Using encrypted e-mail to communicate with the Federal Commissioner for Data Protection and Freedom of Information
Information transmitted via the Internet is insecure. If no special precautions are taken to protect confidentiality or integrity, unauthorized persons can read or alter messages sent through the Internet. This is why I support the software programs Pretty Good Privacy (PGP) and GnuPG for sending confidential messages. You can download the public PGP key of the Federal Commissioner for Data Protection and Freedom of Information here. If you do not have access to PGP, I also support encryption using self-extracting encrypted files.
Electronic Mail (e-mail) - Encryption and signature
To exchange confidential messages (encryption and signature), I support the software programs Pretty Good Privacy (PGP) and GnuPG (http://www.gnupg.org).
For your own security, you should make sure that no one else has access to your secret key.
For non-commercial use, PGP is available free and without a licence. It can be downloaded, for example from the PGP server ftp://ftp.de.pgpi.com/pub/pgp or from PGP Corporation http://www.pgpi.org/. Here you can also find directions for installing and using the program. It is important to know how to use PGP properly, so please read the documentation. In order to ensure the proper level of confidentiality, you should use an international version of the program which supports keys of sufficient length. I recommend using PGP keys with a minimum 1,024 bit length.
GnuPG is open source software and is free to copy, use, modify and distribute under the terms of the GNU General Public Licence. The program can be downloaded for various operating systems. There you can also find further information, such as information about graphic frontends for GnuPG.
The public PGP key of the Federal Commissioner for Data Protection and Freedom of Information is available for download below.
In order to send me an encrypted e-mail (firstname.lastname@example.org), please follow these directions:
Install PGP on your computer.
Download my public key onto your computer and save it to your public keyring (pubring.pkr). Please check to make sure that the key ID and fingerprint match the information on this page.
Save the information to be sent in a file (e.g. attachment.txt) and encrypt it using the public key of the Federal Commissioner for Data Protection and Freedom of Information.
Save the information to be sent on the clipboard and encrypt the contents of the clipboard using my public key.
Add the encrypted file as an attachment to an e-mail message and send it to the Federal Commissioner for Data Protection and Freedom of Information (email@example.com).
If you have used the clipboard, paste the encrypted contents of the clipboard into an e-mail message and send it to the Federal Commissioner for Data Protection and Freedom of Information (firstname.lastname@example.org).
You can download the public PGP -Key of the Federal Commissioner for Data Protection and Freedom of Information (DH/DSS 2048/1024) here.
Key ID: 6EFBC19D2BA65E04 (created on 24.02.2003)
Fingerprint: 410C A433 8442 0E1A C422 C59F 6EFB C19D 2BA6 5E04
Encryption using self-extracting encrypted files
For those who do not have access to PGP, I also support encryption using self-extracting encrypted files. Along with the actual file in encrypted form, these contain a program sequence to decipher the file after the password has been entered. As a result, the recipient does not have to use the same encryption program as the sender but only needs the password. The process operates on the same principle as self-extracting archives of common compression programs. The password needed for deciphering must be transmitted via a different channel, e.g. by telephone.
Various programs offer the option of generating self-extracting encrypted files:
- Pretty Good Privacy (PGP)
Starting with Version 6.5.1, PGP supports both asymmetric encryption and the creation of self-extracting encrypted files.
- PrivateCrypto software from the utimaco company
The program is available at http://www.PrivateCrypto.de and is free of charge for non-commercial use. PrivateCrypto uses the Advanced Encryption Standard (AES) algorithm (Rijndael) with a 128 bit key length.