DHS Hate me

Why should you encrypt your Communications? Very simply, Privacy.

Unless you’re a super-spy, you probably don’t have any information that you want to keep private… Right? Everyone has something they wouldn’t like everyone else to know. Even if it’s just an email between you and your friend talking about a member of the opposite sex, You probably wouldn’t like that publicized. I read once that you shouldn’t E-mail anything you don’t want to see on the front page of your local newspaper.

Understand that even if you use a secure connection to connect to your mail server, the mail server sends your message in clear text out to the recipient. To use a physical analogy, You’re sending a Post card through the mail, rather than a letter. Anyone who wants to can read your message… or even change it!

Most people aren’t worried about this. Hell, most people aren’t even aware of this. They see the little envelope logo, and think it’s just like sending a letter. It’s not.

Let’s think about this for a while. Are you doing anything wrong when you’re evacuating your bowels? No, of course not. Would you want to do that in a glass-walled stall in the middle of a busy street? Probably not. That’s private. What about your conversations with Aunt May? Would you like those posted on the jumbo-tron screen at the baseball game? Again, Probably no.

So, unless you’re the type of person who likes to take a dump in the middle of Times Square in a spotlighted, glass-walled room, You’re probably wondering right now, “How do I encrypt my conversations with Aunt May?”

Which brings us to our How-to: Encrypting your Emails.
(These instructions assume you are using Windows. Other Operating systems have similar procedures. Drop me a line if you need help.)

We’ll be using two freely available programs, Mozilla Thunderbird with the enigmail extension, and GPG (Gnu Privacy Guard)

To start: download GPG, Thunderbird,and enigmail. (important: If you’re using Firefox, right click on the enigmail link and choose “Save Link as…” or you’ll attempt to install it into firefox, which won’t work.)

Once you’ve got them downloaded, and saved to someplace you can find, Run the installs, First Thunderbird, then GPG. Installing Enigmail is a little different… Open up Thunderbird, and get it set up to communicate to your Email.

This is a little different for each provider, But is pretty simple. If you use Yahoo, Hotmail, or the like, you’ll need the Webmail Extension. Gmail is handled by Thunderbird all by itself, so you’ll not need anything extra. Here is an excellent place to get started setting Thunderbird up. IMAP is usually better than POP, but both work fine for encryption. If you get your email through your ISP, You probably already have another email program set up on your computer (Outlook express or Outlook, Possibly Eudora or Mail.app). Use the Import feature to bring the settings and mail from the other App. Or, you can contact your ISP and they can walk you through setting up the program. They may even have instructions on their homepage. Most do, as it’s one of the most frequently asked questions out there.

Once that’s done, you can start the easy part. Click Tools>add-ons. Up will pop a window with any extensions you’ve got installed (probably none). At the bottom of this window, there’s an Install button. Click it. browse to the xpi you downloaded, and once it’s installed, Restart thunderbird. As it loads, you will probably get a pop-up from enigmail asking you to set it up. Point it towards your GPG installation, if it doesn’t automatically find it.

You’ll see a new menu at the top: OpenPGP. Click it. Then click Key management. A new window will pop up, Which if you had any keys, you would see them here. Click “Generate” in the menu bar on this new window, and select “New key pair”

Now, a Moment on Public Key Encryption. It’s one of the most successful encryption schemes out there, and pretty much unbreakable until Quantum Computers hit the shelves. The way it works is that You make two keys, one to lock the messages, and one to unlock them. You hand out the Locking key to Everybody and their uncle. That’s your Public key. All it does is encrypt messages and verify messages signed with your Private key. You NEVER hand out your Private key. Anyone with your private key is, effectively, You. They can read messages sent to you, and sign messages they send, pretending to be you. Keep that puppy SAFE (I keep mine on a Thumb drive I carry with me at all times).

Ok, back to Your new Key pair. You only need to pay attention to two things on this screen. 1) Which account to use. If you only have the one set up, it should already be in the drop-down section. 2) Passphrase. Use a Passphrase! The rules for this is the same as for internet passwords. Use something you won’t forget, but is hard to guess. One example I like to use is the passphrase: B00bies!11! Note that it is a mixture of letters and numbers and special characters. An even better password would be IL1keB00Bies! Longer passwords are harder to guess or brute-force. Type your ultra-secure password into the two boxes. Then, Click “Generate Key”.

During the process of generating a key, it will tell you to introduce as much randomness into the operation of the computer as possible. Type, move the mouse, browse the web, whatever. Random is good.

Ok, now you’ve got a Key! Now what? Well, you need to get it out there so people can start encrypting email they send to you. One way is to use a Keyserver. That’s a little beyond the scope of this, so we’ll just skip to getting your Aunt May up and running.

If she’s not too computer savvy, You may want to go to her place and repeat the steps you’ve just completed for her. Once she’s got a Key pair generated, You need to trade public Keys. There are a couple of ways to do this, but the easiest is to just attach it to an email and send it off. Enigmail should automatically import the Public key from your Gramma’s email, and vice versa. Once you have Each other’s public keys, you can send encrypted emails to each other.

Click on the Drop-down next to the OpenPGP icon in the Compose window, and select Encrypt message. Then, just write your message normally, and when you send it, you will be asked for your Passphrase. Type it in, and the message will encrypt before being sent off. When she gets it, she types in her passphrase, and it’s decrypted and shown to her.

Enigmail has an awesome quickstart guide which goes into much more depth than I do.

If you don’t have an Aunt May to try it out with, Here’s My Public key. Just Highlight it (ALL! including the —–BEGIN PGP PUBLIC KEY BLOCK—– part, all the way through and including the —–END PGP PUBLIC KEY BLOCK—– part), press ctrl-c, and then go back into the key management window, and click Edit > Import Keys from clipboard. Now you can send me an encrypted email.

—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.4.7 (MingW32)

mQGiBEhAPOIRBACAmcJYJMPE5E91QDRYHVe52Y8q/ip6Qs54HhmieXDcsXqlk7Eq
FsSihGl1F27HK7Ffa9aaZ/34xlgU7PhqisoxhqbzC7YRClqMp6CciNJuTJIOScBH
bG+MN3/WMkHHFJwumDgdBlBaZutFTOGj0jI68aom9OD6jqgi5oF52HDx1wCgqzGp
Ic9RTmlHBGKnEP/YqhOVfbMD+weccZ7A2UZKEsZm2VK37Hij7LsDcsZGT9ipk0mg
XLXdLjIK+/jZ1lpNd6vtZObKARc9LKi3+vuf9WHOm5nSgj4awTND7hmfupWckCLP
/LY7xYjZarhMXwAp+CBT4HHWIJ2yM/Yszh/HqfGUPugBaZDzrzHaJBdmrrS6pvF7
8O5nA/wP/lx3U24B0ycZnnET3Ibczq5sWVg5v9jtFoNQUnyYE0GFyNI1hTZBrqAc
iUM/0SRY5Z/6Ccxq2SPP/lGuqeh4omtspx46q94bO+PQo9C0RXUSoOPZaHdUMtBf
vP3jdFfr5R5fGttlVw8wr9Bxi+ZAwnsErWRbsHipGCUPIj6a8LQlVGhlb2RvcmUg
TWluaWNrIDxkaHNoYXRlbWVAZ21haWwuY29tPohmBBMRAgAmBQJIQDziAhsjBQkJ
ZgGABgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQMRVG/iwNrV28IQCePEw+nGHA
qsPp6el/mWqWRDM1GkMAn29TwlzSr0s/LNqZmWSb47S1UhwKuQINBEhAPOIQCADi
bIFBi5gfpvGUqRGyKbIVImxSgywGsB4TwVEx/Caio+N77gu2s78ePKWKV8G/BaiJ
CaB8QHB0DVE5RFHvekT+BFow+SAtPrlYRG8MQRaEEVjRntEH5Av7nmxdKzxFpZbg
M0YuOarjzHwB/4Fdn8gWFf+7CvleG3EDb7LZQ/qc+8qyCuadDtztCmGMZFwP+MTC
5L876NE8nBJJunVj3FCmmQebmxUHzT/Ojt+OL+zhd777BucRajyapHQy+Ax8T7u3
8ejPb5OIZylmn8WH7hyoUfBzSH3Ef1LbfIypYXMzvExPvQNE/MqmPJhFpK8c9CWf
5nOHQyrkm4uajisAqDLbAAMFB/0QFvHZ4WACJvVTdwrjkA43DBx3ZCuLsLRKNajO
uhiANFzNwXbgZioh6/oMdZEAobR/EY54A8QI4aRyvXBFBxUmVW29cA/OVbg3zGZs
pSNCLWlvCrsuMuw5IK9zcWQniKEOiNTqJ+4wQN7xLwh5Zt9VDdOs2yDBR7t9caZ/
9e3j46rydQyOOBZpK6UhDDLzUVPxU43zVA/oimPc8EZRVjB5RhwPSD+XgzehyqYo
ZJeFQryER8WQ9pNDBKXyTaocJzLnDVR3EM3TgfUh6PDFOcRXo082+Ubr71jc18YW
m7VNom0QT/wHgkkL1aERM6iWe46YHmxfEoe/P1NiD/sqwU44iE8EGBECAA8FAkhA
POICGwwFCQlmAYAACgkQMRVG/iwNrV0y1QCfYWDI5Gpc2X5Vdz80zrzahJfjNeEA
n37tI/Dp98sPM57f2yJ9mxQErXrH
=0Amx
—–END PGP PUBLIC KEY BLOCK—–

Tags: General // 1 Comment »