How Useful Is Pgp These Days?

[Guest Deleted_Account]

We all know of PGP as the e-mail signing and encryption tool that was created way back in the 90's (the concept anyways). PGP has never been widely adopted for various reasons however is it still useful? In this day and age would you use PGP (or GPG) for signing and encrypting e-mails? I use it right now to sign all emails as a precaution against forged emails but most of my clients don't have or know about PGP so unless it comes to court it isn't doing much. ( A little background: I started using PGP/GPG to sign e-mails after someone claimed to receive an email from me and use it in court; It was proven fake but now I don't take chances especially with starting my business and the recent facebook fiasco).

Any down side to using GPG/PGP? Is it useful still or considered dead?

Thanks,

x942

[Jason Cooper]

I don't use it regularly, only if I am having to email someone a password. Then again most of my emails are either not leaving the organisation or are going to mailing lists. If I was in a different sort of business then I would probably be using it as default and making sure that I get the public keys directly off (in person) those I would be emailing so as to build up a set of public keys that I actually can trust.

[Infiltrator]

I would still use it, even tough it may not have been adopted widely. I've used it before for signing/encrypting files and emails and have to say, if its been implemented correctly, than there is not much to be concerned about. Plus you and the person on the other end can always verify the integrity of the message to see if its been tempered or not.

[Sitwon]

While PGP was never widely adopted, it was never replaced either. It is still the best available tool for the job it fills, it's just that a majority of users either don't know about it or don't consider that particular job to be valuable enough for the effort required to use PGP.

I am planning a series of projects to lower the barriers to entry for public-key cryptography and building webs of trust. PGP was something of a black eye for the security community in the '90s and early '00s, but there's no reason in 2011 that we should still be sending unsigned/unencrypted messages. Many of the challenges to adoption that PGP faced have been solved. Back then, it was all potential and theories. Today, there are enough implementations and skilled people who understand it to turn PGP into recognizable consumer benefits without complicating their current usage patterns in any way.