If this is your first time using our curriculum, please visit How To: Using LevelUp’s Trainer’s Curriculum
This session module covers email encryption using the PGP (Pretty Good Privacy) protocol, and the equivalent GPG (Gnu Privacy Guard) protocol. PGP/GPG is one of the more complex tools to train on in the average digital safety training, as well as the most time-intensive. This session module includes several options from which trainers may choose for their ADIDS components for a training session on advanced email.
Learning Goals for Participants
- Understand how email is sent, routed, and received, including where and how email contents can be read.
- Ways to minimize exposure of email to unwanted scrutiny.
- Understand what GPG/PGP is and what it does and doesn’t do, including various issues associated with using it (e.g., potentially “calling attention” to your usage of it, the limitations of being able to use it on mobile devices, etc.).
- Be able to create a private/public keypair, upload a public key to a keychain, find and download others’ public keys, and authenticate others’ identities and keys.
- Be able to send and receive emails that are signed or encrypted using GPG/PGP.
- Understand the importance of keeping your private key secure, and how to revoke your public key.
- Be sure you have a discussion about using encryption for participants who live and/or work in countries where using PGP/GPG may be a concern. They may need to use other tools or tactics in addition to PGP/GPG, or may not feel comfortable using it given the local situation or legal status of encryption technology.
- If you choose to training on PGP/GPG, be sure the participants can either contact you if they need any assistance afterwards, or have another contact who can support them.
- We also recommend following up with “practice” emails after the training, since using PGP/GPG becomes easier with more use, and the participants are unlikely to know many people who use it that they can practice with.