security

So, I read out about FireGPG (and, thus, gnupg as well) on slashdot today. FireGPG is a firefox plugin that adds gnupg signing/encryption right into gmail. It’s pretty slick and I highly recommend it.

Remember, without encryption, your e-mails are like postcards in the real mail. That is, anyone along the way to its destination can easily read it. Encrypting your e-mail text with gnupg is like putting your postcard in an envelope. It’s not totally secure (especially from the NSA), but it makes it much harder for strangers to read your dirty little secrets.

So, in the interest of carrying on future e-mail conversations in private (when appropriate), here is the public key for my main e-mail address (thomas, you know, at gumption.com):


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.6 (Darwin)
mQGiBEZlpbsRBAC+OhEyLtvvXhtkququ9Xxk0A8pnwWQoEif3UyFoggncnKcDVZX
or7JdrJBo1eNsOK6o5lTCZjqub/soqwI+6HF+oBq75/KPwW4a7u1kP6agmes7cbR
MZe3/0eQGckpHQrV5EfD15/EeuXtQjUjqm+G39T431edfbQ+0BFUOeVLKwCgrlEN
d0YvJkKjptTqBUngL1E9rc8D/0hmYOE725z5Fvm0dd3+FSUBfsKjxbyH3gT8XQZ/
he44bHe9MbYks6L25I8FcwO+nTSyw2Ytv+WGL1zNqyXfdCDtpP2YEm+YnEx6PaEI
Vp9X+PlhLsxjJeaMfYOsBfpeUxhAJjkYRPwKteWGeYnUjFSKIhu0GbIPPgyR7kes
DNnQA/9sKfEHVi0eQbLjtQaXxyEsH2GwRaGGGwSXStTQEyC1Z3eLBUrNulIFYvwC
dcJwnVhY99WOmCStpsO9Np+4K857hgVVNHz3+FKwZXHF/aPGv1Sftqr6iUrY/7op
K434jXzgVmNJCDanaid8Kp8PnBFY8w2aX6RT8hx2FCTYHARpCLQqVGhvbWFzIEJv
aG1iYWNoLCBKci4gPHRob21hc0BndW1wdGlvbi5jb20+iGAEExECACAFAkZlpbsC
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBXPLnfG4DfjtZwAJ0TKGRwnQ3W
jGBQ2ILM0ZRN7T1vUQCfaMex2trBD8Qtmy8Tfte/lXh+fsa5Ag0ERmWlwRAIAKPA
foOBV2tW3RMFyo6NQGGlZBs6GD1ib2i2cI84meoEYiCpRKc4+y0fTZ+PcW/sMyZP
eIluBZq7YmUD1v8qBNa3M/ldQnlWM1Tfe6WopAfwcUJ/Nmd9L6lQlf6tPpymoELR
48xqco0RwPR3bynZGvUuAaQLMljzvSo9qN/vow2bWFQ1bnOdHY8mVkD5UdXGh36r
wwcJ3aHmIri+AqFpeKMMf01ggDSpJepfNIeTJc6sIGCoQwJIQO9NyyD3/jNSKbdW
GVaZsP1rWqCMisYSWOELPmjM5bS2iGV+7TmEUxwIyJmBqMVy8HCLBqN0YieokANf
o053SQCC5cqhhKA7orMAAwUH/RHj4H9ZlZQ6v1cbVGoEtTNDvtnZj1qa3QWQ5eur
0kdF/yAhLbZ/HREkKEaCKfdTF/ZJCSy0ZtUsoNvQtP/XhzL318UxsMKYOJy9GEaI
TVqHda/VcMrelELfWtsvkK5uvrQFpo/UkBg9J0YQVvwVJd03e2flXiVHNLRUEplL
BziUeeETuyRbw6MsDKUf22uRg28+vwOdUxgaZ7vqoRS/DoTCZ+hSMJTOeCZKM7R0
S0I6Ja6oIwPPVGHca+Rbxv51NYP4Qy20BX9gxms4SbQHMUoUa31+NVIkcsApE+bo
h3zWbbpPpyInY6gcnzHLBnWtgK9gEk6ruigHLj6oFRrJoOGISQQYEQIACQUCRmWl
wQIbDAAKCRBXPLnfG4DfjjgYAJ9GJo/apT5wwxLAK+EVq7xvuWzTZwCdGK0uoKo4
wiTlHXQP5/CTNioGrJk=
=XXAk
-----END PGP PUBLIC KEY BLOCK-----


Of course, you shouldn’t actually sign (i.e. blindly trust) this public key as being mine. Someone could have hacked this post and changed the above key to their public key. That’s why you should always verify a public key through more secure means. Like calling the owner and having them read their public key fingerprint (a much shorter representation of the public key intended for humans) to you so you can verify that it matches the key you have. Then you can sign the public key which means that you have verified that the key is correct and actually belongs to who you think it belongs to.

So, now I’ll just wait patiently for someone to send me some ciphertext.