PGP
Back in the late 90s I was using PGP for email encryption and signing plus file encryption. I thought it was cool and everyone would start using it. Ten years later I still can't believe we have all this sensitive email flying around in plain text, it's utterly insane. I was wrong about PGP, it was ruined by a takeover by Network Associates. Later I used personal digital certificates instead from a certificate authority. This is dead easy for other people to use with you even if they are only using vanilla Outlook Express. Thawte used to give out free personal digital certificates expressly for this purpose and to encourage encrypted emails but unfortunately cancelled this service in September 2009. You can still get them free from InstantSSL, but I've had problems with Comodo chained certificates before with Windows Mobile devices, wasn't keen on any issues. You can also buy them, Verisign sell them for $20 USD.
So I dusted off PGP again, added some new email addresses to my existing PGP key (it had no expiry date) and uploaded it to the MIT PGP key server. But AFTER you upload keys to the MIT server now they advise you that the PGP register is being harvested for email addresses for spam. That was really bloody annoying because even after you revoke your key you can't get your old key and email addresses removed from the MIT register and mirrors. They are there forever ready to be harvested. Not warning people before they upload keys is utterly stupid. I would have never uploaded a new copy of my key with the new email addresses if I had known. Thanks MIT guys. Unfortunately I also revoked my 1998 key before I knew that this wouldn't remove it from the key server. Grrrr.
I then tried out some newer PGP software than I used to use, because when I last used it I was using Windows 98. I first tried PGP 6.5.8CKT. Some people don't like this version, but it is the last free version of PGP that still supports disk encryption under Windows XP and has an Outlook Express plugin. It imported my old PGP keys ok, but was unable to generate any new keys generating a "invalid parameter" message regardless of what input or key length I specified. Googling that error didn't help. Nor did removing all invalid keys or reinstalling. Argghh.
I then tried out GNUPGP loading up Gpg4win, only to have a simular problem with an very uninformative "General Error: This is probably a bug in GPA" when creating any new keys. Again Googling didn't help that is a generic error. I also wasn't impressed with the frequency the application was calling out to the internet.
The latest commercial version of PGP version 10 came out this month but costs $287 USD.
I tried an earlier build of PGP 6.5.8 CKT and was finally able to generate a new PGP key.
The whole PGP experience has been a pain . Plus I can only use it with guys who would have PGP installed, and I only know two that do. I really don't recommend using PGP, just use digital certificates instead, it is far less hassle and much easier for your recipient especially non-nerds. I use Truecrypt to do my file encryption for portable devices, I've found that to work extremely well including whole disk encryption for laptops - I've not noticed a performance impact. I really like Keepass for storing usernames and passwords because there is a Java version you can run on Java enabled mobile phones and you can run a portable version on a USB stick.
So I dusted off PGP again, added some new email addresses to my existing PGP key (it had no expiry date) and uploaded it to the MIT PGP key server. But AFTER you upload keys to the MIT server now they advise you that the PGP register is being harvested for email addresses for spam. That was really bloody annoying because even after you revoke your key you can't get your old key and email addresses removed from the MIT register and mirrors. They are there forever ready to be harvested. Not warning people before they upload keys is utterly stupid. I would have never uploaded a new copy of my key with the new email addresses if I had known. Thanks MIT guys. Unfortunately I also revoked my 1998 key before I knew that this wouldn't remove it from the key server. Grrrr.
I then tried out some newer PGP software than I used to use, because when I last used it I was using Windows 98. I first tried PGP 6.5.8CKT. Some people don't like this version, but it is the last free version of PGP that still supports disk encryption under Windows XP and has an Outlook Express plugin. It imported my old PGP keys ok, but was unable to generate any new keys generating a "invalid parameter" message regardless of what input or key length I specified. Googling that error didn't help. Nor did removing all invalid keys or reinstalling. Argghh.
I then tried out GNUPGP loading up Gpg4win, only to have a simular problem with an very uninformative "General Error: This is probably a bug in GPA" when creating any new keys. Again Googling didn't help that is a generic error. I also wasn't impressed with the frequency the application was calling out to the internet.
The latest commercial version of PGP version 10 came out this month but costs $287 USD.
I tried an earlier build of PGP 6.5.8 CKT and was finally able to generate a new PGP key.
The whole PGP experience has been a pain . Plus I can only use it with guys who would have PGP installed, and I only know two that do. I really don't recommend using PGP, just use digital certificates instead, it is far less hassle and much easier for your recipient especially non-nerds. I use Truecrypt to do my file encryption for portable devices, I've found that to work extremely well including whole disk encryption for laptops - I've not noticed a performance impact. I really like Keepass for storing usernames and passwords because there is a Java version you can run on Java enabled mobile phones and you can run a portable version on a USB stick.
Labels: Tech
posted by Thommo at
10:30 PM
0 Comments
