Tuesday, May 04, 2010

How To Start using E-mail Encryption (Part 1)

I called this "Part 1" because there are a number of different ways to encrypt e-mail, and this is the one I use, but over time I will try to cover others.

Why encrypt? E-mail is sent in plain text. If you are careful, you connect to your ISP's mail server using SSL encrypted transports. (the https:// page of a webmail, or using the SSL versions of POP or IMAP as explained in my previous post about Gmail security). If you are lucky, your ISP might use SSL encrypted transports beween their server and the next server (still not common practice), but plain text versions sit on the disk at both servers, and eventually on the computer of your intended recipient. The recipient we are not worried about, but if it's not something you want the mail man reading you don't put it on the back of a post card, you stick it in an envelope. That's encryption. SSL trasport encryption is like those big yellow interoffice mail envelopes. All your stuff goes into one of those for transport across the office and is opened when it gets to the right department. PGP (Pretty Good Privacy) or GPG (Gnu Privacy Guard, the opensource version of PGP) is like mailing your letter in a lockbox that only your recipient has a key for.

So how do you set up GPG for personal use?
First, if you are still using Outlook Express as a mail client, switch to Thunderbird. No, really. Outlook Express is a bad mail client anyway, and the integration with PGP and GPG is dismal.

If you are using the full blown Outlook you must be using it for corporate use, just buy PGP it integrates seamlessly.

Now for those already using Thunderbird (or new converts from Outlook Express), download the appropriate version of  the Enigmail Add-on and GNUPG for your OS. (Gpg4win if you are on windows)

Install GPG. Install the Enigmail add-on into Thunderbird

When you have Enigmail installed you will see a couple of new menu items and icons at the top like this:


Then you need to create a GPG key, associate your key with your e-mail address in Thunderbird, and set the settings of when you want your key to be used for signing and encrypting. I recommend that you set it to encrypt automatically if the contact has a known encryption key.

Follow the instructions that came with your version of GPG for creating a new key. 

Associating a key with your e-mail address is pretty easy.
Open the account settings in Thunderbird (where you set your e-mail address), there is a new menu item there too.

If this is your first time ever using GPG/PGP then you can probably leave it set to use e-mail address to identify OpenPGP key. If you have old keys floating around or use multiple keys select the Use specific OpenPGP key option.

Select whether you want it to insist you sign messages or not.

Back to that OpenPGP menu item on the main window... Click it
Select Preferences.

The most important setting in this menu is this one:
When sending mail, Add my own key to the recipients list. If you don't select that you won't be able to read your own sent mail when you encrypt.
Next to that I'd say selecting the Encrypt replies to encrypted messages is a good one to check. If someone went to the trouble of securing communications with you, you don't want to reply to them in the clear.

Now when you go to write a message there is a new option icon at the top of that screen:


Now you just need some PGP public keys of friends to send encrypted mail to. Here's mine. Have fun, and stay out of trouble. :)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.0

mQGiBEokPi0RBACEx42f/6jaMTyWSfi3165ew22znJ2lUc3hW635/uWw6kD12G3eWqe7Ph74
wMaUanH/pK0ReTHwkds7pMRU0+e+k9bX0xmwAmzVlmp8E2MpLJ9GN5c/Dl7y2wkP2b1LGszl
L51ub4KZfZUxZDDCuNu6kZoUw5rLo44XPc0wonP00wCgzkWraKCG/MVqTx7sfN4R1xoPDxUE
AIH7p3/n0smBGYqSSPxGEpzqzAmfKR4vnz38SEDlSqCtI4gv1OtW9/ujVXr4JdOD+cvPstPj
oeeluGsYDdsi/c3CVAf63sKCHoqEE8LmM2syvULA7RdkZ9bvtvyP1wtH25e/weHSUVWdX/ou
x/HG0P952O+tt95w0sYbuWWMKoQNA/4olQ6g/tT9D6hHUPfg3OZjTzIxbWreafg5ZcRoVsCy
sMyyQH7zWpzOvy1sZAg5KynvZFqmij4VBRulcieh6Yuz7lYO2XarpYlmoOa8JcbCNHIutkts
HT8DHSy18Kiq6RA1gqbT/3tmDsDfYNWEGX379GWM0l9f/3mtw2YQGFRcp7QnUm9kIE1hY1Bo
ZXJzb24gPHJvZEBtYWNwaGVyc29uY2xhbi5jb20+iGAEExECACAFAkokPi0CGwMGCwkIBwMC
BBUCCAMEFgIDAQIeAQIXgAAKCRClLPlKUhouNpKdAKCK9xZ/T0POQLJjn7/bjanGJIxmTgCg
rirVjRUGAOX+pe+X/KWvJwwxyoy5Ag0ESiQ+LRAIAMZcPrDRfiDkPLQPrDqPSBEbyQBBXqhU
5kwdFGyPTJzvluLz4NBvX8JsetQ95FTBQe5e03j+VKrzSPNglXtPYxKLbt6fpNJALF2lmPNU
Jm2ppp8PsFwUe1zPUZyf05OohHqpXper8Wpzp3C7fVFTC7Ii7hBPEyo7y/0RLd6u40X3a+5M
q/57QXAa8lqm006aG70ScDhtYvT6f8mKBWu+fgD7G5EMT8ICcO78qXLMtWv0R48UPXoqM4GM
TrVhlZSwGY5HvY/L8RtUI9irZMH2LoreXRbTaWwYzapJsw3C6oHyeb9hpCbbnwdbrKnRmeMY
VqdED2eYOY6VIJ6/vLD4QF8ABAsIAIdQWUOfNY/x7+ZDDdat62dyabzlNFk6YN444WQ+8Qno
9346gxtp4BMH8O0UksYkXl5KeCiMofMTQlZFCSdfTs5QK6NbkT5Yes/mchAJy5749zvGdVnJ
HZD6cIaCwYaf4nKbyZP4qyJK7hdBvMeNfaPI131OPtmA8DHxnb8pjPYbdTRbJ0/++iP4HcQU
sAvIY9+WXDHUMjDolfa4GtEemsudM+sBGrz5Sv4Jm3vvXazcDO4ehgIflXvF4w32OEYk+3Y5
VuSY4qBbRZlaAwdzlUcr4XMdW0518HJw9U9l+33C0D3o9klt7NzSAeLvloDdEmY1A1xd31Ue
7KuGEP2InEOISQQYEQIACQUCSiQ+LQIbDAAKCRClLPlKUhouNnfiAKCx0e8IUsBXCGDp5/Za
ZUathieLqgCaAz1aqmbfvvDM5jYDOhlW038OHJc=
=E1F/
-----END PGP PUBLIC KEY BLOCK-----

No comments: