With my current OpenPGP key set to expire in the middle of December I’ve decided to extend its life by changing the expiry date for the primary signing key 0xFEEEFA8F and adding a new encryption subkey that can be used when the existing one expires. The new expiry date for the main signing key as well as the new encryption subkey is 2 years from today. Before getting into the actual notice allow me to capture exactly what I did:
Recently there have been two very good, and opposing, articles written on the state of Pretty Good Privacy (PGP) and whether or not it is worth using in 2016/2017 and beyond. You can find the original article, I’m throwing in the towel on PGP, and I work in security, at Ars Technica here but I’ve reproduced it below in case the link stops working at some point. You can also find the follow up piece, Why I’m not giving up on PGP, also at Ars Technica here and again I’ve reproduced it below just in case.
If you are worried about your hard drive one day crashing and you losing access to your OpenPGP key (and thus the contents of your encrypted e-mails) then you should have been using a backup! That said an extra archival method of storing your key completely offline would be to use a program called paperkey to export the contents of your OpenPGP key to an easily printed file that you can then re-type into your PC if necessary.
As advances in cryptography and technology move forward there is a chance that your once secure system may suddenly be relying on outdated (and perhaps now broken) algorithms or implementations. Some good examples of this in recent memory are the breaking of the MD5 hash algorithm and the constant problems plaguing the RC4 encryption cipher. When it comes to PGP it is well known that short keys, keys generated without good entropy to pull from or keys using outdated implementations and algorithms can be far less secure than you would hope they would be.
If you’ve had issues trying to get Thunderbird to send your PGP signed e-mail using anything other than SHA-1 there is a quick and easy fix that will let you pick whichever hash you prefer. Open up Thunderbird’s preferences On the Advanced Tab, under General click Config Editor… In the about:config window search for “extensions.enigmail.mimeHashAlgorithm” without quotes. Double click on this and enter a value.
Below you will find my OpenPGP Key Transition notice signaling my intention to migrate from my current key (0x1CD3E3D8) to my new one (0xFEEEFA8F). Note that it is very likely that the software used on this website will render the notice in such a way as to invalidate the signature below. Instead please see the plain text version here to do proper validation against or check out my About Me page for full details.
I’ve been meaning to write a quick post on PGP/OpenPGP related settings that you can use to increase your overall security even more. Simple things like changing your preferred cipher and digest algorithms. In fact I even started writing just such a post about a year and a half ago but never got around to finishing it. Luckily I was recently linked to the following website that deals with essentially everything I was going to write about anyway.
I logged onto my desktop the other day, for the first time in a couple of weeks – I’ve been away travelling, and was surprised to notice that my PGP key was set to expire. Long story short I have generated a brand new key. OpenPGP Key Name: Tyler Burton Key ID: 0x1CD3E3D8 Key Fingerprint: 96ED 6B13 10B1 69C1 8299 693C 2921 6D80 1CD3 E3D8 Keyserver: pgp.mit.edu Key Algorithm: RSA
Public key cryptography is one of the most essential pieces to online security. It is at the root of what enables you to shop online, do secure online banking, and communicate securely. I will be focusing on the latter in this tip. But first a quick and simple refresher on what public key cryptography is and how it works. How public key cryptography works Or rather how you use it. Cryptography allows you can lock any data or information inside of a digital safe.