Tuesday, May 04, 2010

How To Start using E-mail Encryption (Part 1)

I called this "Part 1" because there are a number of different ways to encrypt e-mail, and this is the one I use, but over time I will try to cover others.

Why encrypt? E-mail is sent in plain text. If you are careful, you connect to your ISP's mail server using SSL encrypted transports. (the https:// page of a webmail, or using the SSL versions of POP or IMAP as explained in my previous post about Gmail security). If you are lucky, your ISP might use SSL encrypted transports beween their server and the next server (still not common practice), but plain text versions sit on the disk at both servers, and eventually on the computer of your intended recipient. The recipient we are not worried about, but if it's not something you want the mail man reading you don't put it on the back of a post card, you stick it in an envelope. That's encryption. SSL trasport encryption is like those big yellow interoffice mail envelopes. All your stuff goes into one of those for transport across the office and is opened when it gets to the right department. PGP (Pretty Good Privacy) or GPG (Gnu Privacy Guard, the opensource version of PGP) is like mailing your letter in a lockbox that only your recipient has a key for.

So how do you set up GPG for personal use?
First, if you are still using Outlook Express as a mail client, switch to Thunderbird. No, really. Outlook Express is a bad mail client anyway, and the integration with PGP and GPG is dismal.

If you are using the full blown Outlook you must be using it for corporate use, just buy PGP it integrates seamlessly.

Now for those already using Thunderbird (or new converts from Outlook Express), download the appropriate version of  the Enigmail Add-on and GNUPG for your OS. (Gpg4win if you are on windows)

Install GPG. Install the Enigmail add-on into Thunderbird

When you have Enigmail installed you will see a couple of new menu items and icons at the top like this:

Then you need to create a GPG key, associate your key with your e-mail address in Thunderbird, and set the settings of when you want your key to be used for signing and encrypting. I recommend that you set it to encrypt automatically if the contact has a known encryption key.

Follow the instructions that came with your version of GPG for creating a new key. 

Associating a key with your e-mail address is pretty easy.
Open the account settings in Thunderbird (where you set your e-mail address), there is a new menu item there too.

If this is your first time ever using GPG/PGP then you can probably leave it set to use e-mail address to identify OpenPGP key. If you have old keys floating around or use multiple keys select the Use specific OpenPGP key option.

Select whether you want it to insist you sign messages or not.

Back to that OpenPGP menu item on the main window... Click it
Select Preferences.

The most important setting in this menu is this one:
When sending mail, Add my own key to the recipients list. If you don't select that you won't be able to read your own sent mail when you encrypt.
Next to that I'd say selecting the Encrypt replies to encrypted messages is a good one to check. If someone went to the trouble of securing communications with you, you don't want to reply to them in the clear.

Now when you go to write a message there is a new option icon at the top of that screen:

Now you just need some PGP public keys of friends to send encrypted mail to. Here's mine. Have fun, and stay out of trouble. :)

Version: SKS 1.1.0

Post a Comment