WEBVTT 1 00:00:00.040 --> 00:00:03.480 All right, ready to dive deep into email security. We're 2 00:00:03.480 --> 00:00:07.519 talking open PGP, pgpg RPG, the whole shebang, and our 3 00:00:07.559 --> 00:00:09.400 guide for this deep. 4 00:00:09.160 --> 00:00:12.599 Dive PGP and GPG email for the Practical Paranoid by 5 00:00:12.640 --> 00:00:13.400 Michael Lucas. 6 00:00:13.480 --> 00:00:15.560 Exactly. It's like our decoder ring for. 7 00:00:15.800 --> 00:00:18.760 Well, for taking control of your own digital privacy, no 8 00:00:18.839 --> 00:00:20.920 more relying on those big tech companies. 9 00:00:21.039 --> 00:00:24.079 I like that. So let's kick things off with the basics. 10 00:00:24.120 --> 00:00:25.519 You know, cryptography one. 11 00:00:25.440 --> 00:00:28.120 O one, it's like the secret handshake of the Internet. 12 00:00:28.440 --> 00:00:29.800 Okay, I like that analogy. 13 00:00:29.920 --> 00:00:32.840 It's all about making sure that when you send a message, 14 00:00:33.439 --> 00:00:36.119 only the person you want to read it can read it. 15 00:00:36.039 --> 00:00:39.039 Like passing a note in class. Exactly. Okay, but how 16 00:00:39.039 --> 00:00:41.560 do you make sure that message stays intact? You know, 17 00:00:42.000 --> 00:00:43.479 no one's tampered with it along the way. 18 00:00:43.560 --> 00:00:46.079 That's where hashes come in. Imagine taking a snapshot of 19 00:00:46.079 --> 00:00:48.359 your message. Oh okay, and that's essentially what a hash 20 00:00:48.359 --> 00:00:51.799 function does. Even the tiniest change, like just one character, 21 00:00:52.479 --> 00:00:54.880 will create a completely different snapshot. 22 00:00:54.960 --> 00:00:56.840 So it's like a digital fingerprint basically. 23 00:00:57.039 --> 00:00:59.960 Yeah, it's like a digital fingerprint. And what's really cool 24 00:01:00.200 --> 00:01:03.640 is that open PGP goes Beyond just hiding the content 25 00:01:03.799 --> 00:01:07.040 of the message, this book highlights how it also deals 26 00:01:07.079 --> 00:01:10.359 with authentication, integrity, and even non repudiation. 27 00:01:10.680 --> 00:01:13.640 Hold on non repudiation. That sounds intense, it is. 28 00:01:13.719 --> 00:01:16.920 Think of it like signing a legal document, right. Once 29 00:01:16.959 --> 00:01:19.959 you've signed it, you can't just deny it later. Open 30 00:01:20.040 --> 00:01:24.319 PGP brings that same level of accountability to the digital world. 31 00:01:24.439 --> 00:01:26.920 So it's like a digital signature essentially, exactly. 32 00:01:27.359 --> 00:01:30.359 So now let's unpack the two main ways that cryptography 33 00:01:30.439 --> 00:01:34.079 scrambles those messages, symmetric and asymmetric encryption. 34 00:01:34.439 --> 00:01:37.799 Let's break it down. Symmetric encryption. That sounds pretty straightforward, right, 35 00:01:38.120 --> 00:01:40.040 like one key to rule them all, exactly. 36 00:01:40.079 --> 00:01:41.680 You got to think of it like your front door, right, 37 00:01:41.719 --> 00:01:44.680 you use the same key to lock it and unlock it, right, 38 00:01:44.760 --> 00:01:48.719 simple enough. But if that key falls into the wrong hands, yeah, 39 00:01:48.799 --> 00:01:51.920 not good, Not good at all. That's where asymmetric encryption 40 00:01:52.079 --> 00:01:55.239 comes in. It's all about having two keys. Yeah, you 41 00:01:55.319 --> 00:01:57.879 have a public key which you can share with anyone, 42 00:01:58.200 --> 00:02:00.799 and a private key, which you are with your life. 43 00:02:01.640 --> 00:02:04.719 Think of it like a mailbox. Okay, anyone can drop 44 00:02:04.719 --> 00:02:06.840 a letter in the slot, but only you have the 45 00:02:06.879 --> 00:02:09.680 key to open it and actually read those messages. 46 00:02:10.199 --> 00:02:14.400 I'm starting to see why OpenPGP uses this, But how 47 00:02:14.439 --> 00:02:17.039 does it know, like who sent a message? How do 48 00:02:17.080 --> 00:02:19.520 you prove it's really from you and not someone pretending 49 00:02:19.560 --> 00:02:19.919 to be you. 50 00:02:20.919 --> 00:02:24.080 That's where this idea of digital identity gets really interesting. 51 00:02:24.159 --> 00:02:27.800 It's like having a digital passport, right, but open PGP 52 00:02:28.039 --> 00:02:32.360 doesn't rely on a central authority like a passport agency. Instead, 53 00:02:32.439 --> 00:02:34.240 it uses what's called the web of trust. 54 00:02:34.400 --> 00:02:36.560 Okay, web of trust. It sounds kind of like, I 55 00:02:36.599 --> 00:02:39.039 don't know, a little bit, like a spy movie or something. Right, So, 56 00:02:39.120 --> 00:02:41.759 is everyone just blindly trusting strangers online? 57 00:02:41.960 --> 00:02:44.319 No, not exactly. Think of it more like vouching for 58 00:02:44.360 --> 00:02:47.039 a friend. Okay, you know them personally, so you're willing 59 00:02:47.039 --> 00:02:49.960 to stand up for their character. In the web of trust, 60 00:02:50.159 --> 00:02:53.080 people digitally sign each other's keys, so they sort of 61 00:02:53.120 --> 00:02:55.400 create this web of interconnected relationship. 62 00:02:55.439 --> 00:02:59.120 Okay. So it's like a decentralized network of recommendations exactly. 63 00:02:59.560 --> 00:03:02.280 And since if there's no single point of failure, it's 64 00:03:02.319 --> 00:03:05.599 incredibly resilient. You decide who to trust based on your 65 00:03:05.639 --> 00:03:06.800 own personal connections. 66 00:03:07.000 --> 00:03:10.240 Okay, I like that. So we've been talking about open 67 00:03:10.280 --> 00:03:15.080 PGP as this like overarching concept. But the book mentions 68 00:03:15.360 --> 00:03:19.400 both PGP and GNOPG. Are these just different names for 69 00:03:19.439 --> 00:03:19.960 the same thing. 70 00:03:20.039 --> 00:03:23.000 Well, they're both implementations of that open PGP standard. Think 71 00:03:23.039 --> 00:03:25.319 of it like two different brands of cars oh ok, 72 00:03:25.759 --> 00:03:29.800 built using the same blueprint. PGP is the proprietary you know, 73 00:03:29.840 --> 00:03:31.840 the polished version, maybe a little easier to use if 74 00:03:31.840 --> 00:03:35.080 you're just starting out. GNOPG is the open source option, 75 00:03:35.199 --> 00:03:37.400 giving you a little more control if you're you know, 76 00:03:37.439 --> 00:03:39.159 someone who likes to tinker under the hood. 77 00:03:39.240 --> 00:03:41.680 So it's like choosing between automatic and manual TRANSMISSI. 78 00:03:41.719 --> 00:03:42.960 Right, Yeah, perfect analogy. 79 00:03:43.039 --> 00:03:45.159 They both get you where you want to go exactly. 80 00:03:44.800 --> 00:03:48.360 And the best choice really depends on your individual needs. 81 00:03:48.680 --> 00:03:52.400 Got it. Now, this book stresses how important it is 82 00:03:52.439 --> 00:03:55.039 to choose the right place to install these tools, Like 83 00:03:55.080 --> 00:03:57.199 it's not just about downloading the software. 84 00:03:57.280 --> 00:03:59.960 Absolutely, You wouldn't want to store your most valuable possession 85 00:04:00.120 --> 00:04:02.960 and a flimsy tent, right right. Well, your private key 86 00:04:03.039 --> 00:04:04.759 is like the key to your digital kingdom, So you 87 00:04:04.759 --> 00:04:09.719 need a secure environment. Avoid shared computers, public terminals. Those 88 00:04:09.759 --> 00:04:11.919 are basically like leaving your front door wide open. 89 00:04:12.199 --> 00:04:15.280 Got it? So my personal laptop as long as it's 90 00:04:15.400 --> 00:04:18.759 you know, properly secured with a strong password. Up to 91 00:04:18.839 --> 00:04:20.480 date software should. 92 00:04:20.240 --> 00:04:23.519 Be good, exactly. You want to be in complete control 93 00:04:23.600 --> 00:04:25.360 of that device where you're storing your keys. 94 00:04:25.480 --> 00:04:25.959 Makes sense. 95 00:04:26.439 --> 00:04:29.399 Now, if we're talking about older operating systems like Windows 96 00:04:29.480 --> 00:04:32.439 ninety five ninety eight, things get a little trickier. 97 00:04:32.600 --> 00:04:35.519 Oh so like installing open PGP on those systems, is 98 00:04:35.560 --> 00:04:36.439 that even possible? 99 00:04:36.800 --> 00:04:40.240 Well, those older systems, they have limitations when it comes 100 00:04:40.319 --> 00:04:43.439 to multi user security. Ah okay, it's much harder to 101 00:04:43.480 --> 00:04:46.560 protect your keys on a shared Windows nine x machine 102 00:04:46.600 --> 00:04:50.279 because well, anyone with access to that computer could potentially 103 00:04:50.319 --> 00:04:50.720 see them. 104 00:04:50.879 --> 00:04:51.319 Yikes. 105 00:04:51.519 --> 00:04:54.399 It's like having a vault with a flimsy lock. Not 106 00:04:54.639 --> 00:04:55.480 very reassuring. 107 00:04:55.639 --> 00:04:58.040 Yeah, not at all. So sticking to newer systems is 108 00:04:58.040 --> 00:04:58.839 probably the way to go. 109 00:04:59.079 --> 00:05:02.519 Absolutely. Now, once you've chosen a safe haven for your keys, 110 00:05:02.560 --> 00:05:05.079 you can start thinking about generating your own key pair. 111 00:05:05.160 --> 00:05:07.120 All right, let's get building. But it seems like there 112 00:05:07.120 --> 00:05:08.680 are a lot of choices to make, Like there are 113 00:05:08.759 --> 00:05:10.319 different key types and sizes. 114 00:05:10.560 --> 00:05:13.000 Yeah, you'll need to decide on the type, the size, 115 00:05:13.040 --> 00:05:14.879 even an expiration date for your keys. 116 00:05:14.959 --> 00:05:17.639 Okay, so key types first, what are the options. 117 00:05:17.839 --> 00:05:22.160 The book mentions a few like DSSA, elgamol, DSA alone, 118 00:05:22.199 --> 00:05:25.879 and RSSA. These are all different encryption algorithms, but RSA 119 00:05:26.360 --> 00:05:29.720 that's the clear winner in today's world. Those other ones 120 00:05:29.759 --> 00:05:32.680 they're kind of like outdated tools. They might have worked 121 00:05:32.680 --> 00:05:35.360 in the past, but RSA is the heavy duty encryption 122 00:05:35.480 --> 00:05:37.480 you need for modern security challenges. 123 00:05:37.800 --> 00:05:40.199 So RSA is the state of the art lock for 124 00:05:40.240 --> 00:05:44.240 our digital vault. Got it? Now? What about key size? 125 00:05:44.600 --> 00:05:46.560 Does bigger always mean better? 126 00:05:46.839 --> 00:05:49.519 It's tempting to go for the biggest key possible, right, 127 00:05:50.199 --> 00:05:53.360 But the default size, which is twenty forty eight bits, 128 00:05:53.600 --> 00:05:55.920 that's more than enough to keep your data safe from 129 00:05:56.000 --> 00:05:59.120 even the most determined hackers, unless someone is using a 130 00:05:59.199 --> 00:06:02.199 quantum computer to crack your code, which is still you know, 131 00:06:02.399 --> 00:06:04.759 a bit of a sci fi scenario quantum computers. 132 00:06:04.800 --> 00:06:06.800 Well, I guess we'll have to revisit this conversation when 133 00:06:06.839 --> 00:06:07.920 those become mainstream. 134 00:06:08.160 --> 00:06:12.120 Exactly for now, the standard key size, it's incredibly secure. 135 00:06:12.800 --> 00:06:15.800 But there's one more key element to consider, and that's 136 00:06:15.839 --> 00:06:16.959 the expiration date. 137 00:06:17.399 --> 00:06:20.279 Wait, keys expire. I thought once you generate them, they're 138 00:06:20.279 --> 00:06:21.040 good to go forever. 139 00:06:21.240 --> 00:06:24.079 Yeah, having a non expiring key it might seem convenient, 140 00:06:24.240 --> 00:06:27.240 but it posts a pretty significant risk. What if your 141 00:06:27.279 --> 00:06:32.079 keys are compromised, someone could potentially impersonate you indefinitely. 142 00:06:32.240 --> 00:06:34.720 Ah, that makes sense. So it's like setting an expiration 143 00:06:34.839 --> 00:06:36.759 date on your credit card precisely. 144 00:06:36.959 --> 00:06:38.600 It's a safety net just in case. 145 00:06:38.680 --> 00:06:41.399 Okay, So what's a reasonable expiration date? Then? 146 00:06:41.879 --> 00:06:45.600 The book suggests starting with one year for your first key, okay, 147 00:06:45.720 --> 00:06:47.279 just to get the hang of things, and then you 148 00:06:47.319 --> 00:06:49.879 can extend it to you know, to the five years 149 00:06:49.879 --> 00:06:50.920 once you're more comfortable. 150 00:06:51.040 --> 00:06:53.759 Makes sense now. The book also really stresses the importance 151 00:06:53.800 --> 00:06:56.560 of a strong passphrase. It seems like this is where 152 00:06:56.600 --> 00:06:59.279 things can go wrong even with the best encryption. 153 00:06:59.480 --> 00:07:03.800 Absolutely, your passphrase, it's like the combination to your digital vault. Right, 154 00:07:04.120 --> 00:07:08.360 choose it wisely, think long, complex, unique, a mix of 155 00:07:08.480 --> 00:07:11.959 upper and lower case letters, number symbols. Stay away from 156 00:07:12.000 --> 00:07:13.240 anything easily guessable. 157 00:07:13.399 --> 00:07:15.800 So password one, two three is a definite no go, 158 00:07:16.040 --> 00:07:19.600 definitely a nog got it okay, passphrase, locked and loaded. 159 00:07:20.319 --> 00:07:23.360 But once we've generated this key pair, we need to 160 00:07:23.439 --> 00:07:26.120 keep it safe, right like backups are pretty crucial. 161 00:07:26.279 --> 00:07:30.000 Absolutely, treat your key pair and your revocation certificate like 162 00:07:30.040 --> 00:07:34.959 their priceless artifacts, store them securely both digitally and physically. 163 00:07:35.360 --> 00:07:37.759 If something happens to your main device, you'll be thankful 164 00:07:37.800 --> 00:07:38.439 you have a backup. 165 00:07:38.480 --> 00:07:40.240 Wait, a revocation certificate. What's that? 166 00:07:40.480 --> 00:07:42.560 Think of it like a safety switch, right. Imagine you 167 00:07:42.600 --> 00:07:46.079 lose your keys, or even worse, someone steals them. The 168 00:07:46.160 --> 00:07:50.000 revocation certificate lets you instantly invalidate that key pair so 169 00:07:50.199 --> 00:07:51.240 no one can use them. 170 00:07:51.319 --> 00:07:54.319 So it's like hitting the kill switch on your digital identity. Exactly. 171 00:07:54.480 --> 00:07:59.079 That's relief. But the book mentions using CD ROMs, floppy discs, 172 00:07:59.199 --> 00:08:02.199 USB key so those seem a little old school in 173 00:08:02.199 --> 00:08:02.839 today's world. 174 00:08:02.920 --> 00:08:05.639 They might be old school, but the idea remains the same. 175 00:08:05.920 --> 00:08:10.319 Offline backups stored separately from your main devices. Essential cloud 176 00:08:10.319 --> 00:08:12.879 storage is convenient, but it can also be a single 177 00:08:12.920 --> 00:08:16.240 point of failure. Having a physical backup tucked away somewhere 178 00:08:16.360 --> 00:08:18.360 is like having a spare key hidden away. 179 00:08:18.639 --> 00:08:23.560 That's true. So convenience versus security, It's all about balance exactly. Okay, 180 00:08:23.600 --> 00:08:26.480 So let's talk about the heart and soul of open PGP. Now, 181 00:08:26.839 --> 00:08:30.040 which is this web of trust? The book describes it 182 00:08:30.120 --> 00:08:34.639 as a network of these interconnected trust relationships, But how 183 00:08:34.639 --> 00:08:37.720 does that actually work in practice. 184 00:08:37.159 --> 00:08:41.120 It's all about decentralization. Instead of relying on one central 185 00:08:41.159 --> 00:08:45.639 authority to verify identities, imagine a system where individuals vouch 186 00:08:45.720 --> 00:08:48.919 for each other. Okay, a more personal approach, you know. 187 00:08:49.279 --> 00:08:51.840 So it's like, I don't know, building a reputation based 188 00:08:51.879 --> 00:08:54.559 on recommendations from people you actually know and trust. 189 00:08:54.679 --> 00:08:58.240 Exactly. By digitally signing each other's keys, users create this 190 00:08:58.399 --> 00:08:59.879 web that spans the glow. 191 00:09:00.440 --> 00:09:03.639 Okay, so how does signing a key actually work? 192 00:09:03.679 --> 00:09:03.759 Like? 193 00:09:03.799 --> 00:09:04.679 What am I verifying? 194 00:09:04.679 --> 00:09:06.759 When I do that, you're essentially saying, Hey, I've met 195 00:09:06.759 --> 00:09:08.919 this person in real life and I believe they are 196 00:09:08.960 --> 00:09:11.639 who they say they are. It adds weight to their 197 00:09:11.679 --> 00:09:12.559 digital identity. 198 00:09:12.720 --> 00:09:14.679 So it's like vouching for a friend's character, but in 199 00:09:14.679 --> 00:09:15.639 the real world exactly. 200 00:09:15.720 --> 00:09:18.039 But here's where it gets really interesting. Yeah, there are 201 00:09:18.080 --> 00:09:20.279 different levels of trust you can assign. It's not just 202 00:09:20.320 --> 00:09:21.360 a simple yes or no. 203 00:09:21.960 --> 00:09:23.360 Oh, there are levels. 204 00:09:23.720 --> 00:09:26.600 Tell me more. Think of it like a rating system. 205 00:09:26.879 --> 00:09:29.919 You might verify someone's identity, but you don't fully trust 206 00:09:30.000 --> 00:09:32.679 their judgment when it comes to signing other keys. That's 207 00:09:32.679 --> 00:09:35.960 a non level. Then there's marginal you know, you think 208 00:09:36.000 --> 00:09:38.879 they're generally reliable. But you wouldn't bet your life's savings 209 00:09:38.879 --> 00:09:43.080 on their decisions. And then finally, there's fully trusted that's 210 00:09:43.120 --> 00:09:46.960 reserved for individuals whose judgment you completely have confidence in. 211 00:09:47.440 --> 00:09:50.480 So it's like a sliding scale of trust exactly. 212 00:09:50.600 --> 00:09:54.320 It's all about carefully considering who you trust and how much. 213 00:09:54.440 --> 00:09:57.039 Okay, I'm starting to see how this all comes together. 214 00:09:57.960 --> 00:10:02.120 But how do you actually verify someone's identity in the 215 00:10:02.159 --> 00:10:04.519 first place? Is it just a matter of you know, 216 00:10:05.159 --> 00:10:06.159 exchanging emails. 217 00:10:06.320 --> 00:10:09.759 Email verification is a good starting point, but for stronger assurance, 218 00:10:09.799 --> 00:10:12.799 the best practice is to meet in person, check IDs, 219 00:10:13.000 --> 00:10:16.399 compare fingerprints, you know, have that face to face conversation. 220 00:10:16.720 --> 00:10:18.399 That makes sense. So key signing parties are like a 221 00:10:18.440 --> 00:10:21.440 mix between a security conference and I don't know, like 222 00:10:21.480 --> 00:10:23.080 a social gathering exactly. 223 00:10:23.120 --> 00:10:25.320 It's a chance to build trust and actually strengthen the 224 00:10:25.320 --> 00:10:26.360 web of trust, you know. 225 00:10:26.639 --> 00:10:29.440 Okay, so it's like a geek social exactly. I like it. 226 00:10:29.840 --> 00:10:31.840 But the book also mentions that you should be conscious 227 00:10:31.840 --> 00:10:34.639 about signing keys if you're concerned about privacy. 228 00:10:35.039 --> 00:10:37.679 Why is that that's a valid point. When you sign 229 00:10:37.759 --> 00:10:41.600 a key, you're essentially creating a link between your digital 230 00:10:41.639 --> 00:10:45.399 identity and theirs, So you know, if someone was trying 231 00:10:45.399 --> 00:10:48.360 to investigate you, they could potentially follow that. 232 00:10:48.440 --> 00:10:52.120 True. Ah, so it's a trade off between building trust 233 00:10:52.559 --> 00:10:54.480 and maintaining your own privacy exactly. 234 00:10:54.559 --> 00:10:58.559 It's something to consider. Now, let's talk about actually using 235 00:10:58.639 --> 00:11:01.519 open PGP in our every day lives. How do we 236 00:11:01.639 --> 00:11:06.600 integrate it with our email clients? Is it a complicated process? Not? Really. 237 00:11:06.639 --> 00:11:09.840 There are two main approaches, proxies and plugins. Think of 238 00:11:09.840 --> 00:11:12.799 a proxy like a silent guardian working in the background, 239 00:11:12.879 --> 00:11:15.679 you know. A plugin, on the other hand, integrates directly 240 00:11:15.720 --> 00:11:18.720 with your email client, offering a more seamless experience. 241 00:11:18.879 --> 00:11:21.399 So it's all about choosing the approach that works best. 242 00:11:21.200 --> 00:11:22.279 For you exactly. 243 00:11:22.399 --> 00:11:25.720 Okay. And once you've got that integration figured out, there's 244 00:11:25.759 --> 00:11:28.799 the question of how to handle those encrypted messages, right. 245 00:11:28.879 --> 00:11:30.759 You have to decide do you want to store them 246 00:11:30.840 --> 00:11:35.120 as like scramble gibberish or do you want to decrypt 247 00:11:35.120 --> 00:11:36.360 them for easy access? 248 00:11:36.519 --> 00:11:38.720 Okay, So another decision with trade offs. 249 00:11:38.960 --> 00:11:44.720 Always trade offs. Storing messages encrypted, well, it provides maximum security. 250 00:11:44.799 --> 00:11:47.360 Even if someone hacks into your computer, they can't read 251 00:11:47.399 --> 00:11:50.480 your emails without your private key, But it does mean 252 00:11:50.639 --> 00:11:52.679 you have to decrypt them every time you want to 253 00:11:52.679 --> 00:11:53.120 read them. 254 00:11:53.200 --> 00:11:55.679 Okay, So again it's security versus. 255 00:11:55.440 --> 00:11:58.360 Convenience exactly, and finding that balance is key. 256 00:11:58.639 --> 00:12:00.519 All right, before we move on to part to one 257 00:12:00.600 --> 00:12:05.159 last thing, receiving emails from people outside your web of trust? 258 00:12:05.559 --> 00:12:06.759 How do you handle that? 259 00:12:06.759 --> 00:12:09.159 That's a common scenario. You might receive an email from 260 00:12:09.200 --> 00:12:12.559 someone who uses open PGP, but you haven't personally verified 261 00:12:12.559 --> 00:12:13.279 their identity. 262 00:12:13.519 --> 00:12:15.480 So do you just take their word for it? 263 00:12:15.519 --> 00:12:18.919 Proceed with caution? You can still communicate, but just be 264 00:12:19.039 --> 00:12:22.799 aware that you haven't independently verified their identity. It's like 265 00:12:22.879 --> 00:12:25.519 accepting a package from a stranger, right, you'd probably be 266 00:12:25.559 --> 00:12:27.000 a little more cautious about opening it. 267 00:12:27.159 --> 00:12:29.600 Yeah, good point. So you've got to be careful who 268 00:12:29.639 --> 00:12:32.480 you trust online, even with all these security measures in place. 269 00:12:32.919 --> 00:12:35.759 Exactly. Now, we've covered a lot of ground in this 270 00:12:35.840 --> 00:12:38.919 first part of our deem dive. We explored the fundamentals 271 00:12:38.919 --> 00:12:42.039 of cryptography, the unique world of the web of trust, 272 00:12:42.440 --> 00:12:45.200 and even touched on some practical aspects of using open 273 00:12:45.240 --> 00:12:47.000 PGP in your daily life. 274 00:12:47.120 --> 00:12:49.679 It's been a wild ride so far, but I'm definitely 275 00:12:49.720 --> 00:12:53.360 feeling more empowered to take control of my own email security. 276 00:12:53.879 --> 00:12:56.600 But I can tell there's still so much more to explore. 277 00:12:56.679 --> 00:12:59.759 Oh yeah, absolutely. In the next part we'll dive even deeper. 278 00:12:59.799 --> 00:13:04.519 You know, we'll talk about PGP its features, the installation process, 279 00:13:04.639 --> 00:13:07.399 and the art of managing those all important keys. 280 00:13:07.519 --> 00:13:09.559 I can't wait see you in part two for more 281 00:13:09.600 --> 00:13:11.159 email security secrets. 282 00:13:11.679 --> 00:13:13.919 Welcome back to our deep dive into the world of 283 00:13:13.919 --> 00:13:14.799 email security. 284 00:13:14.879 --> 00:13:17.440 All right, So, last time we talked about how open 285 00:13:17.480 --> 00:13:20.840 PGP puts you in control not some big tech company. 286 00:13:21.039 --> 00:13:22.960 But I feel like we just scratched the surface. There's 287 00:13:23.000 --> 00:13:25.759 so much more to learn about actually using these tools. 288 00:13:25.960 --> 00:13:28.480 Absolutely, and as we dive deeper into PGP, it's really 289 00:13:28.519 --> 00:13:31.519 important to remember that security isn't just about the software 290 00:13:31.600 --> 00:13:35.480 you choose. It's also about the practices you adopt, minimizing 291 00:13:35.480 --> 00:13:38.039 those risks and protecting your digital identity. 292 00:13:38.200 --> 00:13:40.840 Okay, so it's like building a fortress. Strong walls are great, 293 00:13:40.879 --> 00:13:45.120 but you also need those vigilant guards and those strategic defenses. Exactly, 294 00:13:45.639 --> 00:13:49.480 So let's talk about PGP. This book mentions different versions, 295 00:13:49.480 --> 00:13:52.879 like PGP Desktop and PGP command Line. What's the difference? 296 00:13:53.360 --> 00:13:54.600 Is one better than the other? 297 00:13:55.080 --> 00:13:57.480 Think of it this way. Do you prefer a point 298 00:13:57.519 --> 00:14:00.559 and click interface or a more hands on approach. Okay, 299 00:14:00.799 --> 00:14:03.759 PGP Desktop, that's the user friendly option. You know. It's 300 00:14:03.799 --> 00:14:07.320 designed for those who prefer a graphical interfils. PGP command 301 00:14:07.360 --> 00:14:10.519 line gives you more flexibility and control if you're comfortable 302 00:14:10.519 --> 00:14:12.159 working with text based commands. 303 00:14:12.279 --> 00:14:14.080 So it's like using a map app on your phone 304 00:14:14.200 --> 00:14:16.720 or navigating with a compass and a paper map. 305 00:14:16.879 --> 00:14:20.279 Perfect analogy, but both can get you to your destination exactly. 306 00:14:20.480 --> 00:14:23.519 But regardless of which version you choose. The next step 307 00:14:23.600 --> 00:14:25.840 is mastering that art of key management. 308 00:14:26.159 --> 00:14:29.039 Key management that sounds, I don't know, kind of complicated. 309 00:14:29.200 --> 00:14:31.919 It's not as complex as it sounds, but it's crucial. 310 00:14:33.039 --> 00:14:36.799 Your keys. They are the heart of open PGP. Lose them, 311 00:14:37.039 --> 00:14:41.159 mismanage them, and your whole security system falls apart. The 312 00:14:41.200 --> 00:14:43.879 good news is PGP provides tools to help you keep 313 00:14:43.919 --> 00:14:47.200 track of your keys, add new ones, even interact with 314 00:14:47.279 --> 00:14:47.799 key servers. 315 00:14:47.879 --> 00:14:49.360 Hold on key servers, what are those? 316 00:14:49.559 --> 00:14:53.000 Imagine a giant directory where people lits their public keys. 317 00:14:53.200 --> 00:14:56.799 Oh okay, it's like a phone book for the OPENPGT world. Okay, 318 00:14:56.840 --> 00:14:59.360 so if you want to send an encrypted email to someone, 319 00:14:59.679 --> 00:15:02.320 you could and search for their key on a key server, like. 320 00:15:02.320 --> 00:15:04.399 Looking up someone's number before you call them. 321 00:15:04.440 --> 00:15:07.000 Precisely, they make it easy to share public keys and 322 00:15:07.039 --> 00:15:10.480 connect with other users. But remember, you should always verify 323 00:15:10.519 --> 00:15:13.000 a key's fingerprint before you completely trust it. 324 00:15:13.120 --> 00:15:16.080 Okay, good advice. So how do you verify a fingerprint? 325 00:15:16.200 --> 00:15:17.919 Is it just like looking at a string of characters 326 00:15:17.919 --> 00:15:18.399 and that's it. 327 00:15:18.639 --> 00:15:21.480 You can compare the fingerprint that your email client shows 328 00:15:21.519 --> 00:15:23.639 you with the one that the key owner gives you. Okay, 329 00:15:23.919 --> 00:15:26.279 But for added security, you really want to confirm that 330 00:15:26.320 --> 00:15:29.399 fingerprint through a separate channel, like a trusted channel. 331 00:15:29.559 --> 00:15:31.679 So it's like double checking a phone number with someone 332 00:15:31.759 --> 00:15:33.200 before you call them exactly. 333 00:15:33.279 --> 00:15:36.159 Don't just rely on what your software tells you. Always 334 00:15:36.200 --> 00:15:37.519 confirm it independently. 335 00:15:37.600 --> 00:15:37.919 Got it. 336 00:15:38.639 --> 00:15:41.480 Now, let's talk about one of the most important aspects 337 00:15:41.480 --> 00:15:44.240 of key management, signing keys. 338 00:15:44.879 --> 00:15:47.519 Signing keys. So this is where that web of trust 339 00:15:47.559 --> 00:15:50.360 we talked about comes into play, like vouching for someone's 340 00:15:50.399 --> 00:15:51.279 digital identity. 341 00:15:51.360 --> 00:15:54.440 Precisely, when you sign someone's key, you're essentially saying, hey, 342 00:15:54.600 --> 00:15:58.120 I've verified this person and I trust them, okay, and 343 00:15:58.159 --> 00:16:00.720 it really strengthens the whole way of trust. 344 00:16:00.960 --> 00:16:04.879 But this also creates a link between your identity and theirs. Right. 345 00:16:05.519 --> 00:16:08.000 The book warns against signing keys too easily. 346 00:16:08.279 --> 00:16:10.639 That's a crucial point. Signing a key is like leaving 347 00:16:10.639 --> 00:16:11.639 a digital footprint. 348 00:16:11.840 --> 00:16:12.200 Ah. 349 00:16:12.279 --> 00:16:15.000 Okay, so it's important to weigh the benefits of building 350 00:16:15.000 --> 00:16:17.600 that trust against the potential impact on your privacy. 351 00:16:17.679 --> 00:16:20.960 So another balancing act always. Okay, but how do you 352 00:16:21.039 --> 00:16:25.000 actually verify someone's identity before you sign their key? Is 353 00:16:25.000 --> 00:16:28.000 it just a matter of you know, exchanging emails. 354 00:16:28.320 --> 00:16:31.759 Email verification is a good first step, but for stronger assurance, 355 00:16:31.759 --> 00:16:34.039 you really want to meet in person, you know, check 356 00:16:34.039 --> 00:16:37.559 those government IDs, compare fingerprints. Remember those key signing parties 357 00:16:37.600 --> 00:16:39.559 we talked about, Yeah, they're great for this. 358 00:16:39.759 --> 00:16:42.200 So key signing parties they're like a mix between a 359 00:16:42.240 --> 00:16:45.000 security conference and I don't know, like a mixer or 360 00:16:45.039 --> 00:16:48.440 something exactly. Okay, So let's shift gears a little bit now. 361 00:16:48.559 --> 00:16:52.240 Talk about how we actually use PGP to send and 362 00:16:52.320 --> 00:16:54.000 receive encrypted emails. 363 00:16:54.480 --> 00:16:57.960 Okay. So once you have PGP installed, keys all set up, 364 00:16:58.480 --> 00:17:00.600 you'll need to think about how you want to integrate 365 00:17:00.639 --> 00:17:02.000 it with your email client. 366 00:17:02.080 --> 00:17:03.879 Okay, So choices again, right, do. 367 00:17:03.799 --> 00:17:06.039 You want a seamless experience or do you want a 368 00:17:06.079 --> 00:17:07.039 more hands. 369 00:17:06.759 --> 00:17:07.880 On approach got it. 370 00:17:08.119 --> 00:17:13.279 As we discussed, there are two main approaches, proxies and plugins. Proxyes. 371 00:17:13.599 --> 00:17:17.359 Those work behind the scenes, intercepting your emails, handling all 372 00:17:17.400 --> 00:17:21.920 that encryption and decryption automatically. Plugins integrate directly with your 373 00:17:21.960 --> 00:17:22.680 email client. 374 00:17:22.880 --> 00:17:25.799 So proxies are like having a dedicated security team working 375 00:17:25.839 --> 00:17:29.279 in the background. Plugins are like having a personal assistant 376 00:17:29.279 --> 00:17:30.680 who handles the encryption for you. 377 00:17:31.079 --> 00:17:33.960 Exactly. It all depends on your workflow got it. But 378 00:17:34.119 --> 00:17:37.079 regardless of which method you choose, there's one more important 379 00:17:37.119 --> 00:17:40.279 decision to make. How do you want to encode those 380 00:17:40.480 --> 00:17:41.519 encrypted messages? 381 00:17:41.680 --> 00:17:43.960 Okay, this is getting a bit technical. What are our options? 382 00:17:44.079 --> 00:17:49.160 There are two main methods, inline and pgpmime. In line 383 00:17:49.240 --> 00:17:52.519 and coding embeds that encrypted message directly into the email 384 00:17:52.519 --> 00:17:56.200 body pgpmee it treats it as an attachment. 385 00:17:56.599 --> 00:17:59.640 So it's like choosing between writing a secret message on 386 00:17:59.680 --> 00:18:01.880 a piece of paper and sealing it in an envelope 387 00:18:02.079 --> 00:18:04.279 or sending the entire message as a separate package. 388 00:18:04.519 --> 00:18:08.119 The great analogy, right. Inline encoding is the older method, 389 00:18:08.400 --> 00:18:10.480 but it can be less reliable and you might have 390 00:18:10.559 --> 00:18:15.240 some formatting issues. Okay, PGPMIEM is generally the preferred way 391 00:18:15.279 --> 00:18:18.079 to go because it plays better with modern email clients. 392 00:18:18.359 --> 00:18:20.519 Got it, So pgpmie it is. 393 00:18:20.759 --> 00:18:23.400 Now there's one more element the book talks about, how 394 00:18:23.440 --> 00:18:26.079 do you want to store those encrypted emails? Do you 395 00:18:26.119 --> 00:18:29.319 keep them entrypted or do you decrypt them for easier access? 396 00:18:29.440 --> 00:18:31.519 Okay, so that sounds like another one of those security 397 00:18:31.599 --> 00:18:33.279 versus convenience situations. 398 00:18:33.519 --> 00:18:38.279 You got it. Storing messages encrypted provides maximum protection even 399 00:18:38.319 --> 00:18:40.559 if someone gets into your computer, they can't read your 400 00:18:40.559 --> 00:18:43.400 emails without that private key, but you do have to 401 00:18:43.440 --> 00:18:45.599 decrypt them every time you want to read them, which 402 00:18:45.720 --> 00:18:46.559 can be a hassle. 403 00:18:46.720 --> 00:18:48.960 Okay, So again you have to decide what level of 404 00:18:48.960 --> 00:18:52.960 inconvenience you're willing to live with for that added security exactly. 405 00:18:53.160 --> 00:18:55.200 What are some other things we should keep in mind 406 00:18:55.319 --> 00:18:56.720 when using PGP. 407 00:18:56.680 --> 00:18:59.680 Well, how you handle emails from people outside your web 408 00:18:59.680 --> 00:19:04.039 of trucks. Remember, trust is earned, not given. If you 409 00:19:04.119 --> 00:19:07.440 get an encrypted email from someone you haven't personally verified, 410 00:19:07.839 --> 00:19:08.920 proceed with caution. 411 00:19:09.279 --> 00:19:12.599 So it's like receiving a package from an unknown sender, right, Yeah, 412 00:19:12.640 --> 00:19:14.720 you wouldn't just open it without making sure who it's 413 00:19:14.720 --> 00:19:17.319 from and what's inside precisely, So the same applies to 414 00:19:17.440 --> 00:19:19.240 digital communication exactly. 415 00:19:19.799 --> 00:19:22.559 Now, we've covered a lot of ground in this second 416 00:19:22.559 --> 00:19:23.480 part of our deep dive. 417 00:19:23.640 --> 00:19:24.119 Yeah, we have. 418 00:19:24.319 --> 00:19:27.960 We've explored the different versions of PGP, looked at key management, 419 00:19:28.400 --> 00:19:31.640 and even discussed some practical tips for sending and receiving 420 00:19:31.680 --> 00:19:32.880 those encrypted emails. 421 00:19:33.160 --> 00:19:35.640 It's definitely been an eye opening journey. But I have 422 00:19:35.680 --> 00:19:37.839 a feeling there's still more to uncover, right. 423 00:19:37.759 --> 00:19:39.759 You're right, we still need to talk about some of 424 00:19:39.759 --> 00:19:43.400 those advanced features, walk through a few real world scenarios, 425 00:19:43.480 --> 00:19:46.839 and explore just how email security is constantly changing. 426 00:19:46.960 --> 00:19:48.599 Sounds like we've got a lot more to dive into. 427 00:19:49.319 --> 00:19:51.640 Welcome back for the final part of our open PGP 428 00:19:51.799 --> 00:19:55.160 deep dive. We've gone from the basics of cryptography to 429 00:19:55.200 --> 00:19:57.920 the web of trust. It's been quite a journey, it has. 430 00:19:58.359 --> 00:20:00.960 We've learned how to take control of our digital privacy 431 00:20:01.000 --> 00:20:03.359 and that's pretty empowering, right definitely. 432 00:20:03.759 --> 00:20:07.240 But as we've talked about, security is an ongoing process. 433 00:20:07.440 --> 00:20:10.559 It's like learning a new language, always more to discover, 434 00:20:11.319 --> 00:20:14.920 and this PGP GPG book has been a fantastic guide. 435 00:20:14.599 --> 00:20:16.559 It really has. So let's dive into some of those 436 00:20:16.559 --> 00:20:19.319 more advanced features of PGP, the ones that can really 437 00:20:19.400 --> 00:20:20.920 enhance your email security. 438 00:20:20.960 --> 00:20:23.119 All right, I'm ready to level up my security game. 439 00:20:23.720 --> 00:20:27.319 The book talks about passphrase caching. What is that exactly? 440 00:20:27.559 --> 00:20:30.920 Passphrase caching. Think of it like a convenience feature. It 441 00:20:31.000 --> 00:20:34.240 lets PGP remember your passphrase for a bit, so you 442 00:20:34.240 --> 00:20:36.319 don't have to type it in every single time. 443 00:20:36.559 --> 00:20:39.240 That does sound convenient, but I bet there's a downside 444 00:20:39.319 --> 00:20:39.799 there is. 445 00:20:40.240 --> 00:20:43.440 While it's handy, it's also a risk someone gets access 446 00:20:43.480 --> 00:20:46.720 to your computer while that passphrase is cashed, while they 447 00:20:46.720 --> 00:20:49.880 could potentially get to your encrypted stuff. Ah. 448 00:20:49.920 --> 00:20:52.000 So it's like leaving your keys in the lock, kind 449 00:20:52.000 --> 00:20:53.640 of asking for trouble exactly. 450 00:20:53.720 --> 00:20:56.400 So if you're going to use passphrase cashing, be smart 451 00:20:56.440 --> 00:20:59.400 about it, short time out lock your computer when you 452 00:20:59.440 --> 00:20:59.960 walk away. 453 00:21:00.200 --> 00:21:03.359 Good advice. The book also mentions shredding is that like 454 00:21:03.519 --> 00:21:04.839 digitally shredding files. 455 00:21:04.920 --> 00:21:07.799 That's exactly it. Shredding. It's a way to get rid 456 00:21:07.799 --> 00:21:10.680 of files for good, like using a paper shredder, but 457 00:21:10.799 --> 00:21:11.519 for your computer. 458 00:21:11.799 --> 00:21:14.640 So, if I have a sensitive file, shredding is the 459 00:21:14.680 --> 00:21:16.160 way to permanently delete. 460 00:21:15.839 --> 00:21:19.599 It, exactly, an extra layer of protection, especially for those 461 00:21:19.759 --> 00:21:20.960 really sensitive files. 462 00:21:21.000 --> 00:21:23.559 Okay, so we've talked a lot about theory But how 463 00:21:23.559 --> 00:21:26.640 do we actually apply all this to real life? Like, 464 00:21:26.680 --> 00:21:29.000 what about when you're communicating with someone outside your web 465 00:21:29.039 --> 00:21:29.519 of trust? 466 00:21:29.880 --> 00:21:33.000 Remember, trust takes time, and it's always a good idea 467 00:21:33.000 --> 00:21:35.559 to be a little cautious. When you're interacting with someone 468 00:21:35.599 --> 00:21:38.759 you haven't actually verified, you can still use PGP to 469 00:21:38.759 --> 00:21:40.559 talk to them. Just keep in mind that you don't 470 00:21:40.559 --> 00:21:42.000 have that same level of assurance. 471 00:21:42.240 --> 00:21:46.160 So it's like meeting someone new right, you're friendly, you're polite, 472 00:21:46.640 --> 00:21:49.079 but you wouldn't necessarily spill all your secrets. 473 00:21:49.200 --> 00:21:50.279 That's a great analogy. 474 00:21:50.720 --> 00:21:54.279 What about using PGP in a business setting? Anything specific 475 00:21:54.319 --> 00:21:55.240 to keep in mind there? 476 00:21:55.400 --> 00:21:58.799 Definitely in a company, it's really important to have clear 477 00:21:58.920 --> 00:22:02.880 rules about using pg for example, separate keys for work. 478 00:22:02.960 --> 00:22:04.720 That way everything stays confidential. 479 00:22:04.799 --> 00:22:07.279 So like having different email accounts for work and personal 480 00:22:07.319 --> 00:22:10.799 stuff keeps things organized and protects information precisely. 481 00:22:11.039 --> 00:22:13.640 And training is crucial. Make sure everyone knows how to 482 00:22:13.720 --> 00:22:18.200 use PGP properly, how to manage those keys, strong pass phrases. 483 00:22:18.039 --> 00:22:21.039 All of that. Speaking of training, this deep dive has 484 00:22:21.079 --> 00:22:24.640 been amazing. I've learned so much about email security and 485 00:22:24.680 --> 00:22:28.640 how to protect my own privacy. But this digital security world, 486 00:22:29.039 --> 00:22:30.960 it's always changing, right it is. 487 00:22:31.039 --> 00:22:33.279 New threats popping up all the time. It's a constant 488 00:22:33.279 --> 00:22:34.319 game of cat and mouse. 489 00:22:34.519 --> 00:22:36.279 So we need to stay informed, stay. 490 00:22:36.119 --> 00:22:39.359 Visilant exactly, and never be afraid to ask questions. 491 00:22:40.079 --> 00:22:43.440 This PGP and GPG book it's been a lifesaver, really 492 00:22:43.440 --> 00:22:46.319 helped me wrap my head around OpenPGP. But even with 493 00:22:46.359 --> 00:22:48.720 all this knowledge, I can see that taking control of 494 00:22:48.759 --> 00:22:50.720 your digital privacy it's a commitment. 495 00:22:50.920 --> 00:22:54.440 It is it's an ongoing thing. Awareness, education, taking action, 496 00:22:54.799 --> 00:22:55.640 it all matters. 497 00:22:55.880 --> 00:22:57.880 Well said, Thank you so much for taking us on 498 00:22:57.960 --> 00:23:01.960 this deep dive into the world of open and email security. 499 00:23:02.160 --> 00:23:04.759 You're very welcome. Remember you have the power to protect 500 00:23:04.799 --> 00:23:09.240 your privacy, communicate securely, use the tools, stay informed, and 501 00:23:09.319 --> 00:23:09.880 keep learning. 502 00:23:10.079 --> 00:23:12.279 Great advice. That's all the time we have for this 503 00:23:12.359 --> 00:23:14.640 deep dive, but keep an eye out for more fascinating 504 00:23:14.680 --> 00:23:16.000 deep dives coming soon.