Skip to content

Instantly share code, notes, and snippets.

@jb55

jb55/email.md

Last active August 29, 2015 13:58
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jb55/10424396 to your computer and use it in GitHub Desktop.
Save jb55/10424396 to your computer and use it in GitHub Desktop.
Download ZIP
Encrypting your shit guide, a series of tutorials I'm putting together for coworkers
Raw
email.md

PGP

Everyone here really needs to know about this.

If you were wondering what the pgp thing in my signature is, it's a part of my pgp public key fingerprint. You can use it to retrieve my pgp public key from keyservers. For example,

$ gpg --recv-keys 0x415AF4A3

on the terminal will import my public key. Once you have it you can start sending me encrypted email.

PGP is really handy for sending important data to people you know over email, For example:

  • Passwords
  • Bitcoin addresses or private keys
  • Sensitive agreements or negotiations

It's also useful for:

  • Confirming that a message comes from the person they say it is (that's what the signature.asc is attached to my emails)
  • Signing documents
  • Signing software
  • Signing hashes of things

This is important because we now know NSA collects all of the information worldwide in bulk and is now sitting plaintext in a database somewhere in the USA. They tap into internet backbones to do this. It also means if some competitor happens to know some NSA contractor you might as well be tweeting your emails to the world. Email is not secure.

Lastpass uses the same mechanism behind the scenes when transferring passwords.

Edward Snowden uses this message to talk to journalists. It works.

Setting up PGP (OSX)

  1. Goto https://gpgtools.org/
  2. Download GPG suite
  3. Open terminal and type gpg --recv-keys 0x415AF4A3 to get my public key
  4. You can now send encrypted email to me in Mail.app. Awesome.
  5. If you don't use mail.app you are doing it wrong.
  6. Open GPG keychain access and click new to generate a new key for yourself. Make sure to click upload key so it's easy to gpg --recv-keys your short id.

Setting up PGP (Windows)

Fuck if I know probably something like this http://www.gpg4win.org/

Your system is probably already backdoored by the NSA anyways though have fun.

Q: GPG, PGP, which is it?

A: Yes

You're welcome

Raw
files.md

Encrypting files

Putting stuff on Dropbox is about the same as mailing your harddrive directly to the NSA. This is a guide to protect sensitive documents/files.

This is a follow up to my previous email about encrypting your emails. The programs I described in my previous email can also be used to easily encrypt and decrypt files when emailing or sharing on dropbox. It's pretty straightforward:

Once gpgtools is installed (see email.md to see how to get up and running), you can encrypt a file right from the Services menu:

Click "encrypt file" and then you will be presented with a list of people you can encrypt to:

If you have noone in this list you have to get their PGP key. You can get mine by typing "gpg --recv-keys 0x6d3e2004415af4a3" on the command line or by opening "GPG Keychain Access" and opening "Retrieve from Keyserver" or "Search for key". You will be able to find me and Ari as we're both on distributed keyservers.

Once the file is encrypted it will generate a "filename.txt.gpg" file which is an encrypted file that only you and the recipients can open. If they have gpgtools installed they can simply double click it to open it. Make sure its not opened in the dropbox folder itself or it will get automatically synced to dropbox, defeating the whole point of this.

Just a heads up, let me know if anyone has any questions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment