Personal privacy and security are important. This talk covers what PGP encryption is and how you can use it as a developer. This deck is designed to be used as a lightning talk.
PGP Encryption andKey Signing
View Slide
PGP stands for PrettyGood Privacy. It is atrademarked program forencryption anddecryption.
OpenPGP is the standardfor PGP encryption. PGPand other programscomply with thisstandard.
Gnu Privacy Guard is anopen source implementationof OpenPGP. It is abbreviatedas GPG.
What are youtrying to hide?nothing.
Aspects of SecurityPrivacy Integrity Authenticity
Nobody except the intendedrecipient can read thecontents of the message.Privacy
The message that isdelivered is the exactmessage that was sent.integrity
The sender and receiver canbe sure of the other’sidentity.authenticity
PGP security featuresEncrypt/Decrypt messagesSign and verify messagesValidate and sign keys
encryption basicsSymmetric Asymmetric
Both parties use the samesecret to encrypt anddecrypt the message.Symmetric
One half of a key pair isused for encrypting and thecorresponding other half fordecryption.Asymmetric
SymmetricFastNot resource intensiveUseful for messages of various sizesRequires sharing the secret password
SymmetricDoes not requiring sharing the wholekeyCan be used for both encryption andsigningVery resource intensiveUseful on only small messages
PGP EncryptionSymmetric Asymmetric+
PGP encryption usessymmetric encryption toencrypt the data using agenerated secret key.
It uses asymmetricencryption to encrypt thegenerated secret key usingthe recipient’s public key.
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
Use CasesEmail EncryptionDocument SigningCommit SigningPassword SharingFile Encryption
Email Encryption
Git Commit Signing
Shared Password Encryption
Next StepsGenerate a key pair if you do not have one or haveforgotten the passphrase.!Distribute your public key. Consider sending it to apublic key server.!Verify keys with people here. Sign and distribute thesekeys.!Use your key.
Resourceshttp://carouth.com/blog/2014/05/04/keysigning-at-php-tek-2014/http://www.phildev.net/pgp/gpgkeygen.htmlhttps://alexcabal.com/creating-the-perfect-gpg-keypair/http://carouth.com/blog/2014/05/25/signing-pgp-keys/http://openpgp.quelltextlich.at/slip.html