Encryption and Data Security

In my experience, survival minded folks tend to be of a secretive nature. There are many possible reasons for this: a distrust of people in general, an introverted personality, personal security, or the simple belief that folks don’t need to know things that aren’t their business.

As a “technology professional”, for me this secretive nature quickly translates into security of my electronic data and communications. I’ve got two freely available tools that I’d like to share with you – Pretty Good Privacy (PGP), and TrueCrypt. The first is an excellent tool for encrypted communications via e-mail – I’ve been using it since 1995. The latter is a relatively new tool to encrypt and decrypt files on your computer, transparently and real time.

PGP works on the concept of public-key cryptography (PKC). Wikipedia has a decent write-up, so I won’t go into extensive detail here. Simply put, PKC encryption uses two keys: a private (secret) one held securely by you, and a public one broadcast far and wide. The two keys are mathematically related, but the private can not be determined from the public. You use someone else’s public key to encrypt a message; only they can decode it by using their own private key. The encrypted message can be sent in the body of an e-mail, but looks like an arbitrary block of characters. Additionally, PGP can be used as a secure digital signature, by signing the message one’s private key, and verifying with the public. It sounds a little complicated, but the software makes it easy, walking you through the steps of creating a key pair, and reducing encrypting & signing to a couple quick mouse clicks. You can download the software from the link in the second paragraph. While it says that it is trialware, at the end of the 30 day trial period, some functionality is shut off, but the basic encrypt/decrypt remains available for use at no charge.

The second piece of software is TrueCrypt. This software lets you set up an encrypted vault in which to keep sensitive files. It handles all of the encryption and decryption on the fly. That is, the software decrypts the file you want when you open it, and encrypts it again when you’re done. All you need to do is enter your passphrase once to open the vault. Once you’ve done that, it looks just like another physical disk on your computer. I’ve been using it for about a year with only one problem. (The software allows you to use a file as part of your password – if the keyfile changes, you can get locked out of your vault.) I even run applications from my TrueCrypt drive with no significant performance hit. (Probably not the case for intense apps, like games.) Again, you can download from the earlier link – it’s a pretty simple setup.

So, with no further ado, I present to you my PGP Public Key, should you decide to experiment with encrypted communications, or want to talk with me without the prying eyes that abound on the internet.

Edit: I tried signing (but not encrypting) this message with PGP, so you could see how it’s done. However the blog formatting seems to corrupt the signature, so I’m forgoing this for now. Of course, I’m happy to trade PGP e-mail with anyone so inclined.

This entry was posted in Tutorials. Bookmark the permalink.