written by Sue, current Ada student. Read the original post on her blog.
As a private communications enthusiast, I hosted my very own PGP keysigning party. Beforehand, I shared with my fellow Adies how to generate their keypairs. The conference room surged with entropy as we all made our random movements to generate our keys. It was intense.
If you’d like to generate your own keypair and join the web of trust, follow these simple steps.
- Download GPGtools. It integrates with Apple Mail and makes it convenient to send and receive signed and/or encrypted emails.
- Read this guide which explains the important concepts, as well as all the practical know-how.
- The guide will tell you to use gpg. Go ahead and brew install gpg2. It’s newer and allows you to make larger keys. Use that.
- If you want to verify that the person whose key you are signing is in control of their email address, don’t just aimlessly send your signed keys to the key server. Instead, sign the key, then export it like so:
gpg --export PersonName > PersonName.key. Then email that to them and delete that key locally
gpg --delete-key PersonName. Now it’s on that person to submit that to the key server.
- Communicate with privacy and authenticity. Better spy on someone else, Mallory!