I can make those bold statements because I know about PGP. And, in just a few minutes, you will too. This is installment number three in the "Keeping Secrets" article series. Here are links for Part One and Part Two. If you've been following along, you already know a little bit about the background of encryption (Cesar's cipher and the Ovaltine secret decoder ring), "old school" cryptography (the airport courier with cuffed briefcase containing symmetric lock/unlock codes or codebooks), and lastly, the idea behind public key cryptography (PKC). As a quick reminder, PKC involves matched sets of keys: a private key that you keep very, very secret, and a public key that the world can see. You use your private key to lock (encrypt) and unlock (decrypt) secret messages. But you show your public key to everyone. They can use it to prepare a message only you can read. That's the beauty of PKC: no need to ever exchange "secret" codes with anyone.

More Than Pretty Good
PGP stands for "Pretty Good Privacy," but it's more than pretty good. It's actually the very best non-military crypto available. Like many very good things, PGP was invented by a single idealistic individual, Phil Zimmerman, who felt that encryption shouldn't be the exclusive province of government agencies and military organizations. Unfortunately for Phil, the U.S. Government didn't feel the same way, and accused him of illegally exporting encryption technology. He spent three years of his life defending himself in a costly prosecution, which was eventually dropped when it was shown that similar systems were already known outside of the United States. Of course, post 9/11, we're all concerned about terrorists using encrypted messages to communicate their evil plans. However… the cat's been out of the bag for quite some time now. For example, the technology of steganography has been around for decades. Steganography is the art and science of imbedding a secret message inside an innocent-appearing document, music file, or graphic image. The 9/11 terrorists apparently used this method of communication. However, that certainly shouldn't keep you from keeping legitimate and lawful secrets of your own.

The strategies I'm going to show you are perfectly legal. You as a citizen have every right to maintain the privacy of your documents and communications.

If I've made my case, and convinced you that it's time to get serious about securing your communications and private information, what's next? I'll give you the bad news first. You'll need to spend a little money. $83 dollars to be exact. That's how much it'll cost for a one-year single-user license of PGP Desktop Professional (after a 30-day free trial). PGP Desktop automates all the tough parts of dealing with this technology. It does a lot more, but here are the 3 main benefits from my perspective:

1. PGP Desktop helps you create your own super-secret private key and the matching public key. It then uploads that public key to a "keyserver" so other folks who want to communicate with you can find it (and you can find theirs as well).

2. It monitors your inbound and outbound emails, selectively encrypting and decrypting messages according to your specifications (i.e. only certain messages to certain people get encrypted, etc.).

3. Especially important for laptops, it provides for "Whole Disk Encryption." In a process which initially takes a few hours (but is afterwards immediate and invisible), your entire hard disk is thoroughly encrypted. To use the computer after that you MUST enter your passphrase on start-up, and it's business as usual. Without a passphrase, however, the computer does nothing. Absolutely nothing. Renders it quite useful as a door-stop... but not much else.

Baby Steps
At the very minimum, I recommend downloading PGP Desktop and using it to secure the contents of your disk. It's every easy to do and will give you great peace of mind. Later, you can explore the more advanced features of the software and start to exchange private messages. By the way, there are other ways of encrypting your disk. Windows XP Professional has the ability to do it on a file or folder basis. There are also public domain methods of securing your email at no cost. But for me at least, time is money. I'll spend a few dollars to have a simple, foolproof system that'll actually get used. That's why I recommend PGP, particularly if you have a laptop computer (which of course is far more likely to be lost/stolen than a desktop computer).

Training Wheels
However, if you are interested ONLY in sending and receiving secure emails with a limited number of people (under 20), there is an good, free alternative I can recommend. It's called PrivateMail from TrustTone Communications, Inc. As noted on their site, PrivateMail features "Grandma can use simplicity." It's the most straightforward application for Outlook or Hotmail users I've found.

PrivateMail adds a simple toolbar which gives you control over the security features of your email. There are 3 versions: Free, Pro, and Enterprise. Like PGP Desktop, PrivateMail also automates key generation and interchange.

How to Trade Secret Messages with Victor Urbach
Well, you'll need to know my public key (or how to find it). First, the hard way. Here's my public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Desktop 9.5.2 (Build 4075)

mQENBEWpWGsBCACva8dLDMucuXtgHW9v2kiEKRLMVOgdgdYnOnwCYSDyUP/y6R5+
CGhEiwdg0mhtvDAopF2v1Mh9WQbKSK5mSBUteKMhwdLoDxsAiNvBOahVTKSUaoIl
Mv/hCFAu0NbIwL2AXyXoEQZGZS3/KOa58+491OLLZgSxt+N995Xh0AiFPSVIfRC7
GVBM82XKp/IQOI7t8rsdmvk6jdNJzhspfW0i9klstyZI9Gmq0Ph4vsoS+J3eXANX
L0l1KS3vhvDDYElPBsOCldntLZ2CoDzJuGN9iO7Swsc4kuWYb3bjBlDjF6OSlgQ9
U+ko4mY4dEFRPFFzvYE5aZjJldKWn4/DxZc/ABEBAAG0IlZpY3RvciBVcmJhY2gg
PHZ1cmJhY2hAb3B0cmFuLmNvbT6JAYcEEAECAHEFAkWpWQ4wFIAAAAAAIAAHcHJl
ZmVycmVkLWVtYWlsLWVuY29kaW5nQHBncC5jb21wZ3BtaW1lBwsJCAcDAgoCGQEZ
GGxkYXA6Ly9rZXlzZXJ2ZXIucGdwLmNvbQUbAwAAAAMWAgEFHgEAAAAEFQgJCgAK
CRBUd60HRB7W63vsB/4729nNGChtsPl3qR2uKxXMFiylwbmjGNoUfEENssTO/DXZ
LVJ056tUhl/poJaNSni8yDYO9dKBsoxDAObauAIvXfQY84Jo+9NOsd0rpJeF+w7N
q9D7PeQ1vCnvG7dnUft220gjK03+XxlzJAqqf2YlCHy3URl18XTkL0UOBjOx8aHg
gi+3PaizfWqGTHCMjrtVBPtOtyLJT5bl1i/2RwXLfJs52HBYHlmx9/GHxdib2wh3
fJeXGem2gd8PWo83CImTW9Ask3w4/NQrmbzQgXCoio5fU1vqAqeDSz689dYeqI1P
bPKPYapTss8S8CLBD30oEJDSDW34kJMVDkvIkBqStCdWaWN0b3IgVXJiYWNoIDx2
aWN0b3JAdXJiYWNobGV0dGVyLmNvbT6JAYQEEAECAG4FAkWygNUwFIAAAAAAIAAH
cHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBncC5jb21wZ3BtaW1lBwsJCAcDAgoZ
GGxkYXA6Ly9rZXlzZXJ2ZXIucGdwLmNvbQUbAwAAAAMWAgEFHgEAAAAEFQgJCgAK
CRBUd60HRB7W6wPCB/9IqREnrneh4okOyk3Da+/AXjWKiMW2pg6YpONBeoNXeJ4G
zlBThjLIR4B3vfnVE3CGU7fqVpxXkfvwiPXlvky5DfjA5L6xx4S+1zs+k27P9aja
qofv7psaCZksrIi6SWyTWT4CrxIlV84E0Fgc8S2iqgXJNWVRZ+u45yW/+GgRtnrS
GY7qL1bTEwyZgka++kX5n7kTAo0ei95+EcXQ5A1fOaSzjCQDNk3/kmb60e4qUqZo
GfCLw1EdmjxaxvTtSuZbBBH208U2XmegBuEfiEpa6vKaXlRXw2Ivemx/WOKtvAEJ
ca5V3HUlhI/ko8M1ChrPFdhwERbBH/lbwhSr3bJnuQENBEWpWGwBCADJ1RienjrU
7tyi5xCeKBtxL/zw92eXQnT0v21mjYP9dwEvJ0S9IJWnpZTWoqQpaxB+T3E2YZUc
CWLpxQgw4vxLdFb+zFN/dgkMvGwqB7Nl6YJz0tRp5MCRnuRtbkCx4efZCvBfH3QQ
jvjcBFBei9DFCiWySoH2Hp/dw31mu58qTgTxOvF+eEw6YcPL4+yqiv9rGK3wmqzk
stQZjK+Urcw87A0oC3uY+4eQEihMjaQnpvod0d+RijgMVy7oa2yimmZTVaaUM9l0
x/NccvR0gWMJYQzGbnXdrlXJIPOQcwfMhckv38fElz1y4SqhVUUbA+GNbpkzvAuC
4jVcfC/XUSILABEBAAGJAkEEGAECASsFAkWpWG0FGwwAAADAXSAEGQEIAAYFAkWp
WGwACgkQ2nBO+76h4GatAwgAuGVHXzg8reLtSlTcf0G6vmVV46WN5ODHWBTlMq2Y
s154zNLC1aMC3sDcFcFwz6YiGVmmdgQdkCxbCTrG9m7rSr3YiX2cil2ICCPHFMBW
M/IW/1kgRvyXQ7Mqx2QnIbbewSZ+jxumU8mzi0ihYQvXdj7MZgNrK19/uVyTVxp3
4H9tbKM8vWLy/Fk+EjVD9+wq6RKIOzKpYGbdaEICx7AHglfY6KG+Yd+X6yKhIgh3
e5pTC+cm98NTGnAYrlpxMo5/soKUWsNdZKseDTE+65g3F/dyTmJR2Itga81VVCWT
bgg+pVGmnUzewLdr6+T2Glzg9i0MvpHbmlZ9HeiNGAYSNgAKCRBUd60HRB7W61G4
B/9pLKjjoqegTmaSv75DgRMjtCDCeRifio3NhJQff2mBcU90gWsU35qpHHx+mgbl
ieFTHmjL42GxLJxjhAoy3Cz4z09UMQ9NxiYXLn9Z42x8VyqRQj181qWrEEQ8bzhb
mDHzoC6N60vIXH/7QQmWDLat6od3eHICwvasCloLKZSJIK6Vl4h2N37QZbFpWk03
LTuN5G7gpSd8mf+arO938tchoM0e2gJAcmAIk0ZLU7zRtxfj5boBn5k9ZTZNlJKD
rrW2fFxx/Qx4eUtnS4RSH3M4Lg3L/pzvS6bff6dfSilKQjHrmi1K+EtpyJ5b+ZvZ
VIbpRfCF7NsCwjOera4xudpx
=iDXm
-----END PGP PUBLIC KEY BLOCK-----

You could just copy and paste that into your copy of PGP Desktop, but there's an easier way. Since I've also published it to the PGP Global Directory, a massive "Key Server" that functions like a global white pages for PGP keys, you can look me up (or find other folks you'd like to communicate with).

Don't let the ugliness of that key block up there deter you from getting started with PGP. I included it more to show you what a public key looks like than anything else. Believe me, the software deals with all the hard stuff. It automates key exchanges, the encryption/decryption, and all the other techie stuff. You just need a general idea of what to do, which I hope this article has provided.

There's more to the story though. Next month I'll show you how to make sure the document you just received as an email attachment is really from whom you think, and how to tell if anybody else has altered it. Stay tuned!

Return to Archive