GPG

Security and Anonymity

Many of you may or may not heard or know about GPG so here is a gist.

OK, now comes with the bad news. Nothing is 100% secure or safe from eavesdropping. As we have seen recently with revelations about the wholesale spying on the world by the NSA, the subject of security and maintaining your privacy is now much higher on the list than ever before. People who once thought nothing about sending their most intimate details to another are now rethinking that situation. The internet has always been open. A closed and monitored internet defeats the purpose for which it was intended: the free and easy sharing of information, thoughts, ideas and knowledge.

The Heartbleed SSL bug was big news and quite shocking to the security community and internet users in general. OpenSSL, which contained the error, has been fixed. Most applications that use OpenSSL have also been fixed. Website operators have been working to patch their systems, too. As for Digital Hackers, we use GnuTLS, a different encryption library which was not part of the Heartbleed bug.

Much is now heard about VPNs, encrypted connections, web pages and emails. So what are these mysterious things? Let us find out, shall we?

Introduction

GPG(GNU Privacy Guard) is a free and open-source tool or program for secure data communication, file encryption and digital signature, fully implementing the OpenPGP standard. It allows users to manage key pairs (public/private) to encrypt files or sign messages to verify authenticity, widely used in email security and secure code commits. For instance, if you want to send a very sensitive email to your client you would want to use GPG to encrypt your message to avoid eavesdropping or man-in-the-middle attack. But first, you need to share your public key by sending it thru email. When you going to send an encrypted email to your client, make sure to use client's public key to encrypt email so that client can use their private key to unencrypt email. Likewise, when you received encrypted email from client, you will use private key to unencrypt email.

Now you know about GPG and how it works, give it a try and see how it's very useful when you need to send a very sensitive email. For Windows users, you can download and install GPG4win or GPG4USB. For Linux user, linux has already built-in GPG but it's a CLI(command-line interface). If you prefer to use GUI(Graphical User Interface), you can install it by sudo apt install kleopatra (for Mint, Debian and Ubuntu), sudo dnf install kleopatra (for Fedora and RHEL), sudo pacman -S kleopatra (for Arch and Manjaro) and flatpak install flathub org.kde.kleopatra (Universal flatpak). You also can use GPG4USB on linux.

We prefer to use GPG for sending and receiving emails for our privacy and security. If you send an unencrypted email, we DO NOT reply to your email since it's in our policy. You can get our public key from our Contact page.