Encryption and keys


My personal keys

I send my keys to: http://keyserver.pgp.com/, so you can get them there (search for Matthew A. Todd, matcatprg@yahoo.com).

Signing

Using GPG and my keys, I can sign the packages I release. Similar to hashing, it signing computes a hash based on the file. The difference is that it uses the key as well to compute the hash. So while anyone can compute a hash on my file (or one that is supposed to be mine) and pretend that I did it, only I can sign a file because only I have my private key. Naturally for anyone to check my signature they have to download my public key.





Information on

Keyserver

The keyserver I use is: http://keyserver.pgp.com/ and I recommend it to anyone who is looking for a keyserver or a particular person's key. This particular server is different b/c it goes to the effort to verify that the keys belong to whom they are ascribed (at least the emails to which they are prescribed).

Keys

One thing w/ keys, is that your communication is only as secure as your sure you have the right key. If someone manages to give you the wrong key, they can intercept all your communications. So call or meet the person w/ whom you want to communicate and make sure #1 that its them and #2 that the key you have matches their key (fingerprint, email, name).



Valid HTML 4.01 Transitional Valid CSS!