Let’s suppose that you want to send somebody an message that contains sensitive information which you want only the person getting the message to see — say an important password or an account number or a transaction that you’d rather keep on the down-low, for no particular reason worth mentioning.
The problem is that e-mail sent over the Internet is normally sent in plain text. Like anything else on the Internet, it passes through several different servers and routers on its way to its final destination. If one of these servers or routers is compromised by a snoop (your ISP, a malicious hacker, the Federalis, No Such Agency…) they can easily set up the computer to keep a copy of your e-mail for the snoop to read at his or her leisure. This is a how-to guide for one way to solve that problem: setting up and using encryption for your e-mail (specifically OpenPGP double-key encryption). In particular, I’ll show you how to set up encryption using GPG (the GNU Privacy Guard) for Gmail, in the Firefox web browser, on a computer running Windows XP or Vista.
The good news is that, while encryption used to be something of a nerd pastime and a hacker dark art, new tools have been developed which make encryption relatively easy to set up and painless to use even for casual computer users. Practically speaking, this is a very important development for anyone who occasionally needs a secure channel for sharing sensitive information. (For example, as a web developer I’ve already guided a few of my friends and business contacts through setting up GPG so that we can safely exchange user login credentials.) If you know where to go for thse tools, you no longer need technical expertise, or even a great deal of patience, to get up and running with an easy-to-use setup for double-key encryption of your personal e-mail. You just need a bit of guidance, and that’s what this is for.
I’ve chosen to walk you through the set-up for a very specific software environment because that helps keep things simple and concrete, and because this particular software environment is one that a lot of people — including a lot of my friends — happen to use. But if you don’t use exactly this software set-up, you can still get something from this how-to by changing out one or more of the steps.
A bit of background. PGP (Pretty Good Privacy) is a system for double-key encryption. Double-key encryption works by generating a paired set of encryption keys. A message that’s encrypted using one key can only be decrypted using the other, but someone who has the one key can’t use it to generate the other key. The practical upshot is that you can use one key as a
public key, which you give out to everyone, and the other as a
private key, which you guard as a secret.
Any message that is encrypted using your private key can be decrypted and read by anyone with access to your public key (meaning, effectively, everybody), but — since only you have access to your private key — it guarantees that only someone with access to your private key (meaning, hopefully, only you) could have written the message. So it acts as a secure form of electronic signature, verifying that it was really you who sent the message.
Any message that is encrypted using your public key could have been generated by anyone with access to your public key (anyone). But it can only be decrypted and read by someone with access to your private key (only you).
And, similarly, if you’re communicating with someone else who uses PGP, and whose public key you have access to, you can (1) encrypt the message using your own private key, and then (2) encrypt it again using their public key — guaranteeing that only your intended recipient can read the message (since only they have access to their own private key), and that only you could have written the message (since only you have access to your private key).
Nowadays, most people who use the technology behind PGP actually use a program called GNU Privacy Guard (GPG) which is an open-source implementation of the same technology. For Windows users, there is a version of GPG called Gpg4Win.
GPG itself is a set of command-line utilities that will generate keys, manage a keyring, and encrypt any text that you pipe in to the program. You could in principle do any encryption you needed to do just by learning how to use these command-line tools, then cutting and pasting to and from text files. But it’ll be far less awkward to manage your keyring through WinPT, a graphical tool that comes with the Windows GPG package. WinPT will allow you to create your own key pair, to upload your public key to a key server so that your friends can find it, and to download your friends’ public keys so that you can encrypt your e-mails to them. Then, if you use Firefox, you can install an add-on that will integrate GPG with the Gmail interface; at the moment, I’d recommend FireGPG.
So here’s a step-by-step guide for getting up and running:
Install GPG and WinPT from http://www.gpg4win.org/
Launch WinPT from the Start Menu. A small icon of a key should appear in your system try. Meanwhile, you should now see a
First Start dialog box:
Generate a GnuPG key pair and mash
OK. You’ll be asked for a name and e-mail address; fill in the primary e-mail address that you’ll be using to send and receive encrypted e-mail. (If you have more than one e-mail address that you’ll want to use, don’t worry; we’ll come back to that later.)
You'll be asked to choose a passphrase for securing your private key. Choose one that's secure -- preferably both long and easy to remember without writing it down. You can include any characters that you can type, including spaces, numbers, punctuation, etc.
The passphrase is used as a cipher on your private key, to increase security, so that you can store it on your computer, or even on a shell account, without having to worry that someone who uses your computer for a few minutes, or has a shell account on the same machine, will be able to compromise your identity by copying the keyring file: only someone with *both* the keyring file and your passphrase will be able to use your private key. You'll need to be ready to enter this passphrase whenever you want to send a signed message, or to read an encrypted message sent to you.
After you've entered the passphrase a second time (to make sure there were no typos), WinPT will churn for a while as it generates a key pair for you.
Once WinPT announces that your key pair has been generated, it will suggest that you make a back-up of your keys on a CD-R, USB drive, or some other external storage, to guard against the day when your hard drive fails (as all hard drives eventually will).
You should probably take their advice: if you lose the local copy of your private key and don't have a back-up, there is no way whatsoever for you to recover it. If you're worried about saving a copy of your private key, remember that your private key is protected by your passphrase.
- Now that you’ve created your key pair, it should appear on your keyring: double click on the key icon in your system tray to look at the Key Manager with your newly-minted key pair in it.
If you have more than one e-mail address that you'd like to associate with the same public key, you can associate secondary e-mail addresses with your key pair by right-clicking on your key pair and selecting Add --> User ID.... Then follow the instructions in the dialog box.
Next, you'll want to make it easy for your friends to access your public key, so that they can verify your signature and so that they can encrypt messages for your eyes only. (Remember, you can pass out a *public* key to absolutely anyone; that only allows them to *encrypt* messages *to you*; it doesn't allow anyone to *decrypt* the messages you're receiving.) To do this, right-click on your key pair and select <q>Send to Keyserver,</q> then click on each keyserver in the submenu.
- Now you’ll want to import public keys for people who you might want to send encrypted e-mails to. To start grabbing public keys, click on the
Keyserver menu entry. A dialog box should immediately pop up; enter your friend’s e-mail address and then mash
Search. For testing purposes, you can grab my public key, for
firstname.lastname@example.org (minus quotes).
When a key (hopefully) pops up for the e-mail address you entered, highlight the key and pull it in to your keyring by hitting <q>Receive.</q>
If everything goes well, you should see the new public key imported into your keyring.
If you have any trouble getting your friends' public key from a key server, you can always just ask them to send you a copy by e-mail, copy the block of gibberish they send you onto the clipboard, and then Import the public key from within WinPT. Alternatively, if you can call up a copy of their public key in your web browser (through webmail or from your friend's web page), you can use FireGPG, the add-on I discuss below, to directly import the public key from your web browser.
- Now, start up Firefox and go to http://getfiregpg.org. Then install the FireGPG add-on.
Once you've clicked through the dialog boxes, and successfully installed FireGPG, restart Firefox.
- After you’ve restarted Firefox, go to Gmail and try composing a new message to me at email@example.com. There should be some new buttons available for when you send the message.
Hit <q>Sign, encrypt and send.</q> You should be asked to select a public key from a list. You should select *two* public keys: one for the e-mail address you are sending the message to, and one for yourself. This will encrypt it so that only you and your intended recipient can read the message. (You want to select your own public key in addition to your recipient's so that you can read the saved copy at a later date if you want to; if you choose *only* your recipient's key, then not even you will be able to read the message.)
To select multiple addresses, hold down the <kbd>Ctrl</kbd> button as you click each one. Once you've selected the right public keys, mash <q>OK.</q>
Next, you'll be asked to select a private key to use in signing the message. This should be your own key. Highlight the key and mash <q>OK</q> again.
Then enter your passphrase if FireGPG asks for it.
If all goes as it should, your message should be encrypted so that only I can read it, and sent on to me; when I receive it, I should be able to decrypt it using my own private key, and thus verify that you've got a working GPG installation.
- If I receive your e-mail and I’m able to import your public key from a keyserver, I can then send you an encrypted message so that you can verify things on your end. If you get a GPG-encrypted message, what you’ll generally see is a bunch of alphanumeric gibberish encased in a distinctive block.
FireGPG should recognize an encrypted message and automatically give you the option to <q>Decrypt this message.</q> Click through (and enter your passphrase if requested) to view the original message.
- FireGPG offers a number of nice features for direct integration with Gmail, but you can also use it to encrypt, decrypt, sign, or verify text in any other webmail service or any other online form. For example, to sign and encrypt text outside of Gmail, ust select the text, right-click, and choose FireGPG –> Sign and encrypt from the pop-up menu.
FireGPG will ask you for the public key to encrypt with and the private key to sign with, as usual; when you’re done, the selected text should be replaced with an encrypted block that only your selected recipient(s) can read.
Before I go, I’d like to note a few things.
First, as with any computer how-to, your mileage may vary. In particular, as of press time, Gmail has recently introduced a new interface, and FireGPG seems to be doing an imperfect job of coping with it; if you have trouble using FireGPG under the new interface, try flipping over to the old interface (or vice versa), or restarting Firefox. If nothing works, contact me with as much information as possible about what you’re trying to do and what’s going wrong, and I’ll see what I can do to ferret out the problem or point you in the right direction.
Second, let’s be clear about what GPG will do for you and what it will not. GPG provides point-to-point encryption; it ensures that even if a snoop can intercept your e-mail en route, she or he can’t tell what’s in it. It does not conceal the fact that you’re writing to the person you’re writing to. It also does not conceal the fact that you’re writing something you chose to encrypt. If you’re worried about people snooping on what you say, you should keep in mind that they may be able to get a lot of information just by being able to identify who is talking to whom. (If y’all find this how-to helpful, let me know, and we can discuss some techniques for addressing these other issues.)
Finally, remember, no defense against snoops in the middle will do you any good if the intended recipient of the message chooses to turn the information over to a snoop. Technology can secure the line between so that you can say what you want to somebody that you trust, without the danger of a third party overhearing. But no technology substitutes for knowing who you can trust and what you can say to whom.
If you have any questions, contact me or drop me a line in the comments. Let me know how it works for you. Consider this my contribution, to the extent that it works out for you, to revolutionary agorist praxis. Enjoy your privacy!
Update 2008-10-29: Since this is written for Google, I’ve made some minor revisions for the purpose of clarity and informativeness.
Configuring GPG (Mac OS X) explains how to get GPG up and running on Mac OS X, and explains integration with several OS X mail readers. If you use web mail, then you can use these instructions to get GPG running, and then follow my instructions to set up Firefox with FireGPG, which should be more or less the same on Windows or on a Mac.
Beginners Guide for GnuPG in Ubuntu explains how to getGPG up and running under Ubuntu Linux (or any other flavor of Linux that supports
apt-get). Again, you can use these instructions to set up GPG and then follow my instructions to set up Firefox with FireGPG, which should be more or less the same on Windows or on Linux.
If you use a desktop e-mail reader rather than webmail, many popular programs have add-ons, plugins, or other ways to integrate GPG painlessly with the e-mail program. For example, I use Mozilla Thunderbird, and an excellent add-on called Enigmail. Similar tools exist for Microsoft Outlook and Outlook Express.