A: My 'attachment' is nothing of the sort, it's a GnuPG/PGP digital signature that is MIME encoded. OE is broken, Microsoft refuse to fix it and a lot of signatures show up as fictitious attachments. The attachment details vary each time because OE has to create the false data out of thin air. (Actually, if there's any air in OE you have more problems than just running Windows!!!)
The data is actually a PGP signature. It verifies that the keyholder is the true sender of the emails and that no-one is pretending to be him!
I use GnuPG signatures for all email. If you get an email from me that is not signed then it is NOT from me! Someone else using this machine still cannot make a valid signature because I protect my GnuPG secrets with customary paranoia. Note that some of my websites do send plain or encrypted email and although these may refer to me or use a similar From: address, these will not be signed. Signing is a human act and should not be hacked to be automated.
Top.
Top.
A: EudoraGPG - a plugin for Eudora to work with PGP/GnuPG.
Top.
A: You don't need your own keys or to use encryption yourself in order to validate my signatures. You only need to import my public key (using a keyserver or direct from this page) and install EudoraGPG. All future messages from me will then be validated against my own key.
Consider joining the gpg-users mailing list for help with the main Windows Privacy Tools (WinPT) project which Eudora uses, if you want to use public key cryptography yourself. Also read the documentation on DCLUG: GnuPG FAQ and www.gnupg.org for tips on how the system works.
http://lists.gnupg.org/mailman/listinfo/gnupg-users.
Other Windows GnuPG front-end programs are here: http://www.gnupg.org/(en)/related_software/frontends.html#win.
Top.
A: It depends on what you want - I use personal encryption to protect various pieces of data and I use cryptography for digital signatures to show that I'm willing to be accountable for what I say. I also use cryptography to verify that development software really was uploaded by the person who claims to be the developer! It's fine to trust your distribution but when I am downloading and installing software from outside the distribution I like the security of knowing that the author is who I think he is!
Top.
Detailed information, with examples.
Top.
$ gpg --fingerprint 28bcb3e3 pub 1024D/28BCB3E3 2002-01-27 Neil Williams (CodeHelp) Key fingerprint = 4CD4 6644 C105 48ED CA28 EC36 8801 094A 28BC B3E3 uid N Williams (CodeHelp) uid Neil Williams (Linux User Group) uid Neil Williams (general) uid Neil Williams (Devon and Cornwall LUG) sub 1024g/AD3CB326 2002-01-27
$ gpg --fingerprint a897fd02 pub 1024D/A897FD02 2002-01-27 Neil Williams (laptop) Key fingerprint = 744C 978D 7AB8 F27B 3BA6 C101 93B0 D5AF A897 FD02 sub 1024g/4D6D2952 2002-01-27
Both keys as a text file.
Top.
A view of the web of trust containing my keys.
Hosted on the williamsleesmill server.
The copyright licensing notice below applies to this text.
Copyright © 2004-2005 Neil Williams.
Permission is granted to copy, distribute, and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of this license is included in the file copying.txt.
