GnuPG and Beer

October 04, 2005

These two topics, GnuPG and beer, may, at first glance, appear to be entirely unrelated. However, once you become acquainted with the purpose of a keyring party, you will realize that they have everything to do with one another.

Last week, I got together with one of the Debian Java packager maintainers and all around open source advocate, Barry Hawkins, at my favorite watering hole. We had such an awesome time that we almost stayed long enough close down the place. So what does all this have to do with GnuPG?

Ah, glad you asked, because I almost got off topic. But hold on. You first need to know just a smidgen about PGP before I tell you. Hate SPAM? Of course you do. Well, there has been a solution for oh...about 15 years! It's called Pretty Good Privacy, or PGP for short. PGP is essentially a way for two people to exchange documents or text (including email) that are either signed or encoded in such a way that they cannot be forged or even opened by anyone else. Each person generates his or her own secret key and then publishes a public key that can be used to verify the contents of the message. So in order to trust a public key, you must have beer? No, of course not! But, you should, at least, meet in person and trade signatures so that you can later crosscheck it against the public key of the other person. Once that is done, the key is considered "trusted" and you can send and receive messages with confidence (and start junking the rest).

If the US government had any sense, it would have used all that money accumulated for the CAN-SPAM initiative and advocated GnuPG. GnuPG is the open source implementation of the PGP idea. I, myself, have been intending on getting my keys setup for nearly 2 years now, but I have procrastinated in the worst way. I am proud to say this is no longer the case. If you are still one of the ones holding out, you have no more excuses! The Enigmail plugin for Thunderbird makes setting up and sharing GnuPG keys and absolute cinch! In fact, I almost feel like it is too easy.

When you are deciding what to get people for the next holiday season, give them your public PGP key, your trust, and perhaps buy them a beer.

Posted at 09:44 PM in Open Source, Technology | Permalink Icon Permalink

1 Comment from the Peanut Gallery

1 | Posted by Jason on October 05, 2005 at 12:58 PM EST

Thanks for illuminating what all the hype over PGP is -- I had neglected looking into it for a while. However, I wonder if it wouldn't be better to advocated S/MIME since it's supported by a large number of mail apps, including thunderbird. I'm interested in it because there's a firefox extension that enables it to work in gmail. What do you think?