Still sending naked email? Get your protection here

Epilogue

With your new-found ability to send and receive encrypted email, you'll want to get in the habit of practicing sound crypto hygiene that goes beyond the scope of this article. The Gpg4Win folks offer their own how-to here, and the GNU Privacy Handbook also provides useful information. The Enigmail creators also have helpful information here.

But we'd be remiss if we didn't offer this one non-negotiable rule: Trust only public keys that you have verified in advance with the sender. One common verification practice is to speak with the other person by phone or in person and compare the key's fingerprint, which the GPA keyring editor displays when a key is highlighted. Once you're satisfied the key is legit, you should sign it. To do that, right click on it in the GPA keyring editor, choose Set Owner Trust, choose the Full radio button and click OK.

In a world of repressive governments and a growing reliance on insecure networks, there's no way anyone can be sure their most sensitive messages aren't intercepted by the forces of darkness. But you can make it mathematically improbable that all but the most well-funded snoops could ever make heads or tales of your communications. Of course, only you can make that happen. The ball is in your court. ®