Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PGP Encryption and Signing

Jeff Carouth
October 29, 2014
Technology
0
96

PGP Encryption and Signing

Personal privacy and security are important. This talk covers what PGP encryption is and how you can use it as a developer. This deck is designed to be used as a lightning talk.

Jeff Carouth

October 29, 2014
Tweet

More Decks by Jeff Carouth

See All by Jeff Carouth
Anti-Patterns Found in Your Object-Oriented Codebase
jcarouth
0
630
Fundamental OOP in PHP
jcarouth
7
410
Conference Speaking 101 & 102
jcarouth
0
90
A Gentle Walk Towards SOA
jcarouth
1
160
Hours Long Deployment to CD
jcarouth
0
300
Dependency Injection, Dependency Inversion, and You
jcarouth
5
970
Git and Github: Working Effectively on a Team at php[tek] 2014
jcarouth
0
730
JavaScript's Difficult Concepts – php[tek] 2014
jcarouth
2
550
Guiding Object-Oriented Design with Tests
jcarouth
5
1.1k

Other Decks in Technology

See All in Technology
Ops-JAWS_Organizations小ネタ3選.pdf
chunkof
2
180
3月のAWSアップデートを5分間でざっくりと!
kubomasataka
0
130
Road to Go Gem #rubykaigi
sue445
0
890
30代からでも遅くない! 内製開発の世界に飛び込み、最前線で戦うLLMアプリ開発エンジニアになろう
minorun365
PRO
12
3.9k
Cursor AgentによるパーソナルAIアシスタント育成入門―業務のプロンプト化・MCPの活用
os1ma
14
4.9k
PagerDuty×ポストモーテムで築く障害対応文化/Building a culture of incident response with PagerDuty and postmortems
aeonpeople
2
340
「経験の点」の位置を意識したキャリア形成 / Career development with an awareness of the “point of experience” position
pauli
4
100
日経電子版 for Android の技術的課題と取り組み(令和最新版)/android-20250423
nikkei_engineer_recruiting
0
420
C++26アップデート 2025-03
faithandbrave
0
820
PicoRabbit: a Tiny Presentation Device Powered by Ruby
harukasan
PRO
2
240
AWS Control Towerを 数年運用してきての気づきとこれから/aws-controltower-ops-tips
tadayukinakamura
0
170
Bazel for Ruby (RubyKaigi 2025)
p0deje
0
100

Featured

See All Featured
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
41
2.2k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
135
33k
Bash Introduction
62gerente
611
210k
Typedesign – Prime Four
hannesfritz
41
2.6k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
19
1.1k
Optimising Largest Contentful Paint
csswizardry
36
3.2k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Facilitating Awesome Meetings
lara
54
6.3k
Navigating Team Friction
lara
184
15k
Stop Working from a Prison Cell
hatefulcrawdad
268
20k
Become a Pro
speakerdeck
PRO
27
5.3k
Making the Leap to Tech Lead
cromwellryan
133
9.2k

Transcript

  1. PGP Encryption and Key Signing

  2. PGP stands for Pretty Good Privacy. It is a trademarked

    program for encryption and decryption.

  3. OpenPGP is the standard for PGP encryption. PGP and other

    programs comply with this standard.

  4. Gnu Privacy Guard is an open source implementation of OpenPGP.

    It is abbreviated as GPG.

  5. What are you trying to hide? nothing.

  6. Aspects of Security Privacy Integrity Authenticity

  7. Nobody except the intended recipient can read the contents of

    the message. Privacy

  8. The message that is delivered is the exact message that

    was sent. integrity

  9. The sender and receiver can be sure of the other’s

    identity. authenticity

  10. PGP security features Encrypt/Decrypt messages Sign and verify messages Validate

    and sign keys

  11. encryption basics Symmetric Asymmetric

  12. Both parties use the same secret to encrypt and decrypt

    the message. Symmetric

  13. One half of a key pair is used for encrypting

    and the corresponding other half for decryption. Asymmetric

  14. Symmetric Fast Not resource intensive Useful for messages of various

    sizes Requires sharing the secret password

  15. Symmetric Does not requiring sharing the whole key Can be

    used for both encryption and signing Very resource intensive Useful on only small messages

  16. PGP Encryption Symmetric Asymmetric +

  17. PGP encryption uses symmetric encryption to encrypt the data using

    a generated secret key.

  18. It uses asymmetric encryption to encrypt the generated secret key

    using the recipient’s public key.

  19. http://en.wikipedia.org/wiki/Pretty_Good_Privacy

  20. Use Cases Email Encryption Document Signing Commit Signing Password Sharing

    File Encryption

  21. Email Encryption

  22. Git Commit Signing

  23. Shared Password Encryption

  24. Next Steps Generate a key pair if you do not

    have one or have forgotten the passphrase. ! Distribute your public key. Consider sending it to a public key server. ! Verify keys with people here. Sign and distribute these keys. ! Use your key.
  25. None

  26. Resources http://carouth.com/blog/2014/05/04/keysigning-at-php-tek-2014/ http://www.phildev.net/pgp/gpgkeygen.html https://alexcabal.com/creating-the-perfect-gpg-keypair/ http://carouth.com/blog/2014/05/25/signing-pgp-keys/ http://openpgp.quelltextlich.at/slip.html