Pretty Good Privacy (How to Use PGP)

Do you want to keep your emails private from the government? How about from hackers? Or maybe, you just don’t want a sibling to read them? Whatever the case, be it critical, important, or just for fun, encrypting some, or all, of your emails could be a good idea.

It may seem daunting at first; trying to turn your messages into scrambled code and it somehow ending up as something readable when the recipient decrypts it. It also is quite impressive; even the NSA cannot decrypt end-to-end encryption. But even given all this, it may just seem too complicated for you.

Meet Pretty Good Privacy, also know as PGP, the best encryption program since 1991. PGP allows you to encrypt and decrypt emails, documents, files, and even whole disks! It also allows you to attach a digital signature to your communications to prove each message is actually coming from you, and not somebody else. In essence, PGP allows you to communicate securely with somebody; the benefits are knowing that they are who they say and that nobody else can read your messages.

How does PGP even work?

The whole premise revolves around everybody having a key. Each key contains two components, a public key and a private key. The public key is the portion that you share with everybody and allows others to send you encrypted messages. The private key is the portion that you can’t let anybody else see! It allows you to decrypt content sent to you and allows you to sign messages that you send.

All that can be extremely confusing at first, so let’s look at a scenario.

A Scenario

Sally and Bob are secretly dating. But, Bob’s younger brother Zeke is a huge snoop and has learned how to sniff the wifi in their house! Zeke is able to intercept Bob’s messages and view them for himself if he wishes (which he obliviously does since he is a younger brother).

Now, Bob knows how invasive his brother can be so he must find a way to hide his and Sally’s love letters back and fourth. Bob decides that he and Sally must start encrypting their communications. Bob and Sally both create their own keys and share their public keys with each other, and verify that they are correct, in person (see note below).

Before they start sending their declarations of love back a fourth, Sally has a grave realization; what if Zeke uses Bob’s email to send her a message and pretends to be Bob by simply using her public key to encrypt her message! Oh no! To prevent this, Bob and Sally must also sign each message with their personal private keys before sending.

Zeke now attempts to figure out what his brother Bob and Sally are saying, but he is stumped. Since Bob uses Sally’s public key to encrypt his emails to her, and signs them with his private key, Zeke cannot read his emails nor can he pretend to be Bob.

Whenever Sally wants to send an email to Bob, she must first compose her message, then encrypt it with Bob’s public key and sign it with her private key. Then, when Bob receives the email, he has to use his private key to decrypt the message, and he uses Sally’s public key to verify her signature. Zeke is totally unable to find any of his brother’s love letters.

Note: To be confident that the public key for somebody is actually their own key, you need to be confident where you got it from. This can be as simple as giving it to them in person, or as complex as building an intricate Web of Trust so that you can trust a public key from somebody you do not know in person.

A Scenario: What We Learned

  • To send an encrypted email to somebody, you need their public key and nothing more.
  • To receive an encrypted email, you must use your private key to decrypt it.
  • To sign an email with your own signature, you must use your own private key.
  • To verify a signature on an email, you must use the senders public key.
  • To be confident in your public keys, you must have received them from a trusted source, either in person or by building a Web of Trust.

Using PGP: A Tutorial

Now that you understand the theory behind securing your communications, we can walk through how you actually do it in practice.

I’ll be doing this on a Windows machine, but you can follow along fairly easily using other software on other platforms, including the command line.

Here’s the plan:

  1. Get the software.
  2. Create a key.
  3. Sign a document.
  4. Verify a signed document.
  5. Send an encrypted email.
  6. Receive an encrypted email.

Step One: Get the Software

I use Gpg4winit’s a Windows distribution that contains everything you need. GPGTools is an OS X distribution that is quite common. Both contain the actual software and a fancy GUI to use it. GnuPG, what the previous two are based on, runs on nearly all systems (excluding 64 bit Windows), but does not feature a GUI. Pick whichever you like and get it installed.

Step Two: Create a Key

This part depends nearly entirely on the software you chose before.

If you’re using Gpg4win, you need to open Kleopatra. This program is where you interact with everything. Go to File > New Certificate or press Ctrl+N. Then, chose to create an OpenPGP key pair. Enter your information. Enter a password you’ll remember. Finally, click Create Key.

To export your public key on Windows, head into Kleopatra and select your key in the list. Then, just hit the Export Certificates button and chose a location to send the plain-text file.

If you’re using the command line, gpg --gen-key will send you in the right direction.

Step Three: Sign a Document

If you’re using Windows, this is a fairly simple process for a plain-text document. Simply copy your message you want to sign to your clipboard. Then, while in Kleopatra, click the Clipboard button on the far right and select OpenPGP-Sign. At this point, you must chose the identity/key to sign the message with and hit Next. After that the new, now signed, message will be copied to your clipboard. Head back to wherever you were writing your email and paste the signed message.

At this point, if you’re on another platform, you can view it’s documentation to figure out what to do. You should still be able to follow this tutorial loosely.

Step Four: Verify a Signed Document

To verify a signed document, you must have the senders public key imported to whatever software you use. To do this on Windows, you just click the big Import Certificate button within Kleopatra. If the person gave you their key as text and not a file, copy it to your clipboard, and click Import Certificate inside of Kleopatra’s Clipboard menu. Otherwise, if not on Windows, just create a new file with their key inside and save it as a .asc file and import that.

Here’s my public key to practice with. You can even try verifying this quote with it:

Now, to actually verify a signed message, copy the entire message (from BEGIN PGP SIGNED MESSAGE to END PGP SIGNATURE) to the clipboard and head on over to Kleopatra. Now, go to Clipboard and select Decrypt/Verify and it’ll let you know whether it’s valid or not. It’ll also copy the plain message to your clipboard.

Step Five

Sending an encrypted email isn’t super hard. Just compose your email, copy it to the clipboard, then click the Encrypt option under the Clipboard menu in Kleopatra. Chose your recipient, and click Next to encrypt it. Now return to your email app and paste the encrypted message over the old one and send it away.

You can email me an encrypted message at, but if you want your reply to also be encrypted, you’ll need to send me your public key along with the email.

Step Six

Finally, when you receive your first encrypted email, you’ll have to decrypt it to read it. This is actually fairly easy, since whoever sent it to you already has your public key.

Copy the entire message to your clipboard (from BEGIN PGP MESSAGE to END PGP MESSAGE) and then go over to Kleopatra. Click Decrypt on the Clipboard menu and you’ll have to enter your password. After it finishes, you’ll have the decrypted message copied to your clipboard.

Stay Secure

Now that you know how to keep your emails and other things private, you just have to remember two simple things to keep it that way. One, don’t ever, ever give out your private key. Two, make sure to build a Web of Trust so that you are confident in the public keys that you have acquired. That’s it! You can stay secure now.

How Do You Solve FizzBuzz?

Write a program that prints the numbers from 1 to 100. But for multiples of three print “Fizz” instead of the number and for the multiples of five print “Buzz”. For numbers which are multiples of both three and five print “FizzBuzz”.

This is one of the most well known interview questions for getting a development job. It’s meant to get rid of all those who lack skills in programming, and simple logic. You require programming skills to figure out a clean way to implement it, and logic skills to figure out how to implement it.

There have been many, many different ways to implement it in all different sorts of languages over time. Let’s look at some clever, and some not-so-clever, ways of doing it.

The Simple Solution

The totally understandable and language independent method with minor code duplication.
You can do it in C.

Or you can do it in Python.

Or really any other language out there. You can make it slightly worse by nesting the if statements.

The idea is simple and works. Easy to understand and has decent performance, but this is FizzBuzz, so performance probably isn’t a concern.

The Other Simple Solution

You can sacrifice a bit of performance and you will end up with a bit shorter version of the simple solution. This solution will look a bit different depending on the language it is written in, simply by the fact that string concatenation is done differently in different languages.

In Python:

In C:


And in Java:

This is one of the most common solutions I see, but it does use a the slightly higher overhead of concatenating strings.

The “No Math” Solution

This isn’t a problem that requires user input. The output is fixed. Why should we bother calculating anything?

Technically only three lines of code. That’s less than the simple solution! In this day and age, with the extra disk space everywhere, this could be a decent solution, but it lacks the simple logic that FizzBuzz is supposed to show.

The “What’s a Modulo?” Solution

Watch out, if somebody has never used the modulo operator, they’re probably not the most well-versed programmer. But it is a cool experiment.

You could always reset the fizz or buzz counters inside each if/elif statement, but readability would slightly go down.

The Lookup Table with Tuples Solution

This is very dependent on the language it is used in. But it’s one of my favorite ways to solve FizzBuzz. Here it is in Python.

This may not be the best for performance, or the simplest. But, it has an elegant look to it.

The Enterprise Solution

This one seems to come up a lot in discussions about FizzBuzz. It’s a satire of FizzBuzz and enterprise software. But, it does work.

Since this solution consists of 1704 lines of code at the moment, I don’t think I’ll put this on directly on the blog. You can find the its Github page here.

How Do You Solve FizzBuzz?

There are many more interesting solutions out there. Most of them are probably way over the top, or totally wrong. Finding a new way to solve it (or fail to solve it) is something I look forward too.

If you have a unique solution, or an improvement on the generic ones, share it!

Who Knew? Database Design!

I recently had to think about designing a database for the first time. Now, I have put up tables every-so-often with a few columes to store some things. And I did know how to throw together some Java or PHP so I could interact with those tables. But, now, for my first time ever, I had to design a database. The whole thing. The many tables and connections between them. I had to think about how everything interacts, and how I would modify the data and access it. And I loved this whole process.

What do you think a database is?

I never realized it before, but I had no idea what a database actually was. I don’t know about you, but I always though it was simply a few sets of tables with some columes and a few rows of data that go into it. Maybe scaled up to hold millions of rows of data, but the same idea. I used to think it was as simple as creating a new table with the columes set to what you needed.

After setting up that table (I don’t store passwords, don’t worry) I would just start pushing data into it. I didn’t really think of that as designing anything, or planning anything. Sure, I would think over what kind of data type each field is. And, of course, I would figure out what fields I needed. But I never really planned it out. That’s just what a database was to be.

So what is a database?

A database is a collection of data. A bunch of things that go with other things in certain ways. But that doesn’t help us when we get to the code of it. No. But I think that you need to spend a little more time thinking about your database design. It’s more than just a table of data spat out. It’s how it all relates. It’s how you think about it. And it’s what you plan on doing with it.

Instead of writing out some code, take some time and grab a piece of paper or a whiteboard, and write it all down. Then think about it. There is probably way better ways to do it than just starting with the code (as always).

Plus, if you want to put together a larger database with a bunch of different kinds of data, it may be time to actually design it. Grab that paper, or better yet, some software that’s meant for it. Next you need to think about it. Consider it. Put together all the kinds of things you’re storing and how they relate. Plan it out. Then, after you know exactly what you need and want, you can start writing your code.