If you're looking for a way to help email recipients know that emails are actually coming from you, adding a photo to your OpenPGP keys can help.
We've reached a tipping point within the digital landscape where security and identity are intrinsically tied to successfully keeping our data and privacy safe. There are so many ways in which we can lock down our information—some big and some small. Although many in IT might be inclined to overlook the small details, it is a mistake to do so as those details add up.
One such detail is the information found within the GPG key used to sign and encrypt your email. First off, if you're not signing and encrypting your email, you should be. Second, if you're not paying attention to the details of your GPG keys, you're missing out on important steps to ensuring people know you are who you say you are.
One GPG key detail is the photo. Keeping an updated photo in your GPG key might not seem like a logical step to increase your security, but it can go a long way to assure those on the receiving end of your keys. And yes—anyone could create a key, find a photo of you, and add it to a forged key. But using a specific photo, one that has never seen the light of the internet, can help you in this search for privacy nirvana.
I'm going to show you how to add a photo to your GPG key, via the Thunderbird extension, Enigmail. With this in place, those who receive your encrypted or signed emails can view your key and see your attached photo. To further improve this, you change the photo in your key, and make the receiver aware of which photo you are using at the time—that's bonus security with very little work involved.
Let's add a photo to a GPG key via Enigmail. I'll be working with Thunderbird 52.7.0 and Enigmail 2.0.1. The host platform doesn't matter.
Adding the photo
Before you do this, know that photos for GPG keys should be no larger than 25kB. Although you can add larger photos, this will result in very large keys, which you want to avoid.
In order to add your photo, open Thunderbird and click the menu button (three horizontal lines in the upper right corner). Click Enigmail | Key Management. From within the Key Management window ( Figure A), right-click the key you want to add the photo to and select Add Photo.
In the resulting window, navigate to the directory housing your photo. Select the photo to be added and click OK. To make sure your photo was added, expand the key listing and double-click User attribute (JPEG image). A new window will open ( Figure B) displaying your key information, including the newly added photo.
And there you have it, your GPG key now includes a photo. Make sure recipients know which photo to look for in your GPG keys, so they can always be certain you are who you say you are.
Every little bit helps
This may not be a security deal maker or breaker, but within the realm of privacy every bit helps. If email is your go-to means of communication and you use Thunderbird, I highly recommend adding a photo to your email security chain, by way of OpenPGP and Enigmail. It may not stop intruders, but it'll at least help those who receive your signed keys to know who they are dealing with.
- How to sign a file on Linux with GPG (TechRepublic)
- How to install and use GPG Suite to encrypt email with Apple Mail (TechRepublic)
- How to manage multiple GPG keys in Thunderbird (TechRepublic)
- How to easily encrypt/decrypt a file in Linux with gpg (TechRepublic)
- 3 tips to make using ssh easier (TechRepublic Video)
- Cryptographic crumpling: The encryption 'middle ground' for government surveillance (ZDNet)