ronny.haryan.to

Icon

Print: $9.50 — Online: free

Oct 9, 2004

Why I Digitally Sign My Emails

Did you receive an email from me with an “unknown” attachment? If you did and you want to know what the “unknown” attachment is and why I “attached” it, then please read on.

What is the “attachment”?

In short, it is a PGP or a GnuPG signature; a form of digital signature. (Note: I am using GnuPG to sign (and encrypt) my emails, not PGP.)

I cannot open the “attachment”

You might want to use a more modern standard-compliant email client (or MUA) whose developers care about your security and privacy.

Why bother signing?

Email is insecure by nature, there is no guarantee of anything whatsoever, including the claimed identity of the sender (otherwise we wouldn’t have the spam and virus problems right now).

In short, by digitally signing an email, the recipient of the email will have a chance to verify whether the email was sent by me or not.

How to verify?

To verify PGP/MIME signed messages from me, you need my public key, PGP or GnuPG, and probably a decent mail client to automate the process (otherwise you would have to do it manually with PGP or GnuPG). Please consult the documentations of the applications on how to do this, I’m not repeating that information here.

To verify PGP signed messages from other people, simply get the person’s public key and use the same method.

But I don’t care!

Fine, then you can simply ignore the “attachment”, it’s harmless. But please do keep in mind that if you have not verified an email with my signature on it, you cannot assume that it is sent by me, even if all the headers has my name and email address on it.

If you are extra paranoid, on top of verifying my digital signature you could also verify the SPF record for my domain, haryan.to, by checking the DNS TXT record and match the address of the server where the mail was sent from against the SPF record.

I’d like to learn more about this

Cool!

I found the GNU Privacy Handbook to be a great introduction to the topic, so I highly recommend it if you’re new to PGP/GnuPG or email/data security. And here’s an article about GnuPG in Indonesian by our friend Jay.

If you want to learn more about how email works, start from the Wikipedia entry for Electronic Mail.

Category: Personal, Tech

Tagged:

One Response

  1. Jagat Maya Jay adalah Yulian says:
    20 Oct 2004 at 03:28

    Gunakan Digital Signature Pada Email
    Mengamati perkembangan kasus Roy Suryo [RS] membuat surat terbuka kepada Eko Juniarto [EJ] yang dilatarbelakangi oleh RS menganggap EJ telah membuat account roysuryo[at]gmail.com, selain itu pula RS berkali-kali menegaskan bahwa dia hanya memiliki alam…

About

Ronny Haryanto is a technology addict/chef wannabe living in beautiful Melbourne, Australia.

Read more…

Follow Me on Twitter

Follow @ronny on Twitter where I post much more often than my blog.