megid0nt

Hey gamers since everyone's talking about security & I fix computers for a living I wanna make a post about PGP encryption, why you should be using it for anything you want private, a bit about how it works, and hopefully a good starting place for using it to encrypt your own stuff.

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512


If you wanna learn more about secure private online correspondence that no government actually has the ability to limit, read on!


*To avoid tumblr's hatred of links, I will be reblogging this with a few links after posting that may be mentioned, but you can get through the whole thing without reading any of them if you wanna go back for them later.


Most people think of encryption as a lock and a key; you give someone the key at some point, and then later when you need something unlocked by only them and you you lock it with the key that they use to open it. That's fairly useful for things like WiFi where it isn't really the end of the world if you're a little careless, but for some correspondence it just isn't enough.


Along comes PGP.


See, most encryption is of a type called Symmetric encryption, where one key is shared by the sender and recipient to both encrypt and decrypt data, but PGP works completely differently using something called Asymmetric Public Key encryption.


Asymmetric Public Key encryption is a system in which rather than having one key for every lock, every user has two keys for them: a private one that they never give to anyone else, and a public one that they give to as many other people as they can. Any time they want to lock up a message for someone, they create a new lock that is locked with the recipient's public key.


Through some dark, arcane magic involving prime numbers and algebra that I invite the reader to pursue on their own if they really want to know how it works [1], this process generates a lock that, while locked with these two keys, can crucially only be unlocked using the receiver's private key!


This obviously has a few uses. Number one, you can encrypt a message to someone very easily in such a way that there is no way anyone else (even you or someone who steals your computer) can ever open again, and due to how complicated these private keys are there's next to no chance of a brute force decryption.


Number two, you can sign messages to other users to prove that you are actually the originator of the message, in such a way that it's nigh impossible to fake without actually getting ahold of a user's private key. This can be used to verify nobody is impersonating you in an online space or to verify a message, even unencrypted, is coming from who you need it to come from.


There's always the issue of trust, of course. How do you know you're actually getting the public key of who you need to send things to? Well, for that there is the trust system.


There exist large-scale databases of public keys [2] that can be browsed, fetched, queried, and submitted to that work to help you trust that you are talking to who you need to, and furthermore if you trust a public key you can generate what is effectively a document that says "I trust you are you" with your private key and submit it to one of these databases.


Alternatively, you can always trust a trusted friend of a trusted friend of a trusted colleague of a trusted blah blah blah and so the web of trust is constructed.


Finally, there are a few more minor things I want to add.


- This technology has been the standard for 30 years because of how reliable it is


- This technology's source code has been available for 30 years now, so there's not really any way any government could effectively ban it


- I won't be going through how to set it up and do it yourself right here because there are as many implementations for as many levels of computer prowess as there are stars in the sky, however take [3] a look [4] at some [5] of these [6] and see what you like!


Thanks!

- --Ava Megidon't [7]

-----BEGIN PGP SIGNATURE-----


iQGzBAEBCgAdFiEEDLrKPuKtkqm7p4PCDhA1bEQbwaEFAmDo5EUACgkQDhA1bEQb

waHGrQv6AmTbhJNeYZP72mAFbPxOoEiySKNOv7wacQ8dDkZNo3ZSrOV1NB5cfdjP

L6hMi9WUaM5ujQctCfdBc3f9Bl0b4DCzYO6J22mrHSfeqzfWEULXbnhXFTDN+J/T

kSo1uDORTZhF2bT6R2PLBYyUUDBLFySzGJnTc7J5QLGkwk7gOzyC/Kp+hGm6j+2S

qqLElvjfFgKAkKY2Gt2P2gw/Pzfb630nkI0hPdR3qWrb9bD4NulgVyYR5RD16/30

ue2XRuiHsO1V+O83DX2tnpyIO0x/V54o1jwvw8xPDNuXNsw2+ilU6qgqV8piGHp4

yeelKmuvjTKkOh9BClKfV47FslwGXlsz4Zt9nFi2idfxuorS5WoaQokXF167M7oQ

m6P/OXH94e9muvNNuqEYC8r/AxVspPGr5XAb/ojSIboGduOetXdoGmykxPgqBKO5

KNYwDSQmX+0yL5257VbIFNkq0WgOhsD/Fof8/NtHdiJaerZPM/VVaE/SCB9szADk

ZO5f3oOD

=hMRL

-----END PGP SIGNATURE-----

megid0nt

[1] https://hackernoon.com/public-key-cryptography-simply-explained-e932e3093046 - very good low level explanation of how the cryptography works

[2] https://pgp.mit.edu/ - Major trust db

[3] https://gnupg.org/ - The standard Linux command line PGP utility; it's what I use

[4] https://www.openpgp.org/ - Another PGP software

[5] https://gpgtools.org/ - A good GUI for mac that a few of my friends use

[6] https://www.pgpeverywhere.com/ - a PGP app for iphone

[7] http://megidont.us/assets/ava.gpg - my public key

[8] http://paypal.me/megidont - :3

Source: megid0nt
ref