Security is a huge topic and the common wisdom is that even with huge amounts of efforts you can never be entirely sure that your data are secure. Nevertheless current technology offers us some measure of security through Public-Key Cryptography.
This page is about the practical uses of public-key cryptography in email communications today. It's main purpose is to help my non-techie friends.
TODO
TODO
There are two alternatives today suited for use by the general public, PGP and S/MIME.
PGP (Pretty Good Privacy) was a program written by Philip Zimmerman and was the first of it's kind, making privacy, authentication and digital identities, as discussed above, possible for any personal computer user. To quote from the PGP FAQ:
PGP is "encryption for the masses." It gives average law abiding citizens a few of the privacy rights which governments and corporations insist that they need for themselves.
PGP is distributed as freeware from MIT.
PGP uses the RSA and IDEA algorithms. IDEA in particular is still patented in many countries so some people wrote a replacement for PGP called GnuPG. As part of the GNU project GnuPG is completely free and does not use the patented IDEA algorithm. On the whole, GnuPG is compatible with PGP.
The current standard format for transmitting PGP messages over internet mail is OpenPGP. Depending on what mailer program you use you might or might not have support for OpenPGP. Users of Mozilla or Firefox can use EnigMail for example.
S/MIME is a newer, alternative system to PGP which has also been standardised. It was developed by RSA Data Security, Inc. a company founded by the inventors of the RSA algorithm.
S/MIME seems to enjoy more support from business companies, while PGP is more popular in general. As far as user agent support goes, S/MIME is supported in most major mail clients, including Outlook Express, MacOSX mail, Mozilla etc.
You can download my GNUPG Public key from this server or you can search the wwwkeys.pgp.net keyservers for the key id 0x1119FAB3. Sometimes they are down, try multiple times.
If you're interested you can read my key's statistics by Jörgen Cederlöf's excellent Wotsap tool.
Also if you have a pgp key as well you can use the following form to find trust paths to my key:
You can download my S/MIME certificate in PEM format. The certificate is issued by Thawte so you might need to import the Thawte root cert. You can find it from Thawte's root certificate and CRL database
In the process of getting myself an S/MIME certificate from Thawte I've become a Thawte Web of Trust notary. This means that if you are available to meet with me, in person, I can assert your identity to Thawte, thereby granting you web of trust points. With enough points (50 at the time of this writing) you can get your real name on a Thawte personal email certificate or become a notary yourself. Currently Thawte will grant 10 points to someone that I assert.
To arrange an appointment get in touch with me either via email (you can encrypt using my certificate if you want) or via telephone at +30 210 727 5404. I live in the center of Athens, Greece.
Obviously 10 points are not enough for any purpose so you will probably need to get your identity asserted by other notaries as well. Check out the Attika Notary Map for other notaries contact details (you have to have an account on Thawte.com to access that page).
With PGP it's all about the web of trust. This means signing other people's keys and getting them to sign yours. This is not always easy, especially if your social circle isn't interested in this type of thing.
One way to get your key signed is to attend a keysigning event. There exists a site called biglumber.com that lists keysigning events, as well as people interested in keysignings. I am also listed on this site, under Greece, Athens. Feel free to contact me if you want your key signed by me.