Simple email encryption with FireGPG
Simply put, cryptography1] is the process of hiding information. Though long the domain of computer scientists, mathematicians and secretive government agencies, this technology is now both fairly easy to use and ubiquitous.
This spread of encryption technology has not happened a moment too soon, as encryption2] is more important for the average person than ever before.
Every email you send or receive, every instant message, comes to and from your computer without any protection. Due to the decentralized nature of the Internet, all these personal communications pass through dozens of computers, in some cases spread out through several countries, in the milliseconds it takes for message to go from sender to receiver.
Many of these computers, particularly your email provider, are required by law to keep copies3] of all of your messages, for long periods of time.
Your private4]online conversations are not as private as you thought. When faced with the reality that their online communication are not very private, many people claim that they "have nothing to hide." According to Professor Solve5] of George Washington University Law School, "the problem with the nothing to hide argument is with it's underlying assumption that privacy is about hiding bad things." Have you ever had a very personal conversation with a close friend? Did you tape record that conversation and email it to everyone on your email address book? If not, then you probably have something to hide.
It is not that such things are bad, it is that they are private. Also, many people in the world live in countries that are not friendly to the idea of free speech6], countries that suppress political and religious ideas that go against the government sanctioned norm.
Many people in this situation try to get around government censorship and espionage by misspelling certain sensitive words or replacing them with "code words." Though such substitution is of limited usefulness in the case of automated censorship, it is of little use against actual espionage.
For all the various email privacy needs, there is a simple and easy to use solution known as the GNU Privacy Guard (GPG)7]. Though the type of cryptography used by GPG is so secure that many governments use it to secure top secret information, GPG by itself is not very user friendly.
This guide focuses on installing and using FireGPG to send and receive encrypted email messages, on Windows, OSX and Linux. Prerequisites GnuPG is very secure.
However, the best security can be undermined by users who make mistakes, and don't think their actions through clearly. It is not uncommon for people to use email encryption, only to have access of their private key stolen because they have a weak password.
Also, if your computer has already been compromised by an attacker (perhaps by a virus or other means), then it is trivial for that attacker to steal your private key and your passwords, making it easy to intercept all your private communications.
If you know how to browse the web and send email, this guide is for you. You do not need to be a computer geek, but you do need to be willing to think.
Nothing in this guide should be prohibitively difficult to understand, but you will need to learn a few new concepts. If you are willing to keep an open mind, then read on.
Two types of encryption Symmetric encryption Imagine you are trying to send a private message to a group of friend, but you do not trust the mailman. The solution is to find a way to hide the message in plain sight.
To do this you need three things: a message to send, a secret shared with your friends, and an agreed upon process for using the shared secret to hide the message in what looks like gibberish.
This is what is known of as symmetrickey cryptography_1], because there is only one key, aka secret, involved.
The process for combining the key with the message is known as a cryptographic algorithm ("algorithm" is simply a fancy way of saying "set of instructions"), sometimes called a cypher11]. Since cryptography is much easier to use than it once was, a user does not need to concern themselves with the intricate mathematical details of how the algorithm works.
Asymmetric encryption, aka public key encryption There is one simple problem with symmetric encryption: it does not scale well. This is not so much a problem with the technology as it is a problem with the people using the technology.
Everyone knows that a secret shared with two people is twice as difficult to keep secret as the same secret kept by only one person. Shared with three people it is three times as difficult, and with four people... you get the idea.
There is also the issue of how to safely share the secret with groups of people. Again the more people you add, the more difficult it becomes.
The answer to this problem is what is known as public key cryptography1]. With this kind of cryptography, the analogy of a key works less well than it did with symmetric encryption.