• Privacy not Privatization - Using PGP to encrypt email

last modified September 22, 2012 by strypey

Danyl Strype provides a brief introduction to why encryption might be a useful tool for activists and some fairly simple, step-by-step instructions for sending encrypted email using open source software you can download for free.

[note: an evolving version of these instructions have been incorporated into Privacy Not Privatisation+

The best way to keep something private is not to communicate about it through email, or any digital media. The Waihopai station is keyword scanning all email that passes in and out of New Zealand, and if the spooks are taking an interest in you, any kind of encryption you use can be broken with a powerful enough computer and enough time.

However, if you want to keep things like admin passwords away from casual crackers, or keep some info private temporarily until it becomes public anyway, it might be useful to set up email encryption. One of the most common ways to do this is using PGP or Pretty Good Privacy:

http://en.wikipedia.org/wiki/Pretty_Good_Privacy


What is PGP encryption?

Encryption refers to any method of turning a message into gibberish, so that is can only be read by somebody who has the correct code to decrypt it. PGP uses public key cryptography, where people who want to exchange encrypted messages have both a public key, and a private key, which contains the code used to decrypt messages encrypted with the public key.

Imagine that a person's public key is a lock box that only their private key can unlock. If I want to send you an encrypted message, I put it in your lock box and send it to you. Other people may be able to get their hands on the box, but they can't open it unless they have your private key.

So how can you use PGP? First, you will need a few software tools. Then you'll meed to create your key pair, and learn about acquiring public keys and applying encryption to your message. I recommend finding an encryption buddy to learn about PGP with. If you both follow these instructions, you can help each other if you get stuck, and you have someone to exchange encypted emails with and see if it works.

 

Step 1) Install software

I havn't yet discovered a way to use PGP with webmail, so this method uses a desktop email program called Mozilla Thunderbird, a cousin of Firefox, which is available free for Linux, Mac, Windoze etc although these instructions are orientated towards Windoze users. Download it and install it from here:

http://getthunderbird.com

You will also need to install PGP software. I recommend installing the latest version of GNUPG:

http://www.gnupg.org/

Finally, you will need to install the Enigmail add-on for Thunderbird

https://addons.mozilla.org/en-US/thunderbird/addon/71

If you are using Windoze, always restart your computer after installing new software or it may get unhappy and crash on you.

If you get stuck getting GNUPG or Enigmail installed, this FAQ may help:

http://enigmail.mozdev.org/documentation/gpgsetup.php


Step 2) Create your encryption keys

Open thunderbird.

Click on "OPenPGP" from the top menu.

Then click "Key Management" from the drop down menu.

lick "Generate > New Key Pair"

(Leave the defaults in place just choose a thunderbird account to

associate with the key and choose a passphrase)

More help on key management can be found here:

http://enigmail.mozdev.org/documentation/keyman.php


Step 3) Obtaining public keys

For your buddy to send you an encrypted email, they first need to acquire your public key. There are two ways to do this:

a) email it to them. Start a new message by clicking the 'write' button. Then, go to OpenPGP > Attach My Public Key. Write your email and send.

b) You can upload your public key to a keyserver. Go to OpenPGP > Key Management. Then, go to Keyserver > Upload Public Keys.

To acquire your key, your buddy will need to open Thunderbird and go to OpenPGP > Key Management. Then, go to Keyserver > Search for Keys. They enter your email address where it says 'search for key', select one of the keyservers you uploaded to, and click ok. When it finds your key, they tick the box and click 'ok.

Obviously you will follow the same process with roles reversed to obtain your buddy's public key.

 

Step 4) Send an encrypted email

Click on the 'write' button.

Write out your email as normal.

Before you click 'send', click the two buttons at the bottom right of the screen. The one with the pen digitally signs your email. The one with the key encypts it.

Happy encrypting!

Originally published on Aotearoa.Indymedia.org (July, 2008

(CC-BY-SA)

Back to Published Writing