So with the snowden stuff and other nsa-in-your-shower stuff going around lately I've been engaged in numerous related conversations about protecting one's privacy.
I was asked how I have private communications. I described how I have a public key for my email and mail auto signs my messages, and anyone can reply to me and click the lock and their reply is encrypted. And if they also had a key, I would get their public key and my replies to them would also be secure. I went into just how easy this is to use in Mac Mail and how it's automatic and transparent. This was important to do because even if you use ssl with your email provider, the nsa etc can simply demand your mail and gag them. (assuming they didn't just plain snatch the packets as they were traveling to your isp)
So I was describing how to get a key. Comodo offers them for free, you just... um..... wait a minute. OK ignore everything I just told you. Why?
Because the nsa just has to demand comodo give up all the private keys they've signed and gag them, and now they can read anything I try to encrypt.
so now I feel kinda dumb.... how do I go about rolling up my own keypair for email use? I realize the key being not signed by a "trusted" (can we all just roll around on the floor and laugh at that now?) authority will pop a message saying this is unsigned do you want to accept it?, but that's obviously the only "actually secure" method I see. Or is there something else?
(at least I roll up my own ssh keypairs, good luck with that...)
