So, 2011 is the year that really brought home just how broken the modern Certificate Authority system is. Basically, if you have a company whose entire revenue model is taking money from people to say that they are who they say they are, it shouldn’t be surprising that they’ll just take money to say somebody is whoever they want. I’d been using S/MIME with a free certificate to sign my emails (at least when emailing people who wouldn’t be too confused by doing so), but I decided that really I needed to switch to the OpenPGP Web of Trust model for it to really be making any sense.
So, I figured I’d set up GPG. I’ve been reading through the Internet, and there was a lot of stuff scattered about, so I figured I’d collect here what I think is the final result of what I’ve set up. Since I didn’t go through all this quite in this order, and I’m doing this from memory, it’s possible that I’ve missed a step in this writeup, though.