31/12/2017

signing off your email with pgp fingerprint and verifying with the pgp server

By ben sim

the purpose of fingerprinting your email is to prove the authenticity of the sender. pgp is recommended in the case study below, fraud was committed cos’ scammers hack into the email accounts of the lawyers and solicit for money from the lawyers’ clients. common digital certificates is controversial as many duplicates are found on the web and impersonating can be easy after getting hold of the email passwords. on the other hand, pgp is normally used for encrypting your emails and can be also used for signing off your emails. pgp crytopgraphy has been around for at least the past 20 years and still prove to be working well.  with pgp encryption, you can be assured of genuine sender and the email content has not been modified but the use of public and private key can be troublesome. in my humble opinion, signing off emails with pgp and securing your emails with two factor authentication, is good enough, unless you are someone of importance or subject of interest by the authority. in one of snowden’s leak, he mentioned briefly the usefulness of encrypting emails.

 

the case study of email scammers:

https://www.msn.com/g00/en-au/news/australia/queensland-law-firms-lose-millions-to-hackers-in-highly-sophisticated-email-scam/ar-BBGRPgi?ocid=spartanntp&i10c.encReferrer=&i10c.ua=1

 

controversy of pgp:

http://secushare.org/PGP

 

in the news: google chrome’s distrust of symantec’s ssl certificates:

https://www.thesslstore.com/blog/google-chrome-distrust-symantec-ssl-certificates/