Hacker News new | past | comments | ask | show | jobs | submit login

People who use PGP keys, can you give examples of your use? I'm genuinely curious. Who are you contacting, or who is contacting you? The author says he only receives 2 encrypted emails a year. Not only do I not have a PGP key, I don't think I've ever found myself in a situation where it was even an option to use one.



1) I occasionally use it to send secrets (password, certificates, private keys) to people when I can't meet them in person.

2) I share a file-based password manager with other people, that is basically just a collection of PGP-encrypted files with multiple recipients (managed using "pass").

3) I sign git tags, so that people know I have made the release.

4) I rely on the fact that all Ubuntu packages are signed and I will not accidentally install a package from an unknown source.

5) I have encrypted backups.


I've only ever used my PGP key for two purposes:

- to sign tags in Git for open source projects that I maintain

- to sign custom packages I build (and host) for Arch Linux


Haven't used it for communication but I've been using it as a means to store encrypted backups with a cloud provider.

If you're interested, check out duplicity at http://duplicity.nongnu.org/.


- All internal company emails. - Mailing Lists

Side note: using pgp with MacOs Mail is super easy https://gpgtools.org/ (the project is currently working on Sierra support)


Super easy until you upgrade your operating system and suddenly you can't use your mail client for months while the understaffed open source project is trying to reverse engineer whatever Apple changed...


Yeah... definitely not the best experience. But it's free software so I'm not going to complain.

I have been using enigma on thunderbird in the meantime, which makes me appreciate how well the native mail app functions.

Can't wait for that fix.


Sure, if anything I'd complain about Apple's mail client being closed source and incapable of PGP.


Mostly exchanging cat pictures with a good friend, keeping subject empty as it remains unencrypted. Once Enigmail is set up, it's basically harder to not encrypt.


a) signing scala libraries I release b) ordinary emails to a few of my friends c) facebook notification emails

I don't think I've ever used PGP when emailing a stranger, but I very rarely email strangers in the first place.


I was only thinking about keeping communication private. I didn't think about uses like signing libraries. Great example, thanks.


  - I use it as my ssh key
  - I use it to sign my git commits and tags
  - I use it to share credentials with people (e.g. "hey bob, what's the password to the shared XXX account" => pastes to me in IM encrypted to me)
  - I use it to encrypt passwords in my password manager


    1) Company communication
    2) Signing critical commits, tags
    3) Encrypted-mail-to-self
    4) Encrypting critical files
    5) Communicating about security vulnerabilities
I don't use it for backups (I use Borg), or for SSH (25519 keys).


I've used them at work, internally, to send production credentials to and from coworkers. It would obviously be bad if our email or chat service was compromised, but at least it wouldn't be a direct path to our prod servers.


1. Reporting vulnerabilities

2. Signing git commits/tags


Signing .deb packages. Debian and its derivatives are core users of gpg as it's basically a requirement to sign installation packages - if the user doesn't have the key in their trust store, they get a big fat warning when they try to install said package.


Debian package managers comprise a surprisingly large proportion of the strongly-connected set.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: