFcu
2vEQBpNJpAQVXYLKXnrLUwtosFOWTQDVAXSFyYmiYhIhQXEeHsAVCDWeIsPY1DJu
xoGDOtwnz87xfzKKsb9iW1MTWsvFOVBofhPoOpbC67S0FKyV1sxEFkb80RnNDaoU
Pxa8IGBQDCkfbpv494z8Y9sbwqgM4i7IMBQXbrGJATMEEAEIAB0WIQRmhOHrleZy
5zv6GydA1RUbfWnukQUCXCeMiAAKCRBA1RUbfWnukcwnB/93Py95PFZ0w7mhGYoR
40GqxPyG5ADZ3W9d007eijn4uJ9XCZ8TSQeyZjexPfyPtHi4ouLDnAHz2iisvvk9
egNdnyOMBIA/JoTskT79Ny3yaCBdX1AObCyTrxKX0hcfI/K+T3FlfIwTZAK4riJ8
SGsSzGmglVI5df9H61hpSex9ua4W1EczWXyD3tI37qQXc4XhJLPfdqtO+ABEfL6h
uRF53cLDvGcJp6KSVcJJhP9yE+kD40J1ynoaTWH0znG54Xq8c1RWqKzQV8jNC3Ip
uI4Si/9uG09ti0CyvsvPeR/GFNzb17CBZoXAhOhcyAlBeHQngjP1UnrqytTfE9HC
QIQFuQINBFwniY4BEACfcZ6tRsBV1dDTjfl6V9f/joWpvx2fvJqKll+EAL0jKTfA
n+VpXvUmlG//voN8fT+QbRhg8HA1QeTrxYqbsr/JDILd3wg+hzWrUlXt6ynQnDKr
p6m04EzE8P+Cl4pol79Y+Ew1TjLO2sUifoo8BOlLPgp2S5PH1T2uuWa74+pjTqsv
NLpot3aLZZ8MMss13ZZL8hpokJnExqT1QjY3YNhE4u6vvmK5jfK7gd05nL9UhCdZ
A28qxcisztAD2O0QOSvNPLJfyJ1Hj+7xynDv72BlMCk6YDqZB3bFwUX06YpOuDa1
piaQ51uty/RQw97cn046h2KYssP2SHDBQgnMhNUzqC3MnR1qSVHDvFwSlqXpjTJc
aH4z5/XH7FDR+okK2qlLRC0JjbICfBTpKNk355RfCTUneExVvkGXp8pOZQsj6f/5
67x87nDKqzTL0p1ThSBKwhPwQT2rpJ+jzV8OHya4zyKgXMnXKTiGh3+IdJxMOLNe
Hw3yg5smL+4w6bBiUXR/tNr6D3E5k5hPP8b4wIMYvbZGwEXHNY4Owq0hAwm6gJgx
Ew3ruSszSLdzyQHFVLBMck8L1dt0r7G3BLSl8LC3cUQOZtSQJAfSrwmCOEqwlI6Q
utSpubrLkR94t92uW9Ln1FtQWOyF5eUUJRpr6rx9vPuf/zO/B61ApXgMYE35LQAR
AQABiQI8BBgBCAAmFiEEKJCjresbzn2uFRZukmftqRJz8R8FAlwniY4CGwwFCQeG
H4AACgkQkmftqRJz8R/nKw//Wj59vryVXeaeJoit/zRDhh9tkSeE8nBqnSjcpJX9
C0eZ5LxXDXoY52yj1QZ5Ro0damh6WqzwgZGni7Z8CgbRwVwObK4oid2DVsYYyt8+
vvOIlI0QddF8dyVI/YHp4iV9busCGF2N9LZ9A5KBnhY+QEh6y5yp7hFwh/5yjbAl
tfHUkgSgZHU+2AeKmU37hJeUI1Y8e0eHQZkteKe5t3k5VzmnYLJZO9Ss6s1oKeuq
PSneTuYUk6WpXh09sW/XqmO/LXPfgS4bwEEJ2QlvmvYkjJQkKit3T/hXhUF3vgoX
lhmfAR+7f9tVBQcghkDaXirfbp5U37WTNJLWWzgul+0foU29YK8OoRG0VPNAQ3tl
64ToS5I4zf3A69AZqVyVTT72rpmrNxvG6isf8m98wLQ8qOJ0PJALIj93tSlyXWxN
G8UZNdoIQnNb/+WnDCyTrIczN/Dg5+rtEla3kAt66rJtiQrdTHuswEIeEF4goblA
BIArf2y21OEAt9QjhsSixPbEAnJKhS0KJ9ISQnNUW09c9CqViWotznBzw9SdIf8F
EKGeYJiMfIsafHShu89k7OAiQVsQk38ldfBLPLeik8eCrI2/ul2MfsCDhjHmmbUR
sGrnTuyPg1rf55P+ofV9cH0d7Dij4Skk22FSw1YWcwk5m56FbXwJU8cyrfEa8uW3
INU=
=hsAZ
-----END PGP PUBLIC KEY BLOCK-----

This (0x1273F11F) replaces my previous key (0x7D69EE91), and you should now get warnings when using the old one… assuming that you can update keys from the key servers at some point in the future.

On macOS i’ve been using GPG Tools, and had considered giving them money to continue to use it. However, having watched a 35c3 talk titled, “Attacking end-to-end email encryption” which covers all the ways that PGP is broken in mail clients (“except mutt!”) i’m more convinced than ever that secure mail with PGP is essentially a disaster waiting to happen.

Signal, despite its lack of UI / UE polish, remains a much better option if you can get the other party to agree to use it. If you have to send and receive PGP mail of any import, do as the experts suggest and compose it outside of a mail client. And, for the love of gub, don’t do it anywhere near a browser!

 

Advertisements

GPGMail Beta for 10.10

You can get it here:

https://gpgtools.org/news

For some reason that’s the best link i can find…

I’ve only had it installed for a couple of days and stability isn’t terrible (one or two related crashes i think…) Up until that point i’d be living out of the services menu, which isn’t bad until you need to deal with attachments, and need other command line tools to decode / extract mime parts. Even then it’s not that bad, and will always be free.

Edit: the notes on setting up GPGTools Services are here, and the command line tool for mime is ‘ripmime‘.

Public Key Crypotography Explained With Paint

The video below does a reasonable job of explaining the high-level concepts of why it was safe for me to post my public key on a web page:

A lot of this stuff is counter-intuitive and hard to grasp when approaching it from a traditional ‘exchange of secrets’ point of view. The analogy to paint makes it obvious, and negates the need for having to grok the maths involved… well, unless you feel like understand and auditing the implementations.

One of the cardinal rules is that you should never ‘roll your own‘ when it comes to cryptography. There is almost always someone, or some group of people, that have better odds of getting there without making beginners mistakes.

Just Deserts

No, not another screed on the arid corners of my psyche, but the continuing effort to get you to care about encrypting your mail.

I know, i know. You don’t understand it, it’s too complicated, and you’re not doing anything wrong. And, it’s all true, it is hard to understand, the software world has done a terrible job of making this stuff accessible. And as for not doing anything wrong, well, that’s completely missing the point.

That said: enough is enough. If you’re smart enough to cook an egg, drive a car, or program a DVR, you can setup and start to send secure mail.

My public key is here:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.13 (Darwin)

mQENBE0j6A0BCAC48T//Z29nLme+DBV0hKa9pr4719cdvHuW/95S57KK5tECHpny
k7+Alu6bf3Z5/WoGG4y7dCbsFVJaG5QoNClujt3nx4qsW9nvB181EOte83VSh4VH
6hwq16S2f9azg3+QWkAzhI3jnIuoqnkdpzRfRG8oNKVfONKB08No6zbki8ovxr6u
Eki39hwbL17WF6RN7d4MmioxPYZI/3jf3u2G/LiPn6IyDMKFVAVrYMoObEU5wAOv
Z1ChYn+S2DAgp+IW0qiJAPn4fVFeZuFf7cgRnYWwiWfRiQ2Y63BOJEbJDHVvbVKy
/0cLjbjXkjda0R88w44sMuibTOdE6tsLpFzhABEBAAG0JUpvbiBFbGxpcyA8amVs
bGlzQGdldHdlbGxuZXR3b3JrLmNvbT6JATgEEwECACIFAk+ayGACGy8GCwkIBwMC
BhUIAgkKCwQWAgMBAh4BAheAAAoJEEDVFRt9ae6Rm0EIAIxk32lzv7kLafL9CccA
7xmMYK636pA3NeXbsHrh5/hsW3Pr2DLEzscryizEK/VHgr+eLsdWfxSLROn/wD7r
SjRKx/lFe/ampmgTO5WNtklqquaq77aWtt0SV75uT6GoKFyDOVkRGzH7ltKP5tV6
dqytEzBzGQ4aBZGIn0nO9LaenkKDgeB/Q9Ni6R1LoCwjUXStxpVjqGqyAoxcl34T
H6PqrXNXxJAz9wQiHWNT5l8QN1Pok8iM7vqvlxYxXJ7nAW3E81P/13v+5RMHuBw4
8TIFHi4TeO/nsu1sDXRTM1myyfNeBTxijGRgc/p10/EhIpy8cbmkl6tgXuBDfB9w
qtu0IEpvbiBFbGxpcyA8am9uQHBsYW5ldC1lbGxpcy5uZXQ+iQE7BBMBAgAlAhsv
BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCT5rVUwIZAQAKCRBA1RUbfWnukXCA
CACpPqsxxloXytcHQ40vaSc7+s8HymQTwJw3eQ9CaZO/y3728/SBifjMIwHkVf+p
GbhXiePvs3CfVsheo+3wSvveepFeL3udPqeTTa/43MrRWNN1UkCmhF/h9GpCGi65
mmssvFGCW/mwTK3lXDBGs5MJgLsa/t/6f0cfMq3CtAl01OAEMXfp6jznrCCDJzll
zZZUvZvF20dmLaA/qa6MFbRSx+r/64vY/BvE9v/M0OFX78CbTIWYfxn3MI5sIuEz
Qxld+lQDouUFOpuzRKgIcO83ZppYhmD5I4KvlPluU/o5DiOg9TILtlX8pVZL9H4R
GVm+ZVH+ujd1uIEEIU+7D/RUuQENBE0j6A0BCADHVR3YOCG6mT9lxkllj7yl+X2M
8TIlDwQeH1Fi/BUAlZB7Y5bbTJfDSEsSsYc8LMTYSBvzVyX5rPBiblSoyEw+2UBX
ihnEAjxOogNoenTotjvkeOQlz0p+iWB8Bvx1Y0ulO7ylNGrTKUk3e8z1i+GaLsLR
HCBF83Zrs88arSmh4eL5+UWZDF/a8cpTNwq7sv/jFG5Gxq+SLF7aKjVEe525OgPT
kiZ8BWa2e9z8GJ72p/uhG5hruq+nSSDHfeipQVsqGGyAgZMjVWFwUD6aAmwlPWVu
ZlfIx8zc8yMLUgbUTjQNOr8+X5MF9UmJYDJjxy/KDGfNTg6i9JSqsLRW50+dABEB
AAGJAj4EGAECAAkFAk0j6A0CGy4BKQkQQNUVG31p7pHAXSAEGQECAAYFAk0j6A0A
CgkQFjbDGGXVYgxXJgf+MP+JS20PRe+SLOcIcExrPSMXnpJmXm455JDP0Dvf4fue
ORFR2BHN4aX7+v/vz/l5otIMU4s7xtABJRlLNMqSAlN6R+sTdEM5Yennk10CCsqw
vvP6b2EtOiWNvIUkeQnAatHGVg1c8sQLKa8Z77TUn+NEahMNWricsUUGSIxiB9qM
aziaf+AFI8gNp7/sEGOL3C11dAhzSUjoz/UcDAJ8TZgF/bK4eOgBf5s2HT28QBEz
ObzYUos+QVBpo1DXL80L2Q4SinJ3V9879zuK89Bc4IwBWiyWVIAGJqKaWIysOlJn
CkBFZ+qRaInQkVV7TF9EwKP9hRvfidPd+MO5vDWeU1MEB/0cdsyInYGk6D7J3hzr
z52w0Q2lf4sr1Xil/fumljNe+vCEndnfDTrysvVXo6OueYtR1/iirrB+DlDF+uQy
sg1kEiVa14OwNiSDDysXglrCDVzUb3jkncALJvyw6+/e+kcNUK3rDGSc14162bpC
syHZxfOyunXh3tcYizmZSxS7xbVkuaj2jfaZbiburXKNF6p8wSpZlzcLMFd0sBwr
GStw9LXnzn4umWDX+w4UehPVyGcXvO/FT+MjWDOup0bpqn3Rj2A7+s1CUNXmkeky
MIb7gvy1fGuwI/8ywISfDh3uSBKwC+dpgq2D7PBOQHJt99auBw4o52TDKWUnaq9m
2TF8
=c1e1
-----END PGP PUBLIC KEY BLOCK-----

Your challenge, my dear friends, is to get off your collective arses and send me an encrypted mail!

Starting points:

  • if you’re already using thunderbird get the enigmail plugin.
  • if you’re using OS X and reading your mail with Mail.app (the standard mail app) then look at GPGTools / GPGMail.
  • if you’re using webmail (GMail, Yahoo! Mail, etc.) and Firefox / Chrome is your browser, then look at Mailvelope.

There are a million and one tutorials out there on getting this setup. If you find something that works for you then let me know in the comments and i’ll update this to point to them.

Update: I’d really like to know if anyone can read this with a phone.

jon