Reference

Encrypting Email

Working more securely with e-mail


The most common question we get asked by people getting starting is how can I start communicating more securely using e-mail. This guide should get you going at no cost with only a small outlay of time.

 

Why You Should Encrypt Your Email

Taken from the About: article found here...

From Tony Bradley, CISSP-ISSAP,
...However, as one of the common sense measures that aren't pure hype you should consider encrypting your email communications. If you are on vacation you might send a picture postcard to a friend or family member with a quick "wish you were here" sort of message. But, if you are writing a personal letter to that same friend or family member you would be more inclined to seal it in an envelope. If you are mailing a check to pay a bill or perhaps a letter telling a friend or family member that the extra key to your house is hidden under the large rock to the left of the back porch you might use a security envelope with hatched lines to obfuscate or hide the contents of the envelope even better. The post office offers a number of other means of tracking messages- sending the letter certified, asking for a return receipt, insuring the contents of a package, etc. Why then would you send personal or confidential information in an unprotected email? Sending information like the location of your extra house key under the large rock to the left of the back porch in an unencrypted email is the equivalent of writing it on a postcard for all to see. ...

Taken from the About: article found here...

There are hundreds of articles explaining why you should encrypt your e-mail. Why do we always ignore the invisible threats? What follows is a summary of how to encrypt YOUR e-mail right now. We're not going to go into the gory details of digital encryption, there are web-sites at the bottom that will do that. I'm just going to show you how to do it.

Installing it on:

Linux/Thunderbird/GnuPG/Enigmail

If you use Mozilla Thunderbird and a recent Linux version (Fedora 7 is used in the example) then this is a solution for you. I'm assuming you already have the operating system and e-mail client installed.

  • You will need GnuPG install on you Linux system
  • Now download '''Enigmail''' from https://addons.mozilla.org/en-US/thunderbird/addon/71 Note that you will need to right click the ''Install Now'' icon and select ''Save As...''
  • Open '''Thunderbird''' and select ''Tools, Extensions'' and ''Install''
  • Select the ".xpi" file from the location you saved it

You now have all the software required to begin. You just need to generate some keys. From the OpenPGP menu item in Thunderbird, choose Key Management. From the Generate menu, choose New Key Pair. Choose the email address you want to create a key for, and set a passphrase. Hit the Generate Key button, and relax - it can take a few minutes. When it's done, you have the chance to generate arevocation certificate. This certificate can invalidate your public key just in case your private key is ever compromised. Go ahead and get your revocation certificate and save it.Your "Secret" Key is what enables you to decrypt messages while your "Public" key enables others to encrypt messages they send to you. Give out your public key freely and keep your secret key safe. Thunderbird (via OpenPGP) will automatically search on line for a public key when attempting to send someone an encrypted e-mail. Don't forget to actually select Encrypt Message and Sign Message when sending. You can tell Thunderbird/OpenPGP to do this automatically by selecting OpenPGP, Preferences or OpenPGP, Edit Per-recipient Rules.

Windows/Thunderbird/GPG4Win(GnuPG)/Enigmail

  • If you use Mozilla Thunderbird and MS Windows then this is a solution for you. I'm assuming you already have the operating system and e-mail client installed.
  • Download '''GPG4Win''' from http://www.gpg4win.org/ Install it on your PC accepting all the defaults unless you really feel a need not to
  • Now download '''Enigmail''' from https://addons.mozilla.org/en-US/thunderbird/addon/71
    • Note that you will need to right click the ''Install Now'' icon and select ''Save As...''
  • Open '''Thunderbird''' and select ''Tools, Extensions'' and ''Install''
  • Select the ".xpi" file from the location you saved it

 

You now have all the software required to begin. You just need to generate some keys. From the OpenPGP menu item in Thunderbird, choose Key Management. From the Generate menu, choose New Key Pair. Choose the email address you want to create a key for, and set a passphrase. Hit the Generate Key button, and relax - it can take a few minutes. When it's done, you have the chance to generate arevocation certificate. This certificate can invalidate your public key just in case your private key is ever compromised. Go ahead and get your revocation certificate and save it.

Your "Secret" Key is what enables you to decrypt messages while your "Public" key enables others to encrypt messages they send to you. Give out your public key freely and keep your secret key safe. Thunderbird (via OpenPGP) will automatically search on line for a public key when attempting to send someone an encrypted e-mail. Don't forget to actually select Encrypt Message and Sign Message when sending. You can tell Thunderbird/OpenPGP to do this automatically by selecting OpenPGP, Preferences or OpenPGP, Edit Per-recipient Rules.

 

What is this "signing" thing?

 

You don't have to sign a message to encrypt it. Signing just proves that the originator is genuine. Anyone can use my public key to encrypt a message to me and forge your e-mail address to make it look like it came from you. When you sign/encrypt a message the program decrypts the message using my private key as normal but then uses your public key (which I have told it to trust) to verify your signature to your e-mail address. It's more a corporate tool but most people just put it on by default. Use it if you need to verify the authenticity of the sender.

 

PGP/MIME, S/MIME
S/MIME is a separate entity to PGP and can not be used at the same time. '''Not to be confused with PGP/MIME though which you should use.'''

  • MIME is just a standard for e-mail extension but mainly it deals with sending attachments.
  • S/MIME requires you to be issued a certificate from a Certificate Authority (CA), which you need to pay for to make it valid, and is separate from PGP
  • PGP/MIME is the standard that PGP uses to roll your whole message (attachments included) into a MIME block and encrypt the whole thing at once. This is a good thing as it preserves everything, the html, the attachments, etc perfectly as it should be. Without this you lose non-plain text formatting and have to decrypt your attachments manually using OpenPGP. The problem is almost all e-mail clients support it except Outlook.

 

Try It Out

Try it out by sending us an encrypted e-mail using our public keys. If you have any issues or questions This email address is being protected from spambots. You need JavaScript enabled to view it. .

 

Links

Popular