Across the globe, over 2 billion people are sending over 144 billion emails a day, and nearly every single one of those messages can easily be intercepted by someone other than the recipient. Even without the NSA spying on us, the insecurity of the protocol that makes up for so much human communication today, should be of concern to all of us.
Even if you encrypt your own internet connection, if you use Tor, or a VPN for example, once you send an email, the server usually passes that on in plain text, through several routers, eventually finding its way to the server hosting the recipients email account, and then the recipient usually will download or read that message through an unencrypted connection, that also has to pass through numerous routers across the internet. At any point along that path, someone with access to the equipment passing that traffic, can intercept the messages they are passing, and read them. Especially considering that 25% of all email communication is business related, it’s nothing short of insanity that security in this protocol is something that almost nobody stops to think about.
First off, good job on the HDD encryption and anonymous browsing articles.
I discovered PGP email encryption a few months ago, and I think it would be good to have a how-to article for those non-techies out there who feel a need to send secure emails.
Lucky for you, it is possible to encrypt not only your emails, but other communications as well, using PGP. Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. It was created by Phil Zimmermann in 1991, and was later introduced as an internet standard known as OpenPGP, which now makes it available to you, for free, in a variety of ways. There is no known way to decrypt PGP, even the United States Federal Government has not cracked it, or at least, has not acknowledged the ability to do so. Zimmerman was actually investigated for exporting munitions after creating the program, because the United States Government considers encryption this strong, to be a weapon.
There are many ways to use PGP, this guide will be discussing GPG4Win, Microsoft Outlook, and a Chrome plugin called Mailvelope. Like all “How To Anarchist” guides, this guide assumes you have a basic understanding of how to browse the web and handle files. This guide also assumes you are using Windows, but PGP is available for Mac, Linux, Android, and other platforms.
Step 1. Download and Install GPG4Win. The installation is a “Next Next Next” sort of process, so I won’t describe that in detail.
Step 9. Choose a path to store the backup in, and click OK (Maybe you want to put it in the hidden volume of your TrueCrypt file) You don’t want anybody getting their hands on this file, this file in combination with your passphrase, will allow an attacker to decrypt your messages.
Step 11. Choose a location to save the certificate, and click save.
Step 12. The file you just saved is your “Public Key” send this file to people who you want to communicate securely with. When they send you a message, they will need this to encrypt the message for your eyes only. You can give anybody this key, you can even post it publicly on your website for all to see.
Step 13. Get certificates from other people who you want to send secure messages to, and import them into Kleopatra by Import Certificates.
Now that you have your certificates, you have a number of options available to you.
You can encrypt any message for anything, gmail, instant messenger, even facebook. For this example, I’m going to send my Facebook alter ego an encrypted message, then decrypt it.
Step 1. Open Notepad, it should be in your programs menu under accessories. Any text editor will do, and theoretically you could even begin typing your message on facebook, but, facebook, gmail, and other web applications read your text as you type it, sometimes because they are just nosey, in other cases because they are saving drafts.
Step 3. Press CTRL+A to Select All, Then CTRL+C To copy the message to the clipboard
You can use this method for any communications method you desire, facebook, webmail, instant messenger, anything that transfers text, that allows you to use a clipboard to copy and paste, can be encrypted and decrypted with Kleopatra.
If you have Microsoft Outlook installed, an extension for Outlook was included in your GPG4Win installation.
Using GPG4Win with Microsoft Outlook.
Step 1. Create a new email in Microsoft Outlook.
Step 2. Enter the address of the person you wish to send the message to (In this instance, I’m going to send myself an email for testing purposes, you should do the same), enter the subject (Subject will be readable by anyone who might intercept the message, nothing sensitive in the subject line), and enter your message.
Step 3. You should see a tab near the top of your new message window that says “GpgOL” Click on it.
While writing this article, I found a really neat browser plugin for Google Chrome, called Mailvelope. There is a version in development for firefox as well, but I will just cover chrome for now.
Mailvelope is a browser plugin that makes using PGP in your webmail applications like GMail, Hotmail, and Yahoo! very simple.
Step 11. Click Transfer, and the encrypted message will be pasted into the body of the message, click OK to send.
That’s pretty much it for this article. PGP is powerful encryption that is open source and available to anybody. If this guide confused you at all, let me know in the comments below, or in the forum, and I’ll try to clarify the confusion. Once you’ve done this a couple of times, it’s very easy to do, and it will make your communications impossible to intercept. That not only makes your life more secure, it makes the world a better place.
Feel free to add my public key to your address books, and send me encrypted messages anywhere, and be sure to share this article with your friends and on social networks. The more widely used this technology is, the less incriminating it looks, and of course, you can only exchange encrypted messages with someone who has set this up already and given you their public key.
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: OpenPGP.js v.1.20130820
—–END PGP PUBLIC KEY BLOCK—–