So I gave up PGP forever. Then, as I was despairing of ever finding good, unencumbered encryption software, along came GnuPG.
Now, I don't quite trust my ability to use GnuPG -- not that I think the algorithms or code are weak (I have not studied enough to judge), but because GnuPG is as vulnerable as anything else to protocol attacks and the usual system security holes. Guarding against these weaknesses requires constant vigilance by the user, and I doubt that I give it the necessary level of care. Therefore, if it's important that your message to me be truly secret, please contact me before you send it, and we'll work something out. If we rely on GnuPG alone, we are probably getting security only from passive and/or unsophisticated attackers, nothing more.
One way you can verify my public key is to go dig up any random fact about me you can find on the Internet; then phone me and ask me about that fact. In the absence of a very dedicated impersonator, only I would be able to instantaneously answer unexpected questions about myself, so my identity would then be established to a high degree of certainty. Once that's done, we can voice-verify my public key "fingerprint".
Such a security check still wouldn't protect against a determined and well-funded imposter, but then again how can you even be sure it's you reading this?
Here's my public key:
Key ID: DB00A248 Fingerprint: B77E 8FB2 112F 9637 2E3E 3F08 BC9D BB13 DB00 A248 Key size: 1024 Key type: DSA Owner: Karl Franz Fogel (http://www.red-bean.com/kfogel) <kfogel@red-bean.com> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GNUPG v0.4.3 (GNU/Linux) Comment: For info finger gcrypt@ftp.guug.de mQGiBDZHXWwRBACOvfgYhwxYLM+618JDwsShCMc6KKfeAHNBnpwVfOvSWhYwULtU 1OjSdTU8+E6AgeQfhuCfBc2XDf+3nQHNt8Z4qKIS0XJU8qxmljRlRQLVZDpcdyzi xQ8UlpUnLhHYxNABhXxfJAWm8oHxObakLapuxDIuVgRbxy6b1B39UPiaEwCg6p59 8HdokYJZG0KVXq5gkYiGZvkD/Axzy/CPqZjI+WCINq+k+plqqxg/B/fOhi5bSZrg 5uJDL7C2wW6DQi+HvV2AZdrJ+tC62IH+96GHH8nUxNja0kbN33tNDIqNzNwwFgF2 PolDNkkWVqAgUNUXlLcO0HzvIYTWr50Qq1ZaanEZZ5xYp57+GdckQYZB01kvRraq 9KOaA/9kqlzViAZNd7cvNBGy5OF/nPubRYoDuxCIMQLdWR5f/3lbcH6SSlVu4+vX zXHEjMaZxIFzIIaP5PhI0iTh3y3Ghz/IkR2uFhCmTUYu2e4Jdw7bzo5eNXVZkkBQ VRZaM2o9JRG6/4dpNt3o3lROIAP2FZbZo8/QTep2pK5aqZYc2LRIS2FybCBGcmFu eiBGb2dlbCAoaHR0cDovL3d3dy5yZWQtYmVhbi5jb20vfmtmb2dlbCkgPGtmb2dl bEByZWQtYmVhbi5jb20+iFcEExECABcFAjZHXWwDCwQDBRUDAgYBAxYCAQIXgAAK CRC8nbsT2wCiSAIYAJ91aLBkHiYOst5pc1KlsJM2TvihcwCfUI36sJlF5vqzAc9/ vjkY8kRw+j65Ag0ENkdgVxAIAOwvTe+EtX9+PTxNt6WfHXl7KMefwfInQ9WzvhAD cBOBo3TFEbDaA1cwbeugyNxWhQV2Vi62nvJLiRkpls0ifnzYVqBxxrcz/Yfs4ckU yi9jIQVsDxnek6hmXAkQx8YpnecL7qSgJTIEtBDx9l/jxS9Kezsu9TAj/lUrBYSX Yryq4vWsTldpBRpqyXEzL5nLUYgkEbW7InnXPS6smFXli2JgR5XbJ8LdHaOmlgFo Fn2IrLov5LrCdUgxbgbuoT7EatyE83emfSqsnJXFW7SobebSswk6LAYp5qw2vuH/ FnCEO3OzYMtFAYhoN4VS4uj+BiTN9VlsgI98Ex5ntYzp03MAAwUIAJbeS61fxgIF 0DhPZkLL97rt9GAWC5GbTiKiluLwN61dZFb+9vjuvYc+EE0cAAcdWwfmHXJjyGzo 6b+XUWc/oyGkpBnwuHcuQq79JVq0VW9sjF4WPOvmGiidpYBWf6CHWHjhkK2YAwpP jBfX4/u25tMR5LACjWgU4oxpvOi+Gr+zGgbb+bVPUtRO7a5K0k769f0jchCouTPj YhIok58I020XOv7MCGv+P6x5KEKs7y6vsCjndffsXxO9DcsbGNmHDjlwH5p500eK N+qzEiHWSTF2GcqvMM823f6NSoHEm8A3i6Iqr2lKsvXvBqQ4xgOZh2seJIdjl4MK QPPQ1yH1H72IRgQYEQIABgUCNkdgVwAKCRC8nbsT2wCiSLBnAKCRi7S4nBLIBR0n ahMVmsFao2cZSACff+m1wsYFDNd2oaR9CUuJONG1iVY= =odDV -----END PGP PUBLIC KEY BLOCK-----
(Back to Karl Fogel's home page.)