Category Archives: Linux

Ubiquitous Encryption with GPG

Because its easy, and because it provides so many benefits, i now try to use encryption everywhere. GPG is my tool of choice; i actually don’t even know what other options there are. Here are some things I have found to be useful:

  • Password management.  I use the pass application for this.  After installing gpg, i just do a “pass init <keyid>” and from there i am good to go.  I use qtpass as a graphical frontend.  The way this works is as follows: you add a password “pass insert blah”, which then asks you for the password to store.  Later you can ask for the password by typing “pass blah”. Storing passwords sure is a good idea, but even better is to just have pass generate good ones for you.  To do this i type “pass generate foobar 12” and a 12-char password is generated and stored.  Now i can have unique passwords for all my websites, and pass will remember them.  The one thing that weired me out is that after unlocking any password i could get at any others without entering my passphrase.  This worried me a bit because it looked like you only had to unlock things once and then they remained unlocked.  Turns out it was because gpg-agent is running and caching passwords for up to 10 min (default).  I figure its ok to leave things open for 10 min, in fact it would essentially mean if youre checking a lot of websites and you dont remember their passwords, you dont have to keep typing your passphrase over and over.
  • GPG also has great integration into mac os x.  I use this for mail and file encryption.  For mail, it lets me sign all my emails, regardless of where they go.  If the recipients are also using encryption, i can encrypt the messages.  When i receive an encrypted email i can decrypt it, etc.  Its literally 1-button email encryption for free.  Not bad!

As for my philosophy: “why encrypt?” I think the burden is more on people to answer: “why not encrypt?”  It takes almost no effort, and the benefit is that emails sent directly to you are no longer viewable by anyone else along their way.