PGP encrytped link on website
We want to create an email link on our website so that those using PGP encryption can contact us securely. Is this possible?
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Luke Le on 07 Dec, 2011 03:24 PM
Hi there again :)
How exactly do you want that to work?
As you can see on our website under http://www.gpgtools.org/about.html
we have a contact form.
Once you enable the "private message" checkbox the message is encrypted using JavaScript to our GPGTools key.
It's a proof of concept but it works pretty well already for trivial scenarios.
Support Staff 2 Posted by Luke Le on 07 Dec, 2011 03:27 PM
A different option would be to post a link to your public GPG key on your website, so those who want to contact you can import it and send you an encrypted email from their mail client
3 Posted by craig.mckune on 07 Dec, 2011 03:46 PM
Hi again.
Whatever the most simple option is would be best.
As is we have a tip-off button on our website (www.amabhungane.co.za) which simply opens a new email where people can type in their note and send.
We want a second, encrypted option for those with more sensitive information, that works in much the same way. It would probably need an explanation link alongside it for those that don't use PGP keys.
I see on your website at the bottom I can click a link to import your key. I did that, and then I tried to email to the key address, however the encrypt button is greyed out. So I'm not sure how this works.
I'm struggling to visualise the best way to do this
C
4 Posted by craig.mckune on 07 Dec, 2011 03:53 PM
To be a little clearer, our sources often don't want it to be known - to anybody who might be snooping through our data - what they are telling us, or that they are contacting us at all. So the tip-off info is not seen publicly as is, it just goes straight to our mailboxes. But those can be compromised.
Support Staff 5 Posted by Luke Le on 07 Dec, 2011 03:58 PM
There's a downside to the email option, that is, the user has to have installed any sort of GPG plugin and you need a tutorial to document the procedure.
It might not be too hard, considering the people sending in information have some IT skills.
The web form simplifies the whole process in the form that the user don't need to have any knowledge about how to send you the information but simply fill out a web form and attach some documents, which are sent to you in an encrypted form.
Of course that requires a lot more work and development knowledge on your site or someone who's willing to implement it.
That it didn't work for you with the email option might be a bug in our GPGMail 2.0 alpha version or be simply due to the fact, that you didn't restart Mail.app before trying to send an encrypted message, which is necessary at the moment, after you've imported a public key.
In future versions new public keys will be available to GPGMail without restarting.
Support Staff 6 Posted by Luke Le on 07 Dec, 2011 04:14 PM
We've received the encrypted and signed email as expected.
7 Posted by craig.mckune on 07 Dec, 2011 04:29 PM
Right. Bug understood and sidestepped. It takes a while to mobilise the developers. So I can simply create an email address and a key for our team (the ones using PGP), post that link. Whistleblowers that use PGP will be fine. We can link to a tutorial for those that don't but are determined. It should do for now.
Support Staff 8 Posted by Luke Le on 07 Dec, 2011 04:32 PM
Exactly, that's the easiest, most reliable and fastest way to go about it.
Should also work best with bigger attachments.
Alex closed this discussion on 16 Dec, 2011 12:53 PM.