Page 1 of 1

How to Encrypt your Email (PGP ftw) Rate Topic: -----

#1 NotarySojac  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 53
  • View blog
  • Posts: 428
  • Joined: 30-September 10

Posted 07 February 2013 - 10:06 AM

This is a written tutorial and video walkthrough on how to use PGP to encrypt your email.

Video TOC
Part 1 - Download Thunderbird, GnuPG, and Enigmail

Part 2 - Install

Part 3 - Configure and Test Demonstration

Before we get to the nitty gritty, I'd like to explain how powerful this technology is before people navigate away thinking it can't ultimately protect them.

I used to believe that anytime you sent a message over an unsafe network (e.g. the internet) other parties would be able to decrypt the document --assuming you specified in which way the document was encrypted over the internet. I rashly presumed that the only safe way to have encrypted communications was to use Snail mail to share passwords. Well it turns out that this was a naive belief of mine, and it simply isn't the case.

Using a technology known as asymmetric encryption, one generates "key pairs" a public key and a private key. And they are able to share the public key over the internet to be used for encrypting messages. Once messages are encrypted with a public key, it becomes virtually impossible for any to decrypt the message other than the person with the private key.

So as an overview, what we're going to do is:

::A. Downloads/ Installations
1) Install Thunderbird, a desktop mail client
2) Install GnuPG, a PGP implementation
3) Install Enigmail, a encryption plugin for Thunderbird

::B. Configurations
4) Generate a public private key pair
5) Upload our new public key to the keyserver
6) Search for our public key and attempt a DL from the key server

::C. Application
7) Send a test mail to yourself

A. Installations
I'm just going to link to the files needed for a windows machine. The procedure is fully documented in the video if you have any trouble. It's kinda hard to do it wrong if you leave all the installation options at default.


B. Configurations

:: Add an existing email account to Thunderbird

First, you need to add an email account to Thunderbird. That step is pretty straight forward and documented in the video, but for reference, in Thunderbird go to:

File -> New -> Existing Mail Account

(Hit alt to expose the file menu)

And follow along with the dialog to add an existing email account to Thunderbird. When this step is completed, you will be able to send and receive emails on your desktop, but the encryption features have not been setup yet.

:: Generate an encryption Keypair with Enigmail

So once all those programs are installed, you should be able to open Thunderbird and find a fancy "Open PGP" menu option on the top file menu (hit 'alt' to expose the top menu bar).

To generate a key pair that will allow other people to encrypt messages they send to you, choose:

OpenPGP -> Key Management -> Generate -> New Key Pair

At the "Generate OpenPGP Key" Dialog menu, configure the following settings:

-Select which account you would like associated with this key at the top (you will only have one email address setup)
-Check the "No Passphrase" checkbox
-Optionally, you can go to the advanced tab and change the key size

Once that's all set, click "Generate Keys" and your key pair will be created.

When you are returned to the "OpenPGP Key Management" dialog, you can check the "Display all keys by default" checkbox, and you will see your key appear in the listbox. You can right click the key to choose to copy the public key to your clipboard. This is handy for if you want to share your key with someone else when the keyservers are down (to import a key, choose Edit -> Import Keys from clipboard).

There also exists, an option to upload your public key to the keyserver where others can easily download it in order to send you encrypted messages that only you can decrypt. To upload your key, right click it in the list box and choose "Upload public keys to the keyserver." To download keys from the server, choose:

Keyserver -> Search for keys

..and then type in the email address you'd like to download the public key for. This will allow you to encrypt emails with that person's public key.

C. Application

So now it's time to send a test mail to yourself. To send a message, click the "Write" button in the top left corner of the screen. From there you can fill out the email form as you would using any other mail interface. But before you send the message, you'll notice an OpenPGP dropdown menu. Click it and choose "Encrypt Message" and your message will be encrypted when it is sent.

If you send a test email to yourself, you'll be able to prove that your message was encrypted by logging into your email account's web interface and trying to read the message. You should find that the Subject wasn't encrypted, but the message itself was.

On android, you can use an application called K-9 to use PGP encryption as well, but as an interesting aside, unless you're using a hardened OS, you should assume everything on mobile devices is insecure (that's not naive, that's literally how it is, the NSA have released official opinions on the matter), thus I don't personally share my keys with my stock OS mobile device.

Is This A Good Question/Topic? 0
  • +

Page 1 of 1