TechLife Australia

Encrypting your email

HOW TO SEND MAIL THAT CAN’T BE SNOOPED.

- net), www.thunderbir­d.

UNLIKE MANY OF today’s communicat­ions protocols, email was invented in a time before the rise of the surveillan­ce state and the explosion of criminal hacking syndicates. Because of that, it doesn’t have many inherent safeguards. Most notably, it does not natively support end-to-end encryption, meaning that your email service provider (and anybody who can compel or hack them) has full access to all your emails.

There are ways to bolt-on that kind of encryption to email, however. The most common method is PGP, short for Pretty Good Privacy, and this month we’re going to talk about how you can set it up for yourself.

HOW IT WORKS

Like most end-to-end encryption systems, PGP uses what’s called asymmetric encryption to send and receive data.

Every person who uses PGP has two cryptograp­hic keys: a public key and a private key. The public key can only be used to encrypt data – it cannot decrypt it. Only the private key can decrypt.

So a user can give out their public key to all and sundry, and if somebody wants to send a private message to that person, then they would use that public key to encrypt the message. That ensures that only the person with the private key can read that message.

So, when you want to send a secret message to someone, you get their public key and encrypt the message with it before sending. You can also give them your public key so they can send secret messages that only you can read by decrypting it with your private key.

WHAT YOU NEED

There are a number of ways to set up and use PGP, but we’re going to focus on Enigmail, one of the easier to use solutions.

To use Enigmail, you first need to set up Mozilla Thunderbir­d (

an email client, and connect it to your

mail accounts. We’re not going to walk through Thunderbir­d set-up here, but if you want to connect it to a Gmail account you can find a guide online at support.mozilla. org/en-US/kb/thunderbir­d-and-gmail.

Second, you need to install the binary version of Gpg4win, which you can download from gnupg.org. Enigmail uses Gpg4win in the background, so you need to install it first, though you don’t need to configure it or run it – Enigmail does that in the background. (We should note that Gpg4win does have an add-on for Outlook – GpgOL – if you want to use that, though we wanted to go with completely free tools for this guide).

Finally, you need Enigmail itself. Enigmail is not a stand-alone app – it’s an add-on for Thunderbir­d. In Thunderbir­d, go to Tools > Add-ons. Perform a search for Enigmail (it’s often linked in the featured add-ons as well) and add it to Thunderbir­d. You’ll see a new menu item added to your Thunderbir­d window. You’re ready to roll.

EXPORTING KEYS

Although Enigmail has a setup wizard, it’s mostly concerned with downloadin­g and installing PGP, which, if you’ve installed Gpg4win, is not necessary. If you like, you can go straight to key management. Click on the Enigmail menu item in Thunderbir­d and select Key Management.

You will see, for every email account you have set up in Thunderbir­d, Enigmail will have created a set of keys for you. Now you just have to get those keys to the people with whom you want to securely correspond. Only when they have your public key can they securely send you messages.

The easy way to do that is to right click

EVERY PERSON WHO USES PGP HAS TWO CRYPTOGRAP­HIC KEYS: A PUBLIC KEY AND A PRIVATE KEY. THE PUBLIC KEY CAN ONLY BE USED TO ENCRYPT DATA – IT CANNOT DECRYPT IT. ONLY THE PRIVATE KEY CAN DECRYPT.

on a key in the Key Management window and select ‘Send Public Keys via email’. That will start a new email, with a keyfile (which has an .asc extention) attached. You can send that on to anybody you would like to be able to send secure mail to you. There’s no default text or header, so remember to type something in to explain to the recipient why you’re sending them an .asc file!

IMPORTING KEYS

Now that you’ve sent people your public key(s), it’s time to import theirs so that you can send them encrypted emails as well. They might send it to you as an .asc file as you did above, or they might send it to you as a big blob of random letters and numbers in the body of the email itself.

If they sent it as a file, in the Key Management window, click on File > Import Keys from File, then point it to the .asc file (an .asc file is really just a standard text file with the key inside it).

If you received the key as text it will look like a huge chunk of random numbers and letters, and will probably be bounded by a ‘begin public key’ sentence. Copy the text between the begin and end notes to the Windows clipboard (usually by selecting it and pressing Ctrl-c).

Then go to the Key Management window and select Edit > Import Keys from Clipboard.

If successful, the imported key will be added to your Key Management window. You’ll see that, unlike your keys, it will not be in bold. That means that you only have the public key for that address, rather than both the public and private one.

Now you’ll need to do this for all the people you want to securely correspond with, getting keys for all of them. This collection of keys is called a keyring.

SENDING EMAIL

Once you’ve built your keyring, using Enigmail is actually pretty easy. When you compose an email, it will automatica­lly detect if the recipient has an entry in the keyring, and if they do it will automatica­lly encrypt that mail.

You can see there’s a small icon in the write window, just above the ‘To:’ filed. If there’s an X over it, it means the email is not encrypted.

But if there’s a tick, it means the recipient address matches one of the keys you have on file, and so the message will be encrypted using that public key. If, for some reason, you don’t want to encrypt the message, you can click the icon and turn encryption off for that message.

Likewise, when you receive an encrypted email, Enigmail should automatica­lly detect and decrypt the mail. There will likely be a huge header on the email with a note saying ‘Enigmail decrypted message’, but otherwise it will appear normal.

And that’s it. You’ve set up some basic end-to-end encryption for your email. Now nobody but you and the people you’re communicat­ing with can read them.

DIVING DEEPER

There’s a lot we haven’t covered here: passphrase­s, public key servers, signing and authentica­ting, the different forms of encryption and so on. We recommend reading up on these further if you’re really serious about security, though what we’ve covered here should be enough to get you on your way!

?? ?? Find Enigmail in the Thunderbir­d Add-ons page.
Find Enigmail in the Thunderbir­d Add-ons page.
?? ?? You’ll need to install Gpg4win, which Enigmail uses in the background. You only the need the main app and Kleopatra.
You’ll need to install Gpg4win, which Enigmail uses in the background. You only the need the main app and Kleopatra.
?? ?? Each email account will have an auto generated key pair, but you can create additional keys if you like.
Each email account will have an auto generated key pair, but you can create additional keys if you like.
?? ?? You can send a public key via email.
You can send a public key via email.
?? ?? Enigmail will auto-decrypt messages.
Enigmail will auto-decrypt messages.
?? ?? A successful import.
A successful import.
?? ?? No encryption for you.
No encryption for you.
?? ?? This is what a public key looks like.
This is what a public key looks like.
?? ?? The recipient has a key in your keyring, so the message will be encrypted.
The recipient has a key in your keyring, so the message will be encrypted.

Newspapers in English

Newspapers from Australia