Mark and CafeNinja talk about email encryption and other uses for GNU Privacy Guard (GPG).
Open Inn Podcast Episode Two - MP3 [28:06m]: Play Now | Play in Popup | Download
Open Inn Podcast Episode Two - OGG: Play Now | Play in Popup | DownloadWhat is encryption ?
On the most basic scale, think secret decoder ring from old cereal boxes.
Its just a way of scrambling the message so that only the recipient can decipher it.
GPG can also be used to cryptographically ‘sign’ a message so that you know it came from the right person and hasn’t been tampered with en-route , a bit like using a wax seal in “ye olde days”.
Why use encryption ?
Google’s Gmail service uses encrypted HTTPS / IMAPS protocols but thats just between yourself and the gmail server , the data is not encrypted at all other times.
When the email is passing from one server to another as email often traverses multiple machines to reach it’s destination. as well, once on the destination server the data is not encrypted it means that law enforcement, your ISP, the IT guy who works at the ISP, some kiddy script hacker who manages to get into your account can then read everything….think Sarah Palin + Yahoo. Embarrassing. Anyway, this leaves it a jumbled mess on the server and in transmission and no one will care about your email and can’t read it even if they decide to.
By using GPG you know that the mail can only be read by the person it was intended for.
What is GPG encryption ?
Advanced algorithm encryption. Text scrambling using math in such a way, that a computer dedicated to the task of unscrambling it without your password would require 10-20 years depending on your setting. Generally, it is felt that anything that is sensitive now, won’t be in that time frame thus rendering the act of decrypting it moot. It’s mega secure, like the NSA doesn’t like you using it since then they can’t read your email.
In fact encryption algorithms were banned from export for many years as they were classified as a weapon , now its just apathy that stops the general public from using it.
What is all this key stuff about ?
After installing the GPG application you will create a private / public keyset.
The private key is kept private by you , never loose control of this file , it is used to decrypt your messages.
The Public key is used by other to encrypt a message to you , this file is distributed publicly via email , usb keys or the keyservers.
Is it hard to do GPG encryption ?
Truth, no.
On Ubuntu as a mainstream example it is amazingly easy. Take a look at the community documentation.
There is a control panel for that under Applications->Accessories->Passwords and Keys
How do I incorporate that new key into my email stuff ?
If you use Evolution in Ubuntu then everything you need is installed , just create a Keyset and go.
If you use Thunderbird, grab the Enigmail extension.
If you use mutt or pine, you just need to specify the key footprint.
If you are using windows, I really have no idea besides the expensive proprietary stuff from PGP Corp.
On the Mac there is a bundle for PGP support in mail.app which has finally been updated to include support for Mac OS X 10.6.
Installation notes for Thunderbird on Ubuntu 9.10
1.) Applications -> Accessories -> Passwords and Encryption keys
2.) File -> New.. -> Pop-Up window -> PGP Key
3.) Fill in the details. Advanced option defaults are sane, maybe increase the bits to 4096
4.) Select expiration on your own judgement. It is like making a key that isn’t good in 1 mon.
5.) Press OK.
6.) type a password twice, make it a good one.
7.) wait patiently while key is being generated.
8.) note the “Key ID” when you return to the Password and Encryption Keys app. It should be 8 char long.
9.) sudo apt-get install thunderbird enigmail
10.) goto http://enigmail.mozdev.org/download/index.php with info on your OS and Thunderbird to download.
11.) open TB and add the .xpi you downloaded. restart TB.
12.) after that, the final stuff http://enigmail.mozdev.org/documentation/quickstart-ch3.php I haven’t done it.
Installation notes for Bash environment variable
Add this to your ~/.bashrc file :-
# gpg key export GPGKEY=12D8FB3B
Have we missed anything ? Leave a comment and I’ll update the post.
This episode was recorded by my Asterisk server using ulaw and g729 codecs.
whens the next episode coming?