Thursday, January 16, 2014

Send your email as a closed letter instead of an open postcard

Emails are readable textfiles that are very vulnerable for hacking, spying etc. You should be very careful about what you write when you mail.
Still it might be necessary to use email for confidential messages.
Then you will need encryption.

To use email encryption you will need a local email program like Thunderbird (it still isn't possible when working from out of your browser).
You will also need an add on called Enigmail and you of course need a email partner that also has these programs installed. 


And you both need a key pair, consisting of a private and public key.
You keep the private key private and exchange public keys, for example
by email, or by using a key server.  You then need to verify you have
the correct public key (and not an impostor's) by checking the
fingerprint of the key you received against the fingerprint you exchange
via a secure channel, for example by each putting your fingerprint on a
piece of paper and exchanging those pieces of paper when meeting in real
life.

So lets start from a situation you and your friend agree that you both want to use and install encrypted email.
Where do you start? In Linux it is easy to install the needed software and  you will do something like in Debian
#apt-get install thunderbird gnupg
or in Arch
#pacman -S thunderbird gnupg

In windows you'll need: gpg4win en thunderbird

In Os X:  GPGTools and thunderbird

To set up gmail for you will have to enable imap under Preferences.

Starting up Thunderbird you will have to set up an email account,
select imap, check if ssl is enabled.
Now go the the add on manager; search for enigmail and install it and restart Thunderbird and start the OpenPGP Setup wizard.
Sign all your outgoing emails (good for people getting curious and asking what this is all about and thus spreading the goods) 
Next; No create Per-recipient rules (you don't want to irritate people that are not using encrypted mail with useless, not readable textfiles); 
Next: Yes, change some email settings etc.
Now you can create a key pair (a public and a private key).
Give a strong password to protect your keys. Confirm your settings.
Next, move your mouse to create some entropy when the keys are created.
After that is done you will have to create a revocation certificate that you will need when your key has gotten compromised or if you want to revoke it for some other reason. Now use the password you gave before.
And save your revocation certificate and store it in a safe place.

You are now ready to use enigmail. In thunderbird you will click on both the sign and encrypt icon (right below) when you want to send an encrypted email. When you send an attachment you can encrypt that too.
Remember that both the email title and the attachment title will be readable and are not encrypted.

If you want to help your friend setting up Enigmail you could use a Teamviewer session.

To manage your keys and check other ones (see above) you can use the OpenPgp Key management tool with which you can export public keys and send them to a key server.

Check display all keys, right click on your own key and choose properties.
Now you can see your key ID and key fingerprint. Right click and Upload Public key to Key server to share your public key.
For this article the following source was used Keep-it-private
You will find a lot of back ground info and screen shots there.

See also: https://securityinabox.org/en/thunderbird_main

 A great site on internet privacy is https://securityinabox.org/en For instance the guide on password management is very useful

Blog Archive