Encryption
If you need to send me a confidential message, there are several ways you can safely do that.
Keybase
Keybase is the easiest platform to make cryptography accessible to everyone. With keybase you can encrypt and decrypt messages using open protocols.
You can use the keybase website to encrypt a message with my key and send me the encrypted message however you want, even by email, text message or by publicly publishing it on your facebook wall, and only i will be able to decrypt and read its content.
DOWNSIDES (for those who care): The website is hosted on Amazon AWS and the backend is not open source.
Steps
- Open My Keybase encryption page
- Write your message
- Encrypt it
- Send me the encrypted message via email, text message, or any other communication protocol i use.
GPG
GNU Privacy Guard is the most advanced secure communication and signature software available, and uses the PGP standard, which is what i personally trust the most.
DOWNSIDES: It is very hard to use if your are not a techie
Steps
- Get my GPG public key from https://keybase.io/fabriziolr/pgp_keys.asc
- Install the official GPG client, or another PGP client
- Import my key
- Encrypt your message using my key as target
Verify my Digital Signature
If you receive a digitally signed message with PGP from me, or from someone who claims to be me, this page will guide you to check whether the signature is valid or not.
If you receive a digitally signed message with S/MIME from me, your e-mail client should be able to automatically authenticate the signature.
Sample Message:
The following is how a digitally signed message looks like. You can use it to test the signature verification systems described below.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello, i am Fabrizio La Rosa, trust whatever i say in this message
only if this signature is either valid and generated with my key.
Also make sure this message was originally intended for you
and it has not been re-used on a different context to fool you.
Consider my signatures valid only if applied on messages
containing explicit reference to their context to prevent
signature-reuse of short and generic messages.
This specific message is a sample that i made for my personal website
and, unless i change it, you should find the original content here
https://k129.eu/privacy
Every other use of this message should be considered invalid and suspicious.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEdOaX8I0ma3kGv5aRf0dNQQVsOxwFAmFutGgACgkQf0dNQQVs
OxwzyQ/+M6JwOah+yssybcFog3WKzJLr23GypGqz3tFBd+nMPV6t9q2u1Sq2/qUe
JtU48AK8oJsUkJLOm9BVoxQ5K2rZhAkzkL/z37iB9e/yeDfnmrYa76IFPngsSu8T
fw6FOKGecKkfEY5SZjb2yxnXVJUNMv46MncUIfrKIFRNdd8tSdzHlDY27rynPR2A
u9KT3DfrL5+aIikDPk0fGe+fycy/QV9mUu5UtpYK2sbTb/eyaR7Ee6MsJcZ0yOZc
upKnSSZTAWp7OMh5mWww91I8t9olIxx47BNtsWfPvKxwxpVBLu3OWSixXKPGI79+
EWSYEwC0eOa7rh5/a6R2RotTjJfi3hRtfdB2qIAs1Q/XyIsCDtzWFrlKdjCrqeMs
gGc9hNETB06QMmVguaRqpsFcN8c+yPlaG9VbneA/k5GE/ERMlaofwk7o4Sk4HeTY
Wc9/Y4D8OE4oiYXBDp+xDo1bashEqKg2Ca/qsLpMzgehhnbeS5LMDJufhzgMMxDO
Ll+Pq/QFOfHMsGPbztnDxgJh5LA/IL4CLlC3ZNbCnXD5fixcB6wQIBrW46m49WUK
kU5m+33P5GMYPFILFAWHgq6qlD5hqDVKdVyhfl/X08ernzQsxLaC0BNFZ9+zhT+o
M/7phxw2uFGDd9yEReubmWrc94QAczBXk0SoYvHD98bYN7F0Wu8=
=UCRE
-----END PGP SIGNATURE-----
Method 1: Keybase
Keybase is the easiest platform to make cryptography accessible to everyone. With keybase you can encrypt and decrypt messages using open protocols.
You can use the keybase website to check whether my digital signature is valid or not.
DOWNSIDES (for those who care): The website is hosted on Amazon AWS and the backend is not open source.
Open Keybase verification page
Method 2: GPG
GNU Privacy Guard is the most advanced secure communication and signature software available, and uses the PGP standard, which is what i personally trust the most.
DOWNSIDES: It is very hard to use if your are not a techie
STEPS
- Get my GPG public key from https://keybase.io/fabriziolr/pgp_keys.asc
- Install the official GPG client, or another PGP client
- Import my key
- Verify if the signature on my messages is valid
Page ispired by Lorenzo Faletra.