Penn Information Security: Secure Messaging & Data Encryption with PGP


	Tuesday, June 18, 2013

	New Resources
	Combating Malware
	SafeDNS
	Phishing Archive
	Cloud Computing and Data Outsourcing
	Best Practices for Applications with Confidential University Data

	Security "Greatest Hits"
	Managing Passwords
	E-mail Harassment & Forgery
	Hoaxes, frauds & scams
	Spam
	Phishing
	Wireless Networking
	Encryption & digital signatures

	Best Practices
	Secure desktop computing
	Secure servers
	Secure data deletion
	Securing printers
	Tips for safe computing
	Computing policies

	More in-depth information for
	Local support providers
	System administrators

	Security initiatives
	Critical host compliance
	Authentication & authorization
	Penn Security & Privacy Assessment (SPIA)
	Security Liaisons (Restricted Access)
	Secure Share
	Secure Space
	Vulnerability Scanner

	Related links
	Electronic privacy
	PennKey
	Viruses
	Worms, trojans, backdoors

Secure Electronic Messaging & File Encryption: PGP

The Problem

For starters, e-mail is easy to forge. There was a time when it took some smarts, but now, just about anyone can forge electronic messages. E-mail offers little or no privacy, making it a bad medium for confidential communications. How many times have you slipped and replied to an entire mailing list?

Is secure e-mail possible?

PGP ("Pretty Good Privacy") and GPG ("GNU Privacy Guard") are both implementations of OpenPGP (as defined by RFC4880), which you can use to encrypt your e-mail as well as digitally "sign" it so you don't have to worry about forgery.

Further information is available here for Local Support Providers (LSPs) who wish to consider using PGP.

Sharing Files with Sensitive Data

Secure Share is a service that can be useful to transfer files securely between individuals when other mechanisms (e.g. secure, shared file servers) aren't available.

Last updated: Thursday, April 9, 2009



Information Systems and Computing University of Pennsylvania Comments & Questions