What is GPG?

GPG is short for Gnu Privacy Guard. GnuPG is an open replacement for PGP (Pretty Good Privacy). It is an asymmetrical encryption system based on a trust model. Each person has a key pair (private and public key). The public key is just that -- public. This key is given to the world. The private key on the other hand should be guarded safely and stored encrypted with a pass phrase -- don't worry GPG does this for you.

Due to some facinating properties of prime numbers and number theory details that are out of the scope of this documentation, we get asymmetric cryptography. In short, things can be encrypted with a person's public key and then can only be decrypted with the corresponding private key. Also, things can be signed with a private key and verified with the corresponding public key. In Fire, these things are instant messages!

In order to use GPG support in Fire, you must have a copy of GPG installed and working. There is a Mac OS X install package for GPG that can be found on sourceforge.

Once this is installed, you will need to create your own key. In a Terminal type: gpg --gen-key. Use a DSA and El gamal key and follow the defaults. At this point, you should really read the GPG documentation about the options you are choosing. Understanging key expiry and why your private key should be private is vital to your use of GPG in any application.

In order to import other people's keys, change their trust levels and sign friends' keys, you need to read the GPG manual. You should post your public key to www.keyserver.net simply because everyone else does. You can find anyone's PGP key there who has one (including mine).

Once GPG is working on your system, start (or restart) Fire and the keys in your GPG keyring will be available to assign to buddies in the Buddy Editor and you will be able to assign one of the keys to yourself in the Preferences "Profile" Panel.

To sign or encrypt messages to buddies, simply add these options to your chat window toolbar and click on them before sending your message. A lock will appear next to messages that were sent encrypted and a seal will be next messages that were sent signed. If the signature on a message is invalid, or it has been signed with a key different than the one you associated with that buddy, the seal will appear broken.