As more and more people want to encrypt their personal communication to preserve and to protect their privacy, this post should give a quick introduction and some useful hints regarding email encryption based on OpenPGP.
First of all: It may initially look like being quite complicated. The available guide will require some thorough reading. But in the end it is not that complex and absolutely worth the effort. As soon as one is familiar with the basic concepts and techniques it will be nothing more than locking/unlocking your front door. And probably you did not yet remove your door lock for reasons of simplicity?
Before coming to the recommended guide and software it may help to have brief look into the basic concepts:
- Encryption: The content of emails will be scrambled and only readable to the sender and recipient. It is also called end-to-end encryption and makes use of asymmetric cryptographic algorithm. It must be noted that the mail header that includes the subject, sender and recipient is not encrypted. This is because your mail service provider needs to know to whom to deliver your mail, but unfortunately due to this it is also exposed to data retention.
- Signing: Sending encrypted content is one thing, but if you make the effort you probably also want to make sure that the one on the other side is really the person with whom you would like to share your personal stuff. This is done by signing the encrypted mail and enables sender and recipient to verify that the other one is really the ones that she/he claims to be. And that is by the way not that paranoid.
- Exemplary Workflow: Alice wants to sent Bob an encrypted and signed mail.
- The encryption and signing of the mail is performed by the mail client of Alice. To encrypt the mail the public key of Bob is used. To sign the mail the private key of Alice is used.
- The decryption and signature verification of the mail is performed by the mail client of Bob. To decrypt the mail the private key of Bob is used. To verify the signature the public key of Alice is used.
For now just think of the public and private key in its literal meaning and remember that a person always owns a pair of keys: one private and one public. All other details are explained in the referenced guide below.
The recommended software is available for all platforms (GNU/Linux, Mac, Windows), naturally Free and Open Source Software and includes:
- Mozilla’s Thunderbird: This will be the email client with which you can send and receive encrypted mails.
- GNU Privacy Guard (GnuPG): This will be the command line tool that will encrypt, decrypt, and sign your mails. It implements the OpenPGP standard RFC 4880.
- Enigmail: This is an extension (add-on) for Thunderbird that will integrate GnuPG to your Thunderbird and simplify its use in daily routine.
The Free Software Foundation has compiled a comprehensive, simple to understand and very helpful guide on how to encrypt your mails: Email Self-Defense.
It is available in different languages and supporting all popular computer platforms (GNU/Linux, Mac, Windows). That’s the one that should be carefully read and may take about half an hour of your precious time. If you are still wondering what this is all about you should first start with their infographic.
If you still feel uncomfortable with this whole topic it is highly recommended to participate in a so called CryptoParty. It is not about dancing. You can personally meet trustworthy experts in this field that are happy and eager to guide you through all of this. I did so by myself, thanks to muCCC for organising those in my town. Some takeaways:
- Use a unique password for every single account and purpose. Use a password management tool like KeePassX to maintain those. Regarding password strength you may want to have a look at this comic strip.
- Never have your fingerprint and public key at the same place. As the fingerprint is used for verifying that your public key actually belongs to you, they should never be put to or taken from the same place. It would be an easy traget for any fraud attempt. The public key should be uploaded to the commonly known key servers. The fingerprint should be on your business card, mail footer or blog. Ideally you will always check the fingerprint in person with the key owner.
- Really keep your revocation certificate and private key in a safe place, meaning at least not on a mobile device, no cloud storage or cloud backup.
- 2 years of expiration period for a key pair is recommended.
- You may want a key size of 4096 and a key type RSA.
- When you write encrypted mails, always use plain text. No HTML or other fancy formatting. The reason behind is that the HTML formatting will add commonly known patterns to your mail (like the standard HTML tags). Based on those the effort for an attacker to break your encryption is significantly lower.
- There are also ways on making encryption work via Webmail (the Web application of your mail service provider), but it is not recommended as you need to share your private key at least with your Web browser which is in general a bad idea.
- Keep your software up-to-date to make sure that you will receive also the latest security fixes.
You can find my mail address and fingerprint for encrypted mailing here.
Update (07-Feb-2015): ProPublica has published an article two days ago about the creator of GnuPG and his lack of funding: “The World’s Email Encryption Software Relies on One Guy, Who is Going Broke”. Stimulated also by this coverage he managed to raise about 300K $ of support for his project within one day.
Update (03-Mar-2015): Those who are curious about how Edward Snowden tried to teach GnuPG-based encryption on Windows to Glen Greenwald, watch this video “GPG for Journalists”.