Home | deutsch  | Legals | Data Protection | Sitemap | KIT

KIT Campus Süd
Kollegiengebäude am Kronenplatz (Bld. 05.20)
Kaiserstr. 89
76133 Karlsruhe


Newsletter subscription
YouTube subscription

Monday, 24 Aug 2020
ARES 2020
Tuesday, 06 Oct 2020
Fifth International Joint Conference on Electronic Voting
Friday, 23 Oct 2020
AIK Symposium Cybersicherheit

Further Events ...
Externe Veranstaltungen
Tuesday, 17 Mar 2020
Saturday, 25 Apr 2020
CHI 2020
Tuesday, 26 May 2020

Further Events ...


Karlsruher IT-Sicherheitsinitiative

PGP - empowered by Facebook

PGP (Pretty good privacy) is a well known approach and Enigmail and widely used add-on to keep data and e-mail confidential or proof their integrity - to encrypt and sign.

A major problem of PGP forms the key management: To send an encrypted message to a colleague it is necessary to have obtained her so-called public key.  This public key can be published online, but despite the fact that it can be a hard to find them, the user cannot be confident if the public key really belongs to the supposed owner.

Facebook offers since June 2015 the option to list OpenPGP keys on a users profile which we use to enhanced the Enigmail add-on for Thunderbird  to automatically import public keys from Facebook friends with a few clicks and less knowledge for the mechanisms. That way, we address the problem of verified ownership in PGP.

Operational details

First, when generating a key the user gets instructions to share her public-key in her Facebook profile. Second, she can download the public keys of her friends. Therefore, she has to enter her Login-Data so that the add-on can search through her friends profile's. This data is just used to locally login with Facebook and are transferred encrypted. After a waiting time (dependet on the number of friends) the keys get imported.


Code is on SECUSO GitHub.