Jeffrey Hutzelman - PGP Information


What is PGP?

From the former MIT distribution site for PGP:
PGP or Pretty Good (TM) Privacy is a high-security cryptographic software application that allows people to exchange messages with both privacy and authentication.

Privacy means that only those intended to receive a message can read it. By providing the ability to encrypt messages, PGP provides protection against anyone eavesdropping on the network. Even if a packet is intercepted, it will be unreadable to the snooper.

Authentication ensures that a message appearing to be from a particular person can have originated from that person only, and that the message has not been altered. In addition to its support for messages, PGP also enables you to encrypt files stored on your computer.


How to get my PGP Key

My PGP keys is available from the PGP public key servers. These can be accessed via WWW gateways like the one on pgpkeys.mit.edu, or via email to <pgp-public-keys@keys.pgp.net>. There's also the link at the start of this paragraph, of course.

I will happily verify my PGP key fingerprint for anyone who asks. Ideally, you should come down to my office (WeH 3210) and ask me to produce credentials, in which case I'll give you a piece of paper with the correct fingerprint written on it. I'll also verify it over the phone, but I reccommend against using that method unless you think you can recognize my voice, or don't intend to trust the verification much (for example, don't sign a key you verified that way).


Web of Trust

Much of PGP's usefulness stems from the so-called "Web of Trust", in which connections are made by PGP signatures asserting that a key belongs to a particular individual. This allows you to send encrypted messages to people you have never met, if you are willing to trust claims made by third parties regarding what keys belong to whom.

Find trust paths to me:
key id :
Find trust paths from me:
key id :


PGP Key-Signing

I will sign anyone's PGP key on request. To get your key signed, all you need to do is stop by my office (WeH 3210) with the items listed below. It's probably a good idea to call first, to make sure I'm around. I'll verify your key fingerprint on the spot, email you a signed copy of your PGP key, and forward it on to the key servers.

When you stop by, please bring two forms of identification (at least one must have a photograph) and a copy of your PGP key fingerprint. Be prepared to tell me where to get a copy of your PGP public key, or else bring a copy on an MS-DOS format 3.5" floppy, an ISO-9660 CD-ROM, or a USB memory key. People who I know well enough are exempt from the ID requirement.


Key-Signing Events

Each year I host a number of key-signing events, in which groups of people gather to exchange key fingerprints information, hopefully leading to everyone getting some new signatures. PGP key-signing events have been a regular fixture at IETF meetings for many years; they are normally held on Wednesday evening after the plenary. I also occasionally host events on Carnegie Mellon's campus in Pittsburgh, PA.


Jeffrey Hutzelman <jhutz+@cmu.edu>
Last updated: 03-Feb-2006