Encryption
If you need to send me a confidential message, there are several ways you can safely do that.
Need to verify my digital signature? click here or go to the bottom of this page instead.
Keybase
Keybase is the easiest platform to make cryptography accessible to everyone. With keybase you can encrypt and decrypt messages using open protocols.
You can use the keybase website to encrypt a message with my key and send me the encrypted message however you want, even by email, text message or by publicly publishing it on your facebook wall, and only i will be able to decrypt and read its content.
DOWNSIDES (for those who care): The website is hosted on Amazon AWS and the backend is not open source.
Steps
- Open My Keybase encryption page
- Write your message
- Encrypt it
- Send me the encrypted message via email, text message, or any other communication protocol I use.
GPG
GNU Privacy Guard is the most advanced secure communication and signature software available, and uses the PGP standard, which is what i personally trust the most.
DOWNSIDES: It is very hard to use if your are not a techie
Steps
- Get my GPG public key from https://keybase.io/yonasuriv/pgp_keys.asc
- Install the official GPG client, or another PGP client
- Import my key
- Encrypt your message using my key as target
Protonmail
ProtonMail is an end-to-end encrypted email service founded in 2013 in Geneva, Switzerland. ProtonMail uses client-side encryption to protect email content and user data before they are sent to ProtonMail servers, unlike other common email providers such as Gmail and Outlook.com.
If you want to speak with me privately, I can send you an encrypted message even if you don’t have an account on these providers. In this case you will receive a link that you can use to decrypt my messages and reply securely. A common password needs to be agreed on using another communication channel.
My account is:
DOWNSIDES: it works only with protonmail->protonmail communication. The email protocol security is broken at its core, and inter-provider email exchange is NOT safe unless both parties use custom end-to-end encryption on top of it, with not-so-practical techniques as shown above
Steps
If you have received an encrypted email from my Protonmail account, please follow the step below
- Follow the link in your email
- Use the password we have agreed on, or call me to get one.
- Read my message and its encrypted information (including attachments).
- Answer to my message (if you need to) by using the secure web interface.
Other methods
Signal
I use Signal for quick and secure confidential messages, audio and video calls.
Signal is an amazing alternative to Telegram and WhatsApp. It does encryption right and it is one of the best communication applications developed so far.
DOWNSIDES: You can only text me on Signal if you have my phone number.
Telegram Secret Chats
I use telegram a lot since it hosts many public communities that slowly replaced their IRC counterparts.
Telegram is fine for public conversation, but it is one of the worst pieces of software for private and confidential communication.
Anyways it supports Secret Chats with end-to-end encryption
DOWNSIDES: secret chats are optional, and the whole telegram experience is designed to push people into using the default unencrypted alternative. Moreover Telegram decided to adopt their very own cryptographic algorhythm, which is not considered a best-practice in the crypto world, and its strength is not the best one.
Verify my Digital Signature
The following is how a digitally signed message looks like.
You can use it to test the signature verification systems described below.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello, I am Jonathan Di Rico and you can trust whatever
I say in this message, only if this signature is either
Valid and generated with my key.
Also make sure this message was originally intended for you
and it has not been re-used on a different context to fool you.
Consider my signatures valid only if applied on messages
Containing explicit reference to their context to prevent
Signature-reuse of short and generic messages.
This specific message is a sample that I made for my personal website
and, unless I change it, you should find the original content here
https://yonasuriv.gitbhub.com/encrypt
Every other use of this message should be considered
Invalid and Suspicious.
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.1.13
Comment: https://keybase.io/crypto
wsBcBAABCgAGBQJiW2/kAAoJECN8w3FA017xWU8H/0ECKB/qDG8enwx1JrIaxvxR
v+tjxA07fi6Ld7KsXE7e4/FOk+XihGDLOK5uEIQEcUXM7iujQoU0KPrsREPHAg9x
42EENMuFNcfmEL1jBPu5nYtUSMgf5GltGVpRJHk6v+lMow1PlxTswZVNt4iSIuxe
VQ2uT5+++CBEcmJci+j322+HUXTnnGQBJKmVDmGOWzbLLD8QET+aVxOEUPhWZw9o
TdakWquXYFzoqH5HT9RrKC/IvF1rQa3gPdVuexTQI7zTBglLHhBkAxYGGnOTm42M
mL6NrpsWJm5E+c+Ik+EMSRI6xv4o77VBbXh5biM2X3289kUxp291eaWq0YpDLEc=
=1lBa
-----END PGP SIGNATURE-----