Too many people are dangerously unaware that their email messages are sent across the world "in the clear" with no more protection than an open post card in the traditional paper-based mail. For messages such as "Having a great time on vacation, wish you were here," probably no harm is done. But this same exposure exists also for more serious messages such as those containing contract negotiations, proprietary information, or your own copyrighted material that you send out for review. Another description as to why it is necessary to use encryption for email is here: "http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-general-questions.html#pgp-why" The Carnegie Mellon CERT Coordination Center on their web site at "http://www.cert.org/contact_cert/encryptmail.html" says: "We strongly urge you to encrypt sensitive information." You may rightly conclude that you are in good company using email encryption. For your convenience, the GNU Privacy Guard (GnuPG) key in the file "marwalk@marwalk.com-public-key.txt" is the key to use in sending secure encrypted messages to me, Mark Caldwell Walker, at marwalk@marwalk.com. Another way to say this is that "marwalk@marwalk.com-public-key.txt" is my public key. You can use this key to encrypt your messages to me. Once you encrypt a message with my public key, I and only I am able to decrypt it; all others, including you, have an utterly minuscule chance of decrypting it even though it was you who encrypted it in the first place (you still will have your original message on your own computer though). If you have and know how to use either Pretty Good Privacy (PGP) or GnuPG, feel free to import this key into your public keyring. The "fingerprint" of the key is in the file "key-fingerprint.txt" for you to use in verification that the key you import is in fact my public key. If you already know me personally, feel free to contact me to see about a mutual "key signing party." For anyone who has never used public key encryption, there is a wealth of help and information on the Internet. I will not attempt to make this short note into a GnuPG tutorial, but I would be surprised if you did not find the requisite RTFM activity for GnuPG a pleasant experience. The installation includes excellent "readme" and "man" files that are invaluable. Enough of words, here's how to get going: Get the install files from one of the links here: "http://ftp.gnupg.org/GnuPG/" or "http://www.gnupg.org/download/mirrors.html" Go to the mirror nearest you, and get the latest version available (which might be at the bottom of the page). For W32 binaries, it will have a file name something like: "gnupg-w32cli-1.4.2.exe" (or later version). The commands in the W32 installation are basically the same as the Unix flavor versions. Get GnuPG for Mac OS X at "http://macgpg.sourceforge.net/" Quickly satisfy your curiosity with the FAQ page at: "http://www.gnupg.org/documentation/faqs.html" Once you have generated your public key, you might wish to place it on a public key server. A well known server is at MIT: "http://pgp.mit.edu/" If you at first have difficulty integrating GnuPG into your current email client, try just encrypting message files that you have written off line (be sure to "ASCII armor" them; RTFM to see how) and sending your encrypted files as attachments to your messages. Most recipients should know what to do with them. Changing to a GnuPG-friendly email client might help; Mozilla Thunderbird is an excellent choice among several, and installations are available for OS X, Linux, as well as W32. Thunderbird needs a plug-in, but it functions very well. Get the "Enigmail" plug-in for Thunderbird at "http://enigmail.mozdev.org/download.html" and install it by using the "Tools --> Extensions --> Install" menu choices in Thunderbird. With minimal tweaking, your GnuPG encryption capability will be seamlessly integrated into your Thunderbird email client. There is a difference between PGP and the X.509 Certificates that you might use in a large government or corporate organization. So far there is little if any compatibility between these systems. A good description of the difference between PGP and X.509 is in an MS Word document at: "http://csrc.nist.gov/ecforum/comments/Cybercash-comments.doc" This still does not prevent you from enabling both systems on your email client and using the appropriate one for each respective recipient you email. If you'd like to "geek-out" on things "encryption," two places to start are: "http://www.pki-page.org/" "http://www.pgp.net/pgpnet/pgp-faq/pgp-faq.html" Regardless of its warts, public key encryption certainly beats whispering your intimate secrets with a hidden open microphone nearby. Happy secure messaging, Mark