> ChrisAcheson.net_

Posts Tagged ‘pgp’

PGP: Migrating Away from SHA-1

Saturday, May 9th, 2009

The SHA-1 hash that PGP and GnuPG use by default is now looking even
less secure than previously thought. It’s recommended that users begin
using SHA-2, and generate new keys to replace their 1024-bit DSA keys
which are dependent on SHA-1:


If you understand the instructions in the link above, you should
probably follow them soon. If you don’t understand them, don’t worry
too much, as your keys and signatures are still mostly safe for now,
they’re just not future-proof. You’ll probably want to wait until new
versions of your software are released with updated default settings,
and then generate new keys.

I’ve generated a new key for myself, which I’ve signed with the old key
and will be using from now on.

Firefox Portable + GnuPG + FireGPG = CryptoFox

Tuesday, May 5th, 2009

I’ve been talking about this for a while, but I finally got around to doing it.  I’ve put together a software package consisting of Firefox Portable, GNU Privacy Guard, and FireGPG.  I’m calling it “CryptoFox”.  You can download it here.

The idea behind this is to lower the barrier to entry for using PGP encryption.  If you want to communicate privately with someone, instead of having to guide them through the install process for 3 different components, you can just have them download CryptoFox and run it.  No installation is required.

It’s also a little tricky to set FireGPG and GnuPG up to function portably.  If you want to run them from a USB stick on any computer, I’ve already done the hard part for you.

Rochester OpenPGP Users Mailing List

Monday, April 20th, 2009

The keysigning party on Saturday went well.  We decided to create a mailing list to keep in touch and discuss ways to promote PGP use locally.  From the list’s description:

This group is for PGP/GnuPG users in Rochester, NY to:

1) Discuss ways of promoting the use of OpenPGP encryption
2) Arrange keysignings in order to expand the local web of trust
3) Get help with using PGP, GnuPG, and related programs

If you’re interested in joining, you can do so here.

PGP Keysigning Party at BarCampRochester4

Thursday, March 26th, 2009

I’m organizing a PGP keysigning party at this year’s BarCamp Rochester.  For those of you who are unfamiliar with PGP, it’s a system for sending encrypted messages.  More information can be found in this guide.  The purpose of a keysigning party is to integrate yourself into and expand PGP’s web of trust, which prevents participants from being tricked into addressing their messages to a clever eavesdropper rather than to their indended recipient.

BarCamp will take place on April 18th, on the third floor of the GCCIS building (#70) on RIT campus.  The keysigning party will happen at 2:00 PM.  If you’re interested in attending, you’ll need to do a little bit of preparation:

Before the Party

  1. Send me an email to let me know you’ll be there.  This isn’t absolutely necessary, but I’d like to get a rough estimate of how big the party will be.  You’re also encouraged (though not strictly required) to sign up for BarCamp and give some kind of presentation.
  2. If you don’t have one already, create a PGP keypair.
  3. Print out slips of paper with your key’s fingerprint, along with your name and the email address associated with the key.  You should be able to fit several of these onto a single sheet of paper (18 if you lay them out like so).  As of this writing I don’t know what the turnout will be like, but I’m guessing one sheet will be enough.
  4. Bring a pen and the slips of paper with you to the party.  Also bring identification, preferably two forms, at least one of which is a photo ID and one of which is government-issued.  Driver’s license, passport, etc.  Don’t bring a computer (or if you do, leave it powered off), you won’t need it.