Encrypt your e-mail for privacy+security, Part 2
While e-mail is wonderfully efficient and fast (not to mention, free), it is not a terribly private nor secure communications medium. As I mentioned in the introduction to this series, Who’s reading your e-mail?, e-mail is transmitted in very-easy-to-open plain text (or HTML), travels through many different devices, and sometimes gets mis-delivered, or lost.. or ‘stolen’.
There are times when the material we need to communicate to someone else could really hurt us if the wrong eyes saw it. Some things should remain “confidential” (For Your Eyes Only) or/and private (Top Secret). These subjects may be your account numbers, business plans, bids or cost-estimates, love letters, travel plans, and whatnot. Unencrypted e-mail is really not the way to transmit these things.
Tip of the day: Encrypt your private communications. This series of articles will tell you how to implement a free method of encrypting your e-mail messages using GPG.
(For those readers who took my advice in yesterday’s article and looked at the description of Public-key cryptography on Wikipedia, this next will be review…) GPG uses “keys” to encrypt and decrypt files, as do most such tools. The problem with encrypting communications is — how do you give a copy of the key (so they can ‘unlock’ the file you have ‘locked’) to the person you’re sending to?
This dilemma is solved with the concept of key pairs– we are going to use GPG to generate a key pair: a “public” key, which we can send to anyone we like (or publish, for all to see), and one “private” (aka “secret”) key. It will take both keys for the system to work. (As the name implies, it is rather important to keep your private key to yourself… and to store a copy in a safe location.)
The way it works is:
1) you will encrypt your file/letter using your private key. Which you then Send to your intended recipient.
2) Your recipient uses you public key to decrypt and read your letter/file.
When your correspondent wants to send you a reply:
1) they encrypt it using your public key, and..
2) you decrypt the reply with your private key.
It takes both keys to work, and only you will have the private key.
The tool we are going to use, GPG (as part of WinPT [Windows Privacy Tools]), is quite flexible and adept, but works best (at encrypting e-mail) as a “plug-in” for your e-mail client (Outlook, Thunderbird, Outlook Express, ie.)
and your ‘private’ e-mail accounts.. such as the account your are provided with by your ISP.
(I will, also, demonstrate how it can used with browser accessed “web mail” accounts, such as the free services like Hotmail, Gmail, and Yahoo Mail.)
Those of you already using a client to access and mange your e-mail accounts will simply have to download GPG (Apple) or WinPT (and the appropriate plug-in) and install it, generate a key pair, and send your public key to those folks you want private correspondence with. Once that’s done you will be able to either automatically encrypt your e-mails (and their attachments), or right-click >encrypt.
WinPT comes with a built-in Outlook Express plug-in; and GPG offers plug-ins for the popular e-mail clients, and some of the less-popular clients too, such as Apple Mail and Eudora. For a complete list of compatible e-mail clients, click here.
For those of you who typically log into your e-mail via a web browser (IE, Firefox, etc.), I believe that in the long run — if you want to encrypt your mail — you will find it easier to get into the habit of using a client instead. I will be using Outlook Express for my demonstration (since all Windows machines come with it), but for everyday use I recommend using today’s free link.
To skip to Part 3, click here.
Today’s free link: I have posted this free tool before, but since it is so in-step with our topic (and it’s a darned-good program to boot) I will repost it. Thunderbird 2, from Mozilla. Access and manage various accounts from one place, and get great spam filtering.
Copyright © 2007-8 Tech Paul. All rights reserved.
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 