Tuesday, February 23, 2010

Need privacy? Use Enigmail!

  • Do you want to send love letters that only your spouse should be able to read?
  • Do you want to make sure that emails you received are indeed sent by the person it is supposed to come from (and not some impersonator)?
  • Do you want to store confidential information at an untrusted location (on a network drive for example) without anyone else having access to that information?
  • Do you want to exchange sensitive information such as passwords, personally identifying information or proprietary secrets?
  • Do you want to limit the ability of hostile party to impersonate you electronically?
...then you need PGP (Pretty Good Privacy)!

First, a quick explanation of why PGP encryption is so interesting:

PGP, based on principles of public-key crytography, is a way to hide messages using a private (or secret) "key". The "hidden" (or encrypted) message can only be then returned to its original form using the public key. The reverse is also true: a message transformed by the public key can only be read by the private key.

That has all sorts of really interesting and sophisticated applications but two stand out:

First, you can digitally sign data by encrypting the result of a computation uniquely representing the data with your private key. Since only the public key can open that result, this can be used to prove that the data received matches the data sent.

Second is to create and send a message that can only be read by the person receiving it by using that recipient public key.

An email client to securely exchange email is a great start to add more privacy to your life. Best way to go about sending encrypted email is a combination of the following set of software, all OpenSource, free and cross-platform:
There are other tools, such as gpg4win, that will give you additional feature but they all use GnuPG.

BTW, on Windows installing gpg4win also installs GnuPG. The equivalent on Mac is MacPG. On Linux, these tools are generally all part of the distribution (look for Seahorse on Gnome for example).

Also note that Enigmail can be installed from inside Thunderbird by using Tools > Addons.

I'd also like to add that configuring Thunderbird 3 with Gmail is actually very easy; as soon as you enter your email as being @gmail.com, it sets the correct settings. In addition, everything is kept on the gmail IMAP server.

The Enigmail documentation is very good (better than what I wrote above!) and has an example that you can practice with.

Don't forget that when you send an email out you want to encrypt it with your recipient public key so that he can read the message.

When sending an email to someone that has a public key, make sure you've correctly imported the person's key here:

OpenPGP > Key Management > Display All Keys by Default

You can retrieve keys through the key servers:

OpenPGP > Key Management > Key server > Search for keys

However, make sure you exchange and verify the fingerprint for your keys through a secure channel to ensure you've got the correct key!

I would also recommend change the setting to use email addresses to decide intelligently which key to use (just make sure you verify that the key fingerprints you import indeed match the peer they are supposed to represent!)

OpenPGP > Preferences > Key selection > By email addresses

In Thunderbird, don't forget to save your drafts locally, and not on the server, otherwise there is a danger you would store your sensitive message as clear-text in the cloud:

Tools > Account Settings > Copies & Folders > Keep message drafts

I would also suggest disabling automatic decryption as you don't want to accidentally have someone see your encrypted emails over your shoulder:

OpenPGP > Automatically Decrypt/Verify messages

Use the menu option instead:

OpenPGP > Decrypt/Verify

A few things to remember:
  • be generous with your public key; you can and want to share it with everyone and distribute it through any public servers
  • be very protective of your private key: although this is itself encrypted with a key phrase, losing or exposing it to untrusted software should be prevented
  • don't lose it: your public/private key pair should become a way to enforce your identity
  • one weak point in all this is the software you use to manage and use your keys; be sure you trust the source and where you got it from!
Some settings that might satiate your extra paranoia:

Don't store emails locally where they are vulnerable to getting stolen:

File > Offline > Offline Settings > Message Synchronizing

Don't send emails with subjects:

OpenPGP > Preferences > Sending > Don't warn about subject line

Don't add more information on your setup than you should:

OpenPGP > Preferences > Advanced > Add Enigmail comment in OpenPGP signature

Use the Web of Trust (key signing parties!) by unchecking:

OpenPGP > Preferences > Sending > Always trust people's key



No comments: