OpenPGP Encryption using GPG

by Rob Locher

I have a libertarian streak politically, and I believe that people who aren't in prison have the right to communicate without their government listening in.  (Or someone else's government.  To people in other countries who aren't plotting terrorism, I'm sorry that the US government has been spying on you.  I strongly disapprove.)  In this era of electronic communication, the only way to guarantee this right for myself is to use encryption.  Unfortunately the US government has, on several occasions, attempted to dilute encryption used by ordinary US citizens, by such techniques as attempting to pass laws requiring that encryption keys be kept in escrow, or weakening the encryption itself with a compromised pseudo-random number generator.  The Snowden revelations have shown how much appetite the US government has for spying on its own citizens.

Fortunately there is a strong tool, which is completely legal, that the government apparently hasn't found a way to crack: an internet standard known as OpenPGP, defined by RFC 4880.  There are two commonly- available programs that implement OpenPGP: PGP by Symantec, which costs money, and GPG, which is free.  The community has rallied around GPG, and there are several programs and tools that support it and make it easier to use, such as Enigmail, an add-on for Thunderbird that lets people easily send encrypted email.

One of the things that I'm good at is learning a complicated technology and then explaining it to ordinary people.  I figure out some exciting new technology, taking notes as I go, and then when I'm finished I look around and see all the ordinary people that should benefit from the new technology, but aren't because it hasn't been explained very well.  Then for some reason I don't understand I decide to help.  I go over my notes and improve them until I have an article or a white paper, which I publish here.  In particular I try to fill the gap between the official documentation and actual daily practice, pointing out the tricky parts.

So when I started learning GPG, I thought oh no, here I go again, another complicated subject I'll feel compelled to break down and explain.  But for once someone saved me the trouble:

Alan Eliasen's GPG Tutorial

Alan is way far ahead of me in understanding the ramifications of public-key encryption and GPG, and I've learned several new things from his page.

I encourage everyone to routinely encrypt their email with the OpenPGP standard, because if we don't use our rights, then government will take them away.  You can send encrypted email to me of course; my public key is below.  I've also published the key to a keyserver.  Alan points out that it's trivial to publish a bogus public key to a keyserver, and I'll add that it's not so difficult to hack a web site either; if you want to know for certain whether the email came from me or not, then you'll want me to validate my fingerprint to you over the phone or in person.

I'd like to add one comment.  Alan's page lists all sorts of caveats and warnings and things to be aware of when using OpenPGP.  Most of those brow-furrowing details are for people who are trying to use OpenPGP to protect valuable secrets.  If you just want to be a libertarian and metaphorically stick a thumb into the authoritarians' eye, then OpenPGP will prevent your email from being routinely scanned by your "free" webmail provider for advertising purposes, or by a government exceeding its authority.  So please use OpenPGP routinely, and don't fret too much about the finer points, at least at first.  But do be aware that simply using OpenPGP doesn't by itself make your secrets secure, because there are so many other ways to steal your secrets.  For instance, if you paid for a purchase at Target with a credit card during a certain period of time in 2013, then your credit card data was stolen, even if you kept your credit card number in a GPG-encrypted file.  OpenPGP is an excellent tool, but to achieve real security for valuable secrets requires a comprehensive strategy.  On the other hand, OpenPGP is great for thwarting routine eavesdropping, even when used casually.

OpenPGP Public Key for Rob Locher

Below is the public key for Rob Locher <>.

Version: GnuPG v1.4.14 (GNU/Linux)


Valid HTML 4.01 Transitional   Valid CSS!