WTF IS PGP?

Everybody knows you should not post personal details you’ll later end up regretting on Facebook. You definitely don’t want to put anything embarrassing on Facebook, since it’s usually used for showing people how perfect your life is. You probably shouldn’t put political opinions on the site, but people do. Those opinions might come back to haunt you in the future when the direction of the political winds change.

Now that we have self Sovereign money, it is even more important that we can be sure we are sending sats to the same person we expect. Last year, some teenager hacked Twitter, prompting several users to send bitcoin to a alleged celebrities, even Joe Biden. Those people got scammed because they trusted the blue checkmark. That blue checkmark is obviously vulnerable. Biden is the POTUS now and he still doesn’t have a Public PGP key. He has a flag with the caption: United States Government Official, but we can’t be sure he is the one writing his tweets. 

What is PGP?

PGP is a way of writing secure messages to people. The message can cryptograpically say, “for your eyes only.”  If you’ve been into bitcoin for a while, I’d bet you have seen public pgp keys on some prominent Bitcoiner’s websites. Many Bitcoin software developers use PGP to sign their software. In this blogpost, I’ll explain what PGP is and how made it. I will show you some ways to use it in an upcoming blogpost.

Alice receives the PGP message. She opens her PGP software and reads the message by entering her passphrase.  She now encrypts her reply to Bob and sends it over email. Rinse and repeat. Two people send messages over an unsecure channel, but only those two people can read the message. 

Why do I need PGP if I Have Nothing To Hide?

PGP is a to verify someone’s identity. It’s not full proof. Weak passwords, or a fake PGP PUBLIC KEY BLOCK attached to a compromised website could be disastrous. This risk is mitigated by publishing your public Fingerprint on several different mediums. If you have the same Fingerprint on Twitter, Keybase, your website, and a business card, it gets less and less likely that all of these are compromised.  This is why many software engineers use PGP when they release their products onto the wild-wild world wide web. Maybe you don’t need to sign you’re wife’s honey-do list, but say you might want to verify the next Cold Card update using PGP. 

This is not the only use case, however. What if you don’t want Google’s free Gmail service to know every single book, piece of furniture, and sex toy you ever bought over the past 20 years? Your information makes them a perfect marketing machine. This will likely cost you money. Maybe you’re savvy enough to save yourself from the marketing tactics of digital overlords, but just in case start using ProtonMail.* ProtonMail  uses PGP to encrypt emails. You can even extract your Public PGP from the software and if someone encrypted an email using PGP, the email service will automatically decrypt it for you. If someone sends me an email from one ProtonMail addreshs to another, that email is end to end encrypted.

What if you bought a ledger a few years ago? When the company got hacked, your email was released into the wild. I get phishing attempts almost everyday that look like they came from the actual company website. Of course, I block them all as spam or flag them for phishing, but a certain percentage of people are not savvy enough to realize that they should NEVER type their key into a computer–especially if an email is telling you to type your key into your browser. If the message was signed with an official PGP key, we could at least know that the message is from the actual company. If it is a reputable company with good key management, they would never send an email telling tier customers to type in a private key.

Who Invented PGP?

created by Phil Zimmermann. Phil Zimmermann was a nuclear arms activist in 80s and 90s and wanted a way to communicate without being subject to government surveillance. He originally released the software as shareware. Users would initially use it for free, distribute it to their friends and eventually pay for it. There was just one problem: The US government classified public key cryptography as munitions. From the government’s perspective, sharing this software was the same as handing out grenades like a doctor hands out lollipops. 

Consequently, Phil Zimmermann was charged with a crime. He went to trial. They say you can’t fight city hall, but Mr. Zimmermann fought the law and the law lost. To beat the most powerful government in the world, he used an old law written into the constitution. You have probably heard about it before, but here is the law, just in case:

“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”

He used the first amendment in a very clever way. You might think communicating with PGP is like whispering or writing in a language that only two people understand. Speaking in a rare language is protected by the first amendment, right? Zimmermann did not use this line of logic in his defense. Instead, he decided to publish the code in its entirety. PGP Source Code and Internals was published by a well respected academic institution, MIT Press. 

He argued that code is speech. He wrote code in a hardcover book. If the United States government wanted to make PGP illegal, then they only had one option: Ban a book published by MIT Press. That might have worked in the Soviet Union, but you don’t need to be a Rhodes Scollar to discern the US government could not win that case. Banning books is obviously “a bridging the freedom of speech.” It leaves no wiggle room for interpretation. 

The actual words were written on Parchment, penned by James Madison who became the 4th president of the United States. If Zimmermann was imprisoned after publishing that book, not only would Madison roll over in his grave– He would sign a PGP message stating that the law was unconstitutional. Madison kept a correspondence with Jefferson using symmetric cryptography. Jefferson even invented a encryption machine called the Jefferson wheel. In fact, most of the founding fathers used cryptography to secure important communication.

Reproduction of Jefferson’s Wheel Cipher created by Ronald Kirby

The government dropped the case against Zimmermann.

*Protonmail does not pay me to promote their email service. If you click on that link, I will not get a commision, but I don’t care. Even though they don’t pay me, I’m promiting it anyway since I think it’s a great project. You should use the premium version if you can.

Leave a Reply

Shopping cart

0

No products in the cart.