Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Encrypt your e-mail for privacy+security, Part 2

While e-mail is wonderfully efficient and fast (not to mention, free), it is not a terribly private nor secure communications medium. As I mentioned in the introduction to this series, Who’s reading your e-mail?, e-mail is transmitted in very-easy-to-open plain text (or HTML), travels through many different devices, and sometimes gets mis-delivered, or lost.. or ‘stolen’.

There are times when the material we need to communicate to someone else could really hurt us if the wrong eyes saw it. Some things should remain “confidential” (For Your Eyes Only) or/and private (Top Secret). These subjects may be your account numbers, business plans, bids or cost-estimates, love letters, travel plans, and whatnot. Unencrypted e-mail is really not the way to transmit these things.

Tip of the day: Encrypt your private communications. This series of articles will tell you how to implement a free method of encrypting your e-mail messages using GPG.
(For those readers who took my advice in yesterday’s article and looked at the description of Public-key cryptography on Wikipedia, this next will be review…) GPG uses “keys” to encrypt and decrypt files, as do most such tools. The problem with encrypting communications is — how do you give a copy of the key (so they can ‘unlock’ the file you have ‘locked’) to the person you’re sending to?
This dilemma is solved with the concept of key pairs– we are going to use GPG to generate a key pair: a “public” key, which we can send to anyone we like (or publish, for all to see), and one “private” (aka “secret”) key. It will take both keys for the system to work. (As the name implies, it is rather important to keep your private key to yourself… and to store a copy in a safe location.)

The way it works is:
1) you will encrypt your file/letter using your private key. Which you then Send to your intended recipient.
2) Your recipient uses you public key to decrypt and read your letter/file.

When your correspondent wants to send you a reply:
1) they encrypt it using your public key, and..
2) you decrypt the reply with your private key.
It takes both keys to work, and only you will have the private key.

The tool we are going to use, GPG (as part of WinPT [Windows Privacy Tools]), is quite flexible and adept, but works best (at encrypting e-mail) as a “plug-in” for your e-mail client (Outlook, Thunderbird, Outlook Express, ie.)
and your ‘private’ e-mail accounts.. such as the account your are provided with by your ISP.
(I will, also, demonstrate how it can used with browser accessed “web mail” accounts, such as the free services like Hotmail, Gmail, and Yahoo Mail.)

Those of you already using a client to access and mange your e-mail accounts will simply have to download GPG (Apple) or WinPT (and the appropriate plug-in) and install it, generate a key pair, and send your public key to those folks you want private correspondence with. Once that’s done you will be able to either automatically encrypt your e-mails (and their attachments), or right-click >encrypt.
WinPT comes with a built-in Outlook Express plug-in; and GPG offers plug-ins for the popular e-mail clients, and some of the less-popular clients too, such as Apple Mail and Eudora. For a complete list of compatible e-mail clients, click here.

For those of you who typically log into your e-mail via a web browser (IE, Firefox, etc.), I believe that in the long run — if you want to encrypt your mail — you will find it easier to get into the habit of using a client instead. I will be using Outlook Express for my demonstration (since all Windows machines come with it), but for everyday use I recommend using today’s free link.

To skip to Part 3, click here.

Today’s free link: I have posted this free tool before, but since it is so in-step with our topic (and it’s a darned-good program to boot) I will repost it. Thunderbird 2, from Mozilla. Access and manage various accounts from one place, and get great spam filtering.

Copyright © 2007-8 Tech Paul. All rights reserved.

Share this post :

January 30, 2008 - Posted by | advice, Apple, computers, encrypting files, how to, PC, security, tech, Windows | , , , , , ,

3 Comments »

  1. But what if the key is kidnapped in route to the recipient before?? If he can already acces your system, there is a problem.

    Like

    Comment by mayaritte | January 30, 2008 | Reply

  2. Yes, Mayaritte, you would indeed have a problem (especially if he “already has access to your system”!).
    You do not send the public key in the same e-mail as your communications, and you only send it once..
    And you don’t have to use e-mail to transfer it, you could use a different file transfer method.. or put it in a password-protected zipped file.
    Basically, you are relying on the very slim odds that someone is already “trapping” your e-mails (using “obscurity”) when you send the key. Consider how many e-mails are being sent across the Web at any given moment.
    If you suspect someone is accessing your e-mail account, change your passwords… If you think someone is ‘accessing” your computer via spyware, remote administration through a backdoor, or some other hacker method, it is time to take much more drastic actions than merely encrypting your e-mail: like wiping your hard-drive and starting fresh.

    Like

    Comment by techpaul | January 30, 2008 | Reply

  3. yep, that makes sense…

    Like

    Comment by mayaritte | January 31, 2008 | Reply


Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: