Flashes of Panic

For various reasons, I’m trying to get our web server (the secure part of it, that is) to accept form input, encrypt it with GPG, and email the result to my address here. It’s a proof-of-concept hack which will be expanded to other areas of the site once I make it click. So far, I have plowed through this tutorial, which got me pretty close but still chokes in the PGP execution, and just found this one which should get me closer (better source) but hasn’t done the trick yet.

When I first set up my email to send and receive encrypted and cryptographically-signed email, it was a bit arcane, but not too headache-inducing, thanks to the excellent work of the MacGPG group and Stéphane Courthésy, who made GPGMail. They Mac-ified the installation process as much as possible, and included a step-by-step walk-through to get me up and running. It was pretty easy, and I wondered why more people didn’t do it.

Doing it on Raven, so far, has not been brutal, but it also hasn’t been a breeze. I got GPG installed and running with minimal difficulty, but using it has been another story. Actually encrypting a file from PHP has been impossible, so far. And, once I get this proof-of-concept working, I still need to install something on a WinXP system which will let a co-worker (who is less tolerant of arcane technology than I) easily decrypt files, preferably within our common e-mail client, and that has been downright improbable so far.

I wondered, when I started out, why more people don’t use encryption. The answer is, first, because most people don’t understand it. (Raise your hand if you understand when a public key is used and when private key is used. Uh huh, I thought so. And that’s just the first step; there’s also the difference between signing and encrypting, signing before or after encrypting (or both), key generation algorithms (which black box do you use, some encrypt, some only sign) etc. etc.)

The second problem is that getting past the concepts involves some really wirehead-level software. GnuPG hasn’t really progressed past the command-line stage (even MacGPG, which is pretty damn elegant for GPG, is mainly a GUI wrapper which triggers command-line stuff in the Terminal app.) For really widespread use of encryption, you need seamless integration with mail, and that would require each mail developer (or someone associated with the project) to develop a plug-in (like GPGMail, which strikes me as a model of how it should work,) or build the code directly in to the package (*ahem*, Microsoft.)

Until then, encryption is probably going to stay in the domain of geeks like me. And I think that’s a bad thing. For one thing, GPG-signed messages save a lot of headaches when it comes to email-borne malware like the recent “your email has been suspended” worms. My users know that a legitimate message from me has my GPG signature, even though few, if any, can verify that signature. No worm has yet even tried to forge a GPG signature, nor can a spammer spoof my address with credibility.

And then there’s encryption. I know, “What do I have to hide?” Not much, except for the time I needed my nieces’ SSNs when I was setting up beneficiary information on a bank account. Still, don’t you want to drive John Ashcroft crazy? All that email out there he can’t read! The James Bond factor alone is almost worth the trouble, don’t you think?

OK, maybe not. But you’re not me.