How to: Keep your e-correspondence private


----------------

By Mackenzie Morgan
Contributing Writer, [GAS]

We’re all a security-conscious bunch of folks, right? How much attention do you pay to your email account? You probably don’t give the password out to random strangers on the internet, I hope, but that’s not the only way someone could be snooping on or tampering with your email. In the Middle Ages, it was customary to seal an envelope with your personal seal stamped into hot wax. If that seal was broken or didn’t properly match your seal, the recipient knew there was a chance someone had read, tampered with it, or even forged it. The reality is that even if you never give out your password to anyone, your email is still being transmitted across a bunch of servers to reach its destination. The admins of any of those servers could potentially do something nasty to your email. You want to protect yourself, right?

I almost always get asked about the odd line of numbers and letters at the bottom of my card. The odd line is the fingerprint for my GPG public key. GNU Privacy Guard, or GPG for short, is an implementation of the OpenPGP Standard. PGP stands for “Pretty Good Privacy.” It uses public and private keys to maintain privacy. There’s some ridiculously complex math behind it that has something to do with really big prime numbers, but I will avoid that topic. The way it works, at a high level, is that each person has a public key and a private key. They distribute their public key to anyone who asks. Most people who use it just upload their public key to a keyserver from which anyone can download it. Mine is on three. The private key is, well, private. There is, of course, a second level of authentication involved. The private key is something you have. There is also a passphrase, something you know. A private key can only be used with a passphrase.

There are two options for how you want to secure something. You can either encrypt the message, or you can sign it. You could also do both. I sign all of my emails. At the end of the email, there is a crazy chunk of text, like this:

--=-Fl7DMsJyODjAF/ae737Q
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBIApy3ojm3DbyNMmkRArwCAKCwyKJI0c6oic50RQ8isnnCO2brfgCg5abI
16Jr6yVuswz1aIHfPavZ1Xo=
=Xhph
-----END PGP SIGNATURE-----

--=-Fl7DMsJyODjAF/ae737Q--

That’s the signature. It looks like a jumble, right? Well, if you save the message and run it through GPG, it can verify whether or not the signature is valid. The signature is an encrypted hash of the message made using your private key. Any holder of the public key can verify that the hash and the signature match. It guarantees to the message recipient that there have been no alterations made to your message. This is the least-obstructive and probably most common way your average GPG-user uses it. It does not require that the recipient know about GPG, but if they do use it, it can give them some piece of mind.

Full message encryption doesn’t really work for normal use unless everyone you communicate with has a public key. It does provide considerably more privacy since your message will be unreadable to everyone except the intended recipient. The message is encrypted using their public key, and when they receive it, they decrypt it using their private key and passphrase. Nobody can snoop, great! There is an upside and a downside to this, though. They both are that there is no proof whatsoever that the message came from you. If you want plausible deniability (“someone must’ve spoofed my return address!”), this is great. If you want the recipient to really be sure it wasn’t forged, sign it as well.

Of course, being able to prove without a doubt who said what to whom could be problematic for certain types of people in certain lines of business. For those people, just plain encryption is probably the best way to go. If it’s not signed, well, as I said, they have plausible deniability. If it’s encrypted and they just happen to forget their passphrase or accidentally delete their private key, um, oops? The encrypted message is now unrecoverable, kind of like those self-destructing messages spies always get in movies.

The simplest way to add privacy to your email is through a mail client, and I don’t mean mutt. If you use mutt, I’m pretty sure you have to stick to CLI GPG. For Thunderbird users, there is the Enigmail addon, named after the Enigma encryption scheme used in WWII. Evolution and Kontact/KMail have GPG support built in. For Outlook users, GData makes a plugin. I know the site’s in German, but there is an English version of the plugin. Users of Apple’s Mail can turn to GPGMail. Finally, if you use Webmail and Firefox, there is FireGPG, which I would not trust for encryption with GMail because GMail sends unencrypted drafts to the server every few minutes. GMail messages are best encrypted outside the browser and then copied and pasted.

In case you’re wondering what’s to keep some jerk from making a fake key, the answer is the web of trust. The way it works is that you show someone else your fingerprint and your ID to demonstrate that it’s yours. They then use their key to sign your key, showing that they have verified it. If you take a look at my key’s entry on the keyserver, you will see that there are the names of 4 different individuals other than myself on that page. They all verified that the key does belong to me and signed it. You can also see that I have multiple email addresses listed on there so that when I send an email from one of those addresses, the mail client can also verify that it came from an approved email address. Getting too many signatures isn’t such a good thing though. Eventually those signatures just make the key huge. Three is a good number. Each person who signed my key has had theirs signed by someone else, and they’ve had their signed, and so on and so forth until it’s just one big web of people establishing trust for each other.





24 Responses to How to: Keep your e-correspondence private

  1. Hmmmm, or you could use a personal email certificate… what would be the difference between your solution and a certificate coming from a trusted authority?

    • First off, the above method is free (as in free beer, and free speech.) The technology is essentially the same. So you aren't losing any functionality, nor does one have an advantage over the other.

      However if you are willing to pay the price, it will be easier for you to implement. However you will be getting your "private" key from an out side source. With the above method, the OpenPGP Standard allows for totally in house creation of your "private" key. And if you want to go the extra mile you could encrypt your own hard drive, protecting the data stored on it to include your stored "private" key.

      But, it all boils down to how far are you willing to go to truly protect your data, how much are you willing to spend, and how trusted it the source?

      • 'However you will be getting your "private" key from an out side source.'

        No, this is not how public key certificates work. You present them with your public key and proof-of-possession of the private part of the key (i.e., by signing a challenge message). If they can verify the message successfully using your public key, they will in turn sign your public key.

        • Then it's the same basic idea except you need to find a certificate authority, and I think a lot of them charge money (probably some free ones though). GPG is just a more decentralized approach.

  2. Hmmmm, or you could use a personal email certificate… what would be the difference between your solution and a certificate coming from a trusted authority?

    • First off, the above method is free (as in free beer, and free speech.) The technology is essentially the same. So you aren’t losing any functionality, nor does one have an advantage over the other.

      However if you are willing to pay the price, it will be easier for you to implement. However you will be getting your “private” key from an out side source. With the above method, the OpenPGP Standard allows for totally in house creation of your “private” key. And if you want to go the extra mile you could encrypt your own hard drive, protecting the data stored on it to include your stored “private” key.

      But, it all boils down to how far are you willing to go to truly protect your data, how much are you willing to spend, and how trusted it the source?

      • ‘However you will be getting your “private” key from an out side source.’

        No, this is not how public key certificates work. You present them with your public key and proof-of-possession of the private part of the key (i.e., by signing a challenge message). If they can verify the message successfully using your public key, they will in turn sign your public key.

        • Then it’s the same basic idea except you need to find a certificate authority, and I think a lot of them charge money (probably some free ones though). GPG is just a more decentralized approach.

    • Really? I honestly didn't look into mutt because I figure if you use mutt, you're already a command line nut anyway. Web browsers and mail clients are the two things where I really prefer GUI over CLI.

    • Really? I honestly didn’t look into mutt because I figure if you use mutt, you’re already a command line nut anyway. Web browsers and mail clients are the two things where I really prefer GUI over CLI.

  3. I used to use PGP all the time but stopped mostly because everyone I email 1) doesn't use it and 2) was freaked by all the random text at the bottom of the e-mail.

    Other than proving an e-mail came from me, is there really any other good reason to use PGP?

    -Adam

  4. I used to use PGP all the time but stopped mostly because everyone I email 1) doesn’t use it and 2) was freaked by all the random text at the bottom of the e-mail.

    Other than proving an e-mail came from me, is there really any other good reason to use PGP?

    -Adam

  5. The "truly paranoid" will go beyond encrypting their messages with PGP. They will also ensure that their mail client communicates with their mail server over an encrypted link, usually TLS, to be sure a listener cannot see the mail headers. They will also ensure they are using a secure email service such as Sub Rosa from novo-ordo.com so their email cannot be stolen by hacking into the server (another layer of encryption there) or subpoenaed by the US government (hosted outside their jurisdiction).

  6. The “truly paranoid” will go beyond encrypting their messages with PGP. They will also ensure that their mail client communicates with their mail server over an encrypted link, usually TLS, to be sure a listener cannot see the mail headers. They will also ensure they are using a secure email service such as Sub Rosa from novo-ordo.com so their email cannot be stolen by hacking into the server (another layer of encryption there) or subpoenaed by the US government (hosted outside their jurisdiction).

  7. Both mutt and pine (and others I'm sure) make it fairly easy. Pine often comes with a bash script or three to do the dirty work:

    <code>

    /usr/bin/pinegpg-install

    /usr/bin/pinegpg -> /usr/bin/pinepgpgpg-install

    </code>

    The first alters your ~/.pinerc file adding in the necessary magic. I'm not even certain that the second one is still used…

    For Mutt, on one of my older systems I had to add:

    <code>

    # Import GNU Privacy Guard/Pretty Good Privacy (GPG/PGP) handlers

    source /usr/share/doc/mutt-1.4.1/gpg.rc

    </code>

    to ~/.muttrc. (Ubuntu places gpg.rc in /etc/Muttrc.d/ which leads me to suspect that perhaps it's included automatically. I've never used it from that system.)

  8. Both mutt and pine (and others I’m sure) make it fairly easy. Pine often comes with a bash script or three to do the dirty work:


    /usr/bin/pinegpg-install
    /usr/bin/pinegpg -> /usr/bin/pinepgpgpg-install

    The first alters your ~/.pinerc file adding in the necessary magic. I’m not even certain that the second one is still used…

    For Mutt, on one of my older systems I had to add:


    # Import GNU Privacy Guard/Pretty Good Privacy (GPG/PGP) handlers
    source /usr/share/doc/mutt-1.4.1/gpg.rc

    to ~/.muttrc. (Ubuntu places gpg.rc in /etc/Muttrc.d/ which leads me to suspect that perhaps it’s included automatically. I’ve never used it from that system.)