I’m happy to announce that First Look Code is releasing a new open source tool for Mac and Linux called GPG Sync that aims to make using encrypted email within an organization less obnoxious for everyone. We’ve been using it internally at First Look for about a month now. From the project page on GitHub:
If you’re part of an organization that uses GPG internally you might notice that it doesn’t scale well. New people join and create new keys and existing people revoke their old keys and transition to new ones. It quickly becomes unwieldy to ensure that everyone has a copy of everyone else’s current key, and that old revoked keys get refreshed to prevent users from accidentally using them.
GPG Sync solves this problem by offloading the complexity of GPG to a single trusted person in your organization (referred to here as the “techie”). As a member of an organization, you install GPG Sync on your computer, configure it with a few settings that the techie gives you, and then you forget about it. GPG Sync takes care of everything else.
Here are some features:
- Works in Mac OS X and Linux
- Creates system tray applet that launches automatically on boot
- Downloads from HKPS key server by default, but customizable
- Supports fetching fingerprints URL over Tor or other SOCKS5 proxies
- Makes sure non-revoked public keys are refreshed once a day
- Works seamlessly with the web of trust
If you’d like to always have up-to-date public keys for all First Look employees, including the journalists at The Intercept, you can create a GPG Sync endpoint using these settings:
If you’d like to start using GPG Sync within your own organization, I’d be interested in hearing about it. Let me know by emailing me at email@example.com.