• UsingPGP

last modified December 19, 2018 by strypey

Back to... Privacy Not Privatization

Using PGP to encrypt email

(First published on Aotearoa IMC - link broken due to older articles being dumped on an unsearchable static site)

Danyl Strype provides a brief introduction to why encryption might be a useful tool for activists and some fairly simple, step-by-step instructions for sending encrypted email using open source software you can download for free.

The best way to keep something private is not to communicate about it through email, or any digital media. The Waihopai station (part of the Five Eyes government surveillance network) is keyword scanning all email that passes in and out of New Zealand, and if the spooks are taking an interest in you, any kind of encryption you use can be broken with a powerful enough computer and enough time.

However, if you want to keep things like admin passwords away from casual crackers, or keep some info private temporarily until it becomes public anyway, it might be useful to set up email encryption. One of the most common ways to do this is using PGP or Pretty Good Privacy.

What is PGP encryption?

Encryption refers to any method of turning a message into gibberish, so that it can only be read by somebody who has the correct code to decrypt it. PGP uses public key cryptography, where people who want to exchange encrypted messages have both a public key, and a private key, which contains the code used to decrypt messages encrypted with the public key.

Imagine that a person's public key is a lock box that only their private key can unlock. If I want to send you an encrypted message, I put it in your lock box and send it to you. Other people may be able to get their hands on the box, but they can't open it unless they have your private key.

So how can you use PGP? First, you will need a few software tools. Then you'll need to create your key pair, and learn about acquiring public keys and applying encryption to your message. I recommend finding an encryption buddy to learn about PGP with. If you both follow these instructions, you can help each other if you get stuck, and you have someone to exchange encypted emails with and see if it works.

Step 1) Install software

I haven't yet discovered a way to use PGP with webmail, so this method uses a desktop email program called Mozilla Thunderbird (a cousin of Mozilla Firefox) which is available free for GNU/Linux, Mac, Windows etc. Although these instructions are orientated towards Windows users, because more people still have computers (not counting "smartphones") running it, I strongly recommend that activists replace Windows with GNU/Linux. There are well known "back doors" in Windows security that might allow third parties to read your email before its encrypted, or after its decrypted. GNU/Linux users can look up the GnuPG documentation on Ubuntu Help.

  • Download it and install Thunderbird here.
  • You will also need to install PGP software. I suggest installing the latest version of GnuPG.
  • Finally, you will need to install the Enigmail add-on for Thunderbird.
  • If you are using Windows, it's usually a good idea to restart your computer after installing new software, or it may get unhappy and crash on you.

If you get stuck getting GNUPG or Enigmail installed, this FAQ may help:

Step 2) Create your encryption keys 

  • Open Thunderbird. 
  • Click on "OpenPGP" from the top menu. 
  • Then click "Key Management" from the drop down menu. 
  • click "Generate > New Key Pair" (Leave the defaults in place just choose a Thunderbird account to associate with the key and choose a passphrase) 
More help on key management can be found in the Enigmail User Manual

Step 3) Obtaining public keys

For your buddy to send you an encrypted email, they first need to acquire your public key. There are two ways to do this:

a) email it to them. Start a new message by clicking the 'write' button. Then, go to OpenPGP > Attach My Public Key. Write your email and send.

b) You can upload your public key to a keyserver. Go to OpenPGP > Key Management. Then, go to Keyserver > Upload Public Keys.

To acquire your key, your buddy will need to open Thunderbird and go to OpenPGP > Key Management. Then, go to Keyserver > Search for Keys. They enter your email address where it says 'search for key', select one of the keyservers you uploaded to, and click ok. When it finds your key, they tick the box and click 'ok'.

Obviously you will follow the same process with roles reversed to obtain your buddy's public key.

Step 4) Send an encrypted email

  • Click on the 'write' button.
  • Write out your email as normal.
  • Before you click 'send', click the two buttons at the bottom right of the screen. The one with the pen digitally signs your email. The one with the key encypts it. 

Happy encrypting!

Back to... Privacy Not Privatization