Over the past few days in the UK there has been a renewed sense of urgency within government to address & ban/circumvent end to end encryption in communications apps. On Wednesday of last week in the UK an attack was launched on Westminster. During the subsequent investigation it has come to light that the attacker used the WhatsApp messaging app to message a friend or accomplice minutes before the attack. The government’s response to this, perhaps with the best of intentions, is to outlaw or circumvent encryption for the purposes of law enforcement. The reasoning, to stop criminals using platforms to co-ordinate is commendable, however it is totally unworkable. encryption’s raison d’etre is to make interception by a third-party as difficult as possible, if not impossible.
As part of my cybersecurity posts I’ve decided to write briefly about PGP (Pretty Good Privacy) encryption of email. We will use GPG which stands for GNU Privacy Guard and is a compatible free software equivalent of Symantec’s proprietary encryption algorithm. Both PGP and GPG are interchangeable so you can use either protocol. These keys use a high level of encryption. I Use RSA 4096 for my keys which is possibly a little overkill, but I like to future proof when learning.
GPG is important for emails as it means that an email remains encrypted between the sender & the receiver. It works on the principle of key pairs. Each user generates a pair of keys, one private key remains secret and on the user’s computer, the other, known as a public key is free to distribute on the internet and allows you to pass it on to those you wish to communicate with.
I’ve been planning on writing a series of posts on cybersecurity for a while now. I’ve been interested in computer security for decades & have always tried to secure my machines, data & online profiles. In the modern computing landscape, many aspects of basic cybersecurity have been lost. When I started out online, perhaps in the early 90’s, there was a strong culture of using online handles as opposed to your own personal details. We had an awareness that the internet was a public sphere which is universally accessible.
For a long time I’ve been meaning to sort out SSL certificates for my domains & secure traffic to them. Last year HTTPS became a google ranking factor & since then site wide HTTPS adoption has been on the increase. The problem with HTTPS is that up until recently it required buying an SSL certificate from a vendor & installing it on your hosting.