Simple email encryption with FireGPG
Make sure your key is selected in the key manager, then click Export to file. Give it a good name, like myname.asc, then save it to your desktop.
You can now put this on a USB stick to give to a friend, email it as an attachment, or any other method of sending a file to a friend. Importing and validating a public key Now lets say that Mr. Paranoid just exchanged public keys with you.
To be able to encrypt messages with his public key you must first import it. To do so, go into the key manager and click Import from file.
Find the key file in your file manager and click open. When you import a person's key, it is very important to determine your level of trust of that key, and there are a number of factors that go into this decision.
First, you need to decide if you actually trust this person (in the normal sense of the word). Second, it is helpful to know if the person safely manages his keys.
Secondly, if he is running Windows, does he have anti-virus software installed, and does he keep it up-to-date? Does this person run regular system updates and update the software on his machine? It is dangerous to send private message to someone who is lazy about protecting their private key.
Also, perhaps the most important part about establishing trust is verifying that the public key you have came from who it says it came from. If you do not do this, then anyone can email you a key saying they are someone you know, even if they are not.
This is what is known as a man-in-the-middle attack. The best way to establish this part of trust is to exchange the keys in person, face-to-face.
Every key has a unique ID, which you can view in the key manager. Once the keys are exchanged, read off one another's key IDs to verify that you have the right key.
Start a video conference, and read off the key IDs to one another just like you would if you were in person. Once you have determined the level of trust you are comfortable with, ether in person or via video chat, you need to assign this to the public key you imported.
Select the key in the key manager, then click Change trust. You will see a menu listing various statements describing various levels of trust, so click the statement you are most comfortable with.
Signing & verifying text Now that we have some keys exchanged, it is time to learn about signatures and encryption. Sometimes you may want to write text that anyone can read, but want a way to prove that you wrote it.
Right-click on the page, go to the FireGPG menu, and select Text editor. Type the message that you want to sign, then click Clearsign.
You'll be presented with a list of your private keys (which will only have one item if you've only generated one key pair). Click your private key and click Ok. Type your password when prompted, then press enter.
You will now have the signed text in the text editor, so you can click Copy to clipboard and close and then paste it in an email, web page or wherever you want to place signed text.
Verifying signatures with FireGPG is very easy. By default FireGPG will detect blocks of text in a web page (or web-based email account) that are signed.
It will also hide the signature data by default, and only display the signed text. Click Verify to see if the signature can be validated by a public key you have in your collection.
Also, if you want to see the full signed message, click Display original. Encrypting text with a public key When you are writing an email in a web-based email service, and you plan on encrypting that email, it is important that you use FireGPG's text editor.
This is because most web mail providers have an auto save feature, which saves your draft email to their server every few minutes. This means that the email provider has a copy of your unencrypted email.
Once you are done typing your email in the text editor, click Encrypt. First you will be asked to select the public key(s) to encrypt to (you can select more than one by holding down the 'ctrl' key while clicking). When you click Ok, you will next be asked for the private key you want to sign the message with.
If you do not want to sign the message, click cancel. If you do choose to sign the message, you will be asked for your private key's password.
Once the message is encrypted, you can click Copy to clipboard and close, and then paste it into the email you are going to send. Decrypting text Blocks of encrypted text in web pages are detected by FireGPG in exactly the way it detects signed text.
Click Decrypt, and then type your password when prompted. Once you hit enter, you will see the original message, plus an indication if the message was properly signed by the sender or not (if the sender signed the message). You can also click Display original to see the encrypted text.
References
- Cryptography (Wikipedia): http://en.wikipedia.org/wiki/Cryptography
- Encryption (Wikipedia): http://en.wikipedia.org/wiki/Encryption
- EFF.org Search Results, "data retention": http://www.eff.org/search?text=data+retention
- Privacy (EFF): http://www.eff.org/issues/privacy
- 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565
- Free Speech (EFF): http://www.eff.org/issues/free-speech
- GNU Privacy Guard: http://gnupg.org/
- FireGPG: http://getfiregpg.org
- Mozilla Firefox: http://mozilla.org
- The Comprehensive Guide To Safe Web Browsing: http://crashsystems.net/2008/10/safe-web-browsing/
- Cipher (Wikipedia): http://en.wikipedia.org/wiki/Cipher
- Index of ftp://mirror.cict.fr/gnupg/binary/: ftp://mirror.cict.fr/gnupg/binary/
- SourceForge.net, Mac GNU Privacy Guard v2.x Files: http://sourceforge.net/project/showfiles.php?groupid=248469&packageid=303406
- Ekiga ~ Free your speech: http://ekiga.org/
- Skype official website: http://skype.com/
Copyright The content of this guide is licensed under a Creative Commons Attribution Share Alike license.