The fourth amendment to the U.S. Constitution ostensibly protects individuals from unreasonable search and seizure by the State, but says nothing about protection from others, such as supervisors or tabloid reporters who might wish to access your personal information. Moreover, the legal protections that fourth amendment safeguards offer are often circumvented by the State, sometimes legally under judicial review, and frequently illegally. Digital communications, and email messages in particular, are relatively easy to track and monitor without either party's knowledge. Consequently, any reasonable expectation of privacy depends on safeguards implemented by the end users. Many of the people who use digital media to communicate, however, have little to no knowledge of of digital encryption, and few consider their messages sensitive enough to merit such measures. Nonetheless, instances where a reasonable degree of privacy is helpful do arise, from the need to transfer confidential medical or human subjects data to a particularly sensitive personal message. This article briefly addresses the basic privacy issues, and then offers a general introduction to digital privacy protection, including how to implement useful encryption and authentication utilities provided by GnuPG with Mozilla Thunderbird, Microsoft® Outlook ExpressTM, or Microsoft® OutlookTM. Of the different email applications covered, I consider Thunderbird the most well-integrated and straightforward, and I highly recommend it over its commercial competitors. While I typically recommend that most people interested in both secure and flexible computing use a Linux OS, Mozilla Thunderbird and GnuPG both operate on WindowsTM and Mac systems, so you don't need to run Linux to use them. In spite of its advantages, I recognize that many people are more comfortable using proprietary software systems, or their IT departments prevent them from using alternate systems (as mine tried to do once---and only once), so I will do my best to make sure that the tools I describe work with Microsoft® email systems as well.
Any security system is only as good as its end users. Silly mistakes, such as using "qwerty" for a password, can render even the most sophisticated encryption systems completely useless, or worse. So, a certain measure of common sense is always required (this is always what trips me up). How you go about encrypting your data will depend to a large extent on what you want to encrypt and why, so you should take some time to think that through before you begin. As with all security measures, there is an inherent trade-off between increased security and ease of accessibility. This leads some people to conclude that it's best to only encrypt the data you consider sensitive. On the other hand, some people have pointed out that an encrypted message sent by someone who normally doesn't use encryption might gain that much more attention from anyone who happens to be watching. Ultimately, you will need to decide what you want to secure and what you want to be accessible.
You'll need to understand a few basic ideas in order to use GnuPG effectively and safely. We'll cover some of these basic concepts before going into the details of making it work. If these concepts are already familiar to you, then feel free to skip ahead to the next section. Originally, I was going to try to wrap the terminology into an amusing narrative, but then I remembered how annoying that approach is when you're trying to look something up later. Instead, I have chosen to list the key concepts in alphabetical order, although you may need to skip around a bit, as some terms only make sense when you understand others. At first, I tried to list them from basic to advanced, but I found myself continuously rearranging the list and so gave up on that approach. I've compromised by enclosing terms in the definitions that have their own definitions in <dfn> tags and hyperlinking them to their definitions.
subkeys.pgp.net. I personally use keyserver.ubuntu.com on port 11371. Your GUI will allow you to select a desired keyserver, or you can specify one on the GnuPG command line. Most of the different keyservers synchronize with each other, so you typically only need to submit your key to one server to distribute it globally.The Web of Trust is a system within the encryption community that allows you to determine whether someone actually is who h(er|is) public key declares (s)he is. You can vouch for someone's identity by attaching your digital signature (see above) to h(er|is) public key, and then sending the signed key back to its owner. When you sign a public key, you are declaring that you are absolutely certain that the key you signed belongs to the person named in the ID, so never sign a key that you have not verified with its owner in person! When you verify someone's key, you should request an official form of ID (Operator Driver License, Passport, etc.) and verify that the name on the key matches the name on the ID exactly (e.g. if the key reads 'Greg', but the ID reads 'Gaylord', then refuse to sign the key unless the key ID is changed to 'Gaylord'). This level of security may seem extreme, but it's necessary to ensure that the Web of Trust remains secure. If this responsibility seems a bit overwhelming, don't worry. You don't need to participate in the Web of Trust to use GnuPG. In fact, I'm not going to say anything more on the topic. You can learn more about keysigning and the Web of Trust, including instructions for keysigning in GnuPG, by consulting the references at the end of this article.
Before you can begin setting things up, you'll need to download the necessary ingredients. If you're using Thunderbid, then all you need is Thunderbird, GnuPG and the Enigmail plugin. If you're using Outlook, then you'll need WinPT (see the software list at the end for an alternative to WinPT), which comes with its own version of GnuPG.
sudo apt-get install thunderbird)GUIs are available for most platforms that run GnuPG, although they each have their own quirks. While a GUI may help you get started (particularly if you're one of those people with an irrational phobia of the command-line), you'll probably eventually want to get to know GnuPG on a 'more intimate' level.
Obviously, the installation instructions depend on the platform you're using. I'll cover Ubuntu Linux and Windows in detail, but I don't know Macs well enough to offer instructions for them. If I find any good tutorials for Mac users, I'll post links to them.
$ apt-get install thunderbird mozilla-thunderbird-enigmail gnupg2* gnupg-doc
* gnupg2 is the package name for GnuPG Version 2, which is the desktop version. Omit the 2 for the standalone version.
Congratulations, everything should now be installed. Move on to the next step, generating key pairs.
The applications you need to install depend on whether you plan to use Thunderbird or Outlook.
The installation of Gpg4win is relatively straightforward. Simply execute the installer that you downloaded and follow the on-screen instructions. You will probably want to keep most of the default settings. If you plan on using Outlook Express, then make sure WinPT is selected. If you plan to use Outlook, then make sure GPGol is selected. GPGee will allow you to encrypt and decrypt files on a local drive.
Outlook and Outlook Express don't allow you to use PGP/MIME protocols, all encryption must be done with inline encoding. Be sure to warn your correspondants of this limitation, or you may start to get annoyed with all the illegible messages you receive (yet another reason to switch over to Thunderbird). You'll also need to adjust some of your Outlook / Outlook Exchange settings to make them compatible with GnuPG:
Outlook Express
Outlook
Here's where trying to provide a unique set of instructions for each configuration becomes a bit tricky. Each of the different GUIs will have slightly different configurations, and I have neither the time nor the desire to walk through each one individually. Instead, I will cover key generation in GnuPG from the command-line first, so that you'll understand what the options mean. After that, I'll briefly cover the key generation process in WinPT.
I will assume that Linux users already know how to access the terminal. To access the command-line in Windows, select 'Run' from the 'Start Menu', and enter 'cmd' into the dialogue box.
$ gpg2 --gen-key
--expert flag to the initial keygen command. I leave the decision of which key type to use up to the user, with the qualifier that RSA is generally considered more 'up-to-date' than DSA). Select DSA and Elgamal (default):
Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? 1
DSA keypair will have 1024 bits. ELG keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 2048 Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 1y
Key expires at Mon 20 Jul 2009 19:41:30 EDT
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and E-mail Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: Brian Napoletano
Email address: napzilla@napoletano.net
Comment: Graduate Student, Webmaster, Activist
You selected this USER-ID:
"Brian Napoletano (Graduate Student, Webmaster, Activist)
<napzilla@napoletano.net>"
Change (N)ame, (C)omment, (E)-mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilise the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilise the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 89FAF746 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1 valid: 1 signed: 0 trust: 1-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2009-07-20
pub 1024D/89FAF746 2008-07-20 [expires: 2009-07-20]
Key fingerprint = 27B6 0D97 2056 132E 5303 A03F 300A 3009 89FA F746
uid Brian Napoletano (Graduate Student, Webmaster, Activist)
<napzilla@napoletano.net>
sub 2048g/43F6924F 2008-07-20 [expires: 2009-07-20]
The trust information goes back to the Web of Trust, which I promised not to cover any more. Below that, you'll find the user id and fingerprint for your key. Copy your key fingerprint down somewhere, as it can be used to find your public key on a keyserver.Key generation is relatively straightforward in WinPT. Simply select 'New' from the 'Key' menu, and then select either 'Normal' or 'Expert' (I am assuming you're not using a Smartcard). The information provided in this article is probably sufficient to allow you to use the 'Expert' mode, but the decision is yours. Once you make your selection, answer the questions to generate your key.
Once you have finished generating your keypair, you should create a backup copy and a revocation certificate. We'll cover those procedures next.
You want to keep a copy of your revocation certificate around so that you can revoke your public key if something happens to your private key (e.g. you lose it or Mallory gets hold of it). You should also generate a backup of your keys, so that you are less likely to lose them. Of course, such a strategy is most effective if you keep the backup someplace safe, like on a USB drive that you carry with you or in a safety deposit box. I just discovered that WinPT automatically asks you to back up your keys right after you generate them. This puts those of you using WinPT one step ahead of everyone else, so you can skip down to the second step, which tells you how to encrypt your key backup.
In GnuPG, you generate a backup of your keyring by exporting it to a file that you should encrypt with a symmetric algorithm.
--export flag. Use the --output flag to specify a file to which the key should be written.
$ gpg --output backupkey.napzilla@napoletano.net.bak --export-secret-keys napzilla@napoletano.netYou can specify the key to be exported by using any information unique to that key. If the email address is only assigned to that key, then you can use the email address. Alternatively, you can use the key ID (the last 8 digits of the key's fingerprint, sans spaces).
$ gpg --symmetric backupkey.napzilla@napoletano.net.bakWhen you enter the above command, GnuPG will ask you for a passphrase. This is the passphrase that you will use to encrypt and decrypt your backup key, not the passphrase you assigned earlier. Make sure that the passphrase is something that you will be able to remember.
Deleting a private key does not automatically shut down your public key, which may have been distributed across the Internet already. Instead, you need to revoke both your private and your public keys with a revocation certificate. You can easily generate such a certificate if you have access to your private key, but what if you lose the private key? In such an instance, you will be glad that you took the time to generate a revocation certificate when you first generated your keypair. Generating such a certificate is relatively simple in GnuPG. Simply use the --gen-revoke in conjunction with the --output flags. You may also want GnuPG to output the certificate in ASCII format, so that you can read it. Simply add the -a flag:
$ gpg -a --output revcert.napzilla@napoletano.net.asc.revoke --gen-revoke napzilla@napoletano.net
As with the previous instance, the text after the --output flag is the name of the file you're writing to, and the text after the --gen-revoke flag is used to identify the key for which the certificate is to be generated. GnuPG will ask you to select a reason for the revocation, and you should select '0 No reason specified'. The program will then allow you to enter an explanation, which you can phrase as something to the effect of "Generic revocation certificate generated at time of key generation".
WinPT allows you to generate a revocation certificate by selecting 'Revoke Cert' from the 'Key' menu. Select '0 No reason specified' for your reason, and enter something to the effect of "Generic revocation certificate generated at time of key generation" in the 'Optional description text' space. Then, enter your passphrase and specify an output file for your certificate.
Once you have finished generating and backing up your keys, you can specify your new key as your default key for email encryption. I am assuming that you have already set up your email account to send and receive with Thunderbird or one of the Outlooks. If you do not know how to do this, then consult the email client's help documentation, as well as any documentation offered by your email server. Be warned that Yahoo! does not offer POP access on its free email accounts, but Gmail does (you need POP access to run your email account through a client like Thunderbird or Outlook). Once you have your email account configured, you're ready to configure your encryption options.
In Thunderbird, you do this by navigating to the email account that you want to associate with your GnuPG key, and selecting 'View settings for this account'. Select the 'OpenPGP security' option, and check the box to enable OpenPGP support for that identity. Then, you can have Enigmail identify the key to use by searching for the key with the matching email address, or you can specify a key from your keyring (if you only have one key, then either option will probably work). You can also specify whether you want your messages to be encrypted, signed or both by default. If you want people who are using a Microsoft® email client to be able to receive signed or encrypted messages, then you should not check the 'Always use PGP/MIME' box. Finally, you can specify whether or not you want your public key ID to appear in the header, and you can specify a URL from which message recipients can download your public key.
Unfortunately, I was unable to experiment with the encryption configuration in Outlook or Outlook Express, as I do not have access to a machine with a working version of either client. I have collected the following instructions from the documentation for Gnupg4win and from the text of PGP & GPG, by Michael Lucas.
Outlook Express
I did not see any instructions for configuring default keys in Outlook Express. According to the documentation, two new buttons should appear on your email composition screen after you install Gnupg4win. One button is labelled 'Sign', and the other is 'Encrypt'. Outlook Express will then ask you to identify the key it should use (if you have more than one) and to enter your passphrase when you press the 'Send' button. Remember that you should have told Outlook Express not to send messages immediately, so you will need to press the 'Send/Receive' button on the main screen to actually deliver your message.
Outlook
Outlook uses a plugin called 'GPGol'. The Gnupg4win documentation includes a section with recommendations for using this plugin, and you should read these recommendations if you plan on using Outlook. Once Gnupg4win is installed, you can reach the GnuPG configuration menu by selecting 'Options' from the 'Tools' menu. As with Thunderbird and Enigmail, this menu should allow you to specify a default key, and whether or not you want your messages signed, encrypted or both by default.
Any of the email plugins should cause a button that enables encryption and signing to appear when you're composing emails. Encrypting a message means that only the people who's public keys are listed will be able to decrypt the message (this includes you--if you don't list yourself as a recipient, then you won't be able to decrypt your own message). Signing a message attaches a brief hash to the email that can be checked by the recipient to verify that the message came from you and that it hasn't been altered. Because people without GnuPG can still read signed messages, you may wish to always sign your emails, regardless of whether or not you encrypt them.
Also, note that encrypting an email message does not encrypt the subject line. Going through all the trouble of encrypting an email containing a secret recipe is rather pointless if you give it a subject like "The secret ingredient is formaldehyde". Even indicating that the message contains a secret recipe may cause Mallory to give it more attention than you'd like. Instead, either leave the subject line blank, or give it an innocuous title, such as "The instructions you requested" or "What are you doing this weekend?". This highlights a more important point, which is that good encryption is not a substitute for common sense. If you encrypt and sign an email to a co-worker complaining about your boss, that co-worker can easily decrypt the message and pass it along to the aforementioned boss. Worse, the fact that you signed the message means that it couldn't have been forged by your co-worker! If you use common sense and encryption together, then you're much more likely to protect your privacy and your job than if you use just one of the two.
Now that you have your own keypair and you're ready to begin sending secure emails, you need to distribute your public key so that other people can send you secure messages. As I mentioned previously, you can distribute your public key any way you see fit. To help you do this, I will show you how to export your public key and how to send your key to a keyserver in GnuPG. GUIs like WinPT also offer options to facilitate these processes, so I'll also describe how to do it with WinPT.
Exporting your public key in GnuPG is very much like exporting your private key. Instead of the --export-private-keys flag, you simply use the --export flag (once again, add the -a flag to make your public key legible in plain text form).
$ gpg -a --output napzilla@napoletano.net.public.asc --export napzilla@napoletano.net
Sending your key to a keyserver is also fairly straightforward with GnuPG. Specify the name of the key to be sent after the --send-keys flag, and specify the server you wish to send your key to after the --keyserver flag.
$ gpg --send-keys napzilla@napoletano.net --keyserver subkeys.pgp.net
In this instance, I instructed GnuPG to send the key with napzilla@napoletano.net in the address to the subkeys.pgp.net server (this is the server that Michael Lucas recommends; I personally prefer keyserver.ubuntu.com).
You can export your public key simply by selecting the key on the main screen and then pressing the 'Export key to a file' button (the button with the picture of a floppy disc on it). You should probably change the directory that you're saving to, as the default path is inside the directory that you installed Gnupg4win in.
Publishing your key to a keyserver is almost as easy as exporting it. 'Right-click' on your key, and move the mouse down to 'Send to keyserver'. Then, select the desired keyserver from the list and send your key.
Remember, the keyservers only represent one of many media through which you can distribute your public key. If you have a particular friend that you want to communicate with, you can send h(er|im) an email message with a copy of your public key attached, and request that (s)he do the same. You can also print or write down your key's fingerprint and give your friend a copy of it. (S)he can then use that fingerprint to find your key on a keyserver.
You are almost ready to begin communicating securely via email! You only need to learn one more minor function: importing other peoples' public keys. You can import public keys from a keyserver simply by searching for and downloading them. If you have downloaded a key from an alternative source (e.g. an email message or a web page), then you'll need to tell GnuPG to physically import the key. Here's how you do this with GnuPG and with WinPT:
To import a key from a keyserver, you simply use the --recv-keys flag. For instance, if you want to import my actual public key (not the fake one I've been using as an example, but the one I honestly use), then you would enter the following:
$ gpg --recv-keys C5B7DC56
GnuPG will then query the server for the key with the ID that matches the one specified after the flag. Obviously, this only works if you have the key ID. If you're working with more basic information, such as a name, you would use the --search-keys flag:
$ gpg --search-keys 'brian napoletano'
If you enter this particular line, you'll probably find quite a few extraneous keys on the server. I made a few mistakes while I was learning how to use GnuPG, and my revocations are taking a while to filter through the system. Make sure you enclose the name you're looking for in quotes, or you will confuse GnuPG (it will think that the name after the second space is another option, and last I checked, there was no 'napoletano' option).
If you already have a copy of the key you wish to import on your computer, then you do not need to bother searching the keyserver for it. Instead, use the --import flag to import a local file. I have attached a copy of my public key to this article, and you are welcome to download it and to import it into your keyring. After you download the key, open a terminal interface ('Run' 'cmd' for you Windows users) and go to the directory that you saved the key in. Then use the following command to import the key into GnuPG:
$ gpg --import bmn.personal_pubkey.asc_.txt
I don't know why Drupal insisted on using such a funky filename for the key. Apparently, bmn.personal_pubkey.asc wasn't a valid filename, so it decided to make it more confusing. In any case, GnuPG should add my public key to your keyring after you issue the above command.
Fetching keys from a keyserver is even easier in WinPT than in GnuPG. Simply select 'Keyserver' from the main menu bar, and WinPT will open a dialogue box with a list of keyservers and a box to enter a key ID or an email address to search for. Recall that the key ID is the last eight digits of the key fingerprint. Once WinPT returns a list of keys, select the one you want and press the 'Receive' button. If you would like to search an additional keyserver, 'right-click' on the list of keyservers and select 'Add'.
Importing local keys is also relatively simple. Select 'Import' from the ''Key' menu, and then direct WinPT to the location where the key you wish to import is stored. Once you find the key, press the 'Open' button, and WinPT will import it into your local keyring!
I chose to omit a few major topics because they weren't necessary to my central objective, which was to provide you with simple, straightforward instructions for securing your email. I do think that you should take the time to investigate some of these topics when you have a moment. These topics include:
--encrypt flag. Be sure to add yourself as a recipient if you want to be able to decrypt the file. Some GUIs, such as WinPT, install with a feature that adds an 'Encrypt' option to the context menu (the menu that appears when you 'right-click' on a file in Windows Explorer).--edit-key flag. You can also add a photograph to your key in the edit menu.Congratulations! If you have read this entire article, then you are now ready to send and receive private email messages. My hope is that making this information available will help to engender more respect for online privacy. As our culture becomes increasingly 'digitized', more of each person's private life will become accessible via the computer. I, personally, would like to see as many of those lives as possible remain private, and I don't believe that anyone should be allowed to invade that privacy without good cause and a legal warrant. It is precisely when our society faces threats such as those incurred by terrorism that we need to be the most vigilant about defending our sacred values, because times like that are when they are the most likely to be sacrificed in the name of 'state security'.
Please provide feedback as to whether or not these links helped or links that did help, so that I can improve the resources for other Windows users.
Please provide feedback as to whether or not these links helped or links that did help, so that I can improve the resources for other Mac users.
Pardon me while I rant for a moment...
The U.S. Senate gave in to pressure from the Bush administration and from telecommunication industry lobbyists on 9 July, 2008 when it approved the amendments to the Foreign Intelligence Surveillance Act (FISA) that were sponsored by Representative Silvestre Reyes of Texas. The FISA amendments that most people dislike are the ones that allow the Attorney General and the Director of National Intelligence to submit 'bundled' requests for authorization to monitor an unspecified number of targets, extend the deadline for approval of pre-emptive surveillance to seven days, and grant immunity from prosecution to industries (and landlords) who illegally supplied records to the NSA before the legislation was enacted or who do so in the future. It's not that opponents have something to hide from the NSA, but most would include them in their recipients list if they really wanted the NSA reading their messages.
Thank you for your patience. You can find information about the controversy over FISA at the links below.
| I purchased this book from Amazon and read it in a day. It's very concise, easy to read and it provides enough information to get you up and running with GnuPG (or OpenPGP). This book is not too expensive, and I highly recommend it if you're new to the world of cryptography (like me). Much of the information I provide here came from this book. | |
| I recently purchased this text on the recommendation of a close friend and colleague, Jonah Duckles. I now understand why he told me that it is the requisite text for anyone interested in exploring cryptography. In addition to covering the concepts, mathematics and pragmatic applications in detail, this wonderful resource provides the C code to implement many of the algorithms covered in the text. |
| Attachment | Size |
|---|---|
| bmn.personal_pubkey.asc_.txt | 133.43 KB |
This work by Brian Napoletano is licensed under a Creative Commons Attribution 3.0 Unported License.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0