For several years I’ve been impressed by colleagues who have a public key in the signatures of their email messages. I have off and on read a little bit about security and encryption, but always found the explanations too complicated, so have relied instead on just not having anything particularly juicy or interesting to hide. There are of course issues to do with examinations and marks, as well as personal information about students, so I have never been totally happy with my head in the sand approach.
I am now finally having to set things up to receive confidential documents. The basic setup was not difficult to establish: on my Windows laptio, I downloaded gpg4win, generated a new key, exported it, copied it over to my Linux desktop, used gpg to encode a file and successively decoded it back on the Windows laptop.
I am still not completely happy with this setup. The literature on GPG covers various scenarios, such as the middleman attack, and goes into details on signing a key and so on. So now we have not only public and private keys but also signatures, and keyrings, and more and more details. And, while my main task at the moment is to manually encrypt and decrypt files, there is also the integration of encryption with emails. So, the study continues… if any of you few readers of this blog have any practical advice on how to make best and easiest use of encryption I will be very happy to hear from you. There are ways to integrate encryption with email (gmail, thunderbird and outlook, at least, all methods I use) which I need to come to grips with.
One practical use I would like to make is a way to store passwords for the many websites I use, and for which even if I wanted to use the same password I cannot because each seems to have its own policy (on minimum length, different classes of characters, and so on). There are password managers, but I worry about using them, particularly because I don’t tend to visit secure sites on my mobile phone. I think I would trust a simple text file encoded by me directly on my main computing platform using open-source (ideally ‘gnu’) tools.
There is also the general issue of computing literacy. Privacy issues are all around us, and questions about data integrity, and anonimity, are front page issues. In fact, just today I came upon the articles below, Signal, SecureDrop, and Tor are all buzzwords that point to advanced secure methods – overkill for my needs, but certainly something I should learn about.
(Off-topic: I’ve been hearing good things about teenvogue – it’s good that a site obviously geared to teens covers some serious matters.)