How and Why to Use GPG in Slack

What is GPG? GPG stands for GNU Privacy Guard (gnupg.org).

GPG is a way to securely encrypt and decrypt text. For example, say you want to share a username, password, or any other sensitive information with a trusted person via Slack, GPG allows you to send that message securely. You never know if Slack could get hacked again.

To leverage this secure messaging both sender and recipient require a private key.

Setup:

To generate a private key, download GPG tools at gpgtools.org.

Once you’ve generated a new key pair upload your public key to a key server so that others can find it.

Encrypt the message:

Create a new text file and type your message

Go to Finder, locate file, right click, scroll down to services, and select OpenPGP: Encrypt File.

A prompt will show asking who the message is for. You need the public key of your recipient.

Because I have Jake’s public key I’m able to select him as a recipient – only his private key will open the message.

I send Jake the gpg file in Slack,

To read the message Jake needs to decrypt it.

Decrypt the message: type `gpg` in the terminal.

Paste the contents of the encrypted message

Should look something like this:

then hit enter.

You can also decrypt from the command line like Jake’s example by typing `gpg —decrypt —armor {name-of-file}

GPG has everything you need to protect your files and implementing it correctly can help you secure your communications with clients, coworkers and partners alike. This is not only helpful with private information, but even when dealing with regular day to day messaging.

Posted in ,

Sean McDonnell

Leave a Comment





FEATURED POST

Capital One and EC2 Hack – an Overview

By Nate Aiman-Smith | August 5, 2019 |

There’s been a ton of coverage of the recently discovered Capital One breach. I’m generally very skeptical when AWS security makes the news; so far, most “breaches” have been a result of the customer implementing AWS services in an insecure manner, usually by allowing unrestricted internet access and often overriding defaults to remove safeguards (I’m looking at you, NICE and Accenture and Dow Jones!).  Occasionally, a discovered “AWS vulnerability” impacts a large number of applications in AWS – and it also impacts any similarly-configured applications that are *not* in AWS (see, for example, this PR piece…um,…

Read More

Categories