Hack 57. Encrypt Your Email

Because you have a right to privacy.

We all seem to take email for granted these days. Although we are using it for more and more things, we rarely stop to think about its security, and regularly include telephone numbers, home addresses, and even credit card details inside email without a second thought. So, it's worth reminding ourselves that email is sent in plain text and that anyone between you and the recipient can read this directly off the network very easily.

Two main methods are available for encrypting your email. One uses certificates and the other uses Pretty Good Privacy (PGP) or GNU Privacy Guard (GPG). This hack is about the latter. It assumes you are using a graphical mail client, such as Thunderbird, Mozilla Mail, or Evolution, but the concepts apply equally to text-based email clients that support encryption, such as Mutt.

GPG uses public/private key technology to secure communications. This dual-key approach could use a quick explanation. You might want to read this bit through a couple of times if public/private key technology is new to you.

One of the first things you will do is generate a keypair that is unique to yourself. As the name suggests, two keys will be generated. One (the public one) will be distributed to all your friends, and the other (the private one) you must keep safe. Anything that is encrypted with your public key (the one you distribute) can be decrypted only by your private key (the one you have for safekeeping).

Here's how the system works. When someone sends you an email message, she encrypts it with your public key. When you receive the message, you decrypt it with your private key. If anyone along the way intercepts the encrypted email, they won't be able to read it, because they don't have your private key. Likewise, when you send email to your friends, you should encrypt the message with their public key. This is why it is important that you share your public key with as many people as possible so that they can send you encrypted email. You can also upload your public key to a key server. These servers host public keys and give them to users who request them so that they can send you a message.

In case you are wondering, by the way, the public and private keys are mathematically related, but having one doesn't mean you can reverse-engineer it to become the other. This fact is mathematically proven and is the heart of any public/private key system. You can, and should, give everyone your public key and even put it on a public key server. The only thing people can do with this key is encrypt stuff for you. So long as you keep your private key secret, you will be secure.

8.4.1. What You Need

Email clients require the first of the following two items to encrypt email; Thunderbird also requires the second item.

GPG: The GNU Privacy Guard, which performs the encryption/signing of your messages. It is available at http://www.gnupg.org/download/.
Enigmail: A nice plug-in for Mozilla-based mail clients such as Thunderbird. It is available at http://enigmail.mozdev.org/download.html.

8.4.2. Creating Your Keypair

As I stated earlier, most distributions come complete with GPG these days, so your first step is probably to create a keypair for each email account that you want to use. The process is quite straightforward, and although the Enigmail plug-in can do some of this for you, I think it's prudent to be able to configure GPG from the console.

To begin, you need to run the gpg command with the --gen-key switch to generate a key:

foo@bar:~$ gpg --gen-key
Please select what kind of key you want:
   (1) DSA and ElGamal (default)
   (2) DSA (sign only)
   (4) RSA (sign only)

You are asked which type of key you want to generate. The default is DSA and ElGamal, and that is a good choice as the other two options allow for only signing, not encrypting and signing.

DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
              minimum keysize is  768 bits
              default keysize is 1024 bits
    highest suggested keysize is 2048 bits
What keysize do you want? (1024)

Next, you are asked what size you want the keys to be. Your answer really depends on your level of paranoia. The default of 1024 is fine, but it doesn't hurt to use 2048.

Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)

Now you are asked how long you want this key to be valid. Here I suggest you don't accept the default (which is that it doesn't expire). It is best practice to change keys occasionally, so I suggest you choose either one or two years. To do this you simply type:

Key is valid for? (0) 2y

This sets the key lifetime to two years. After two years you will need to generate a new set of keys.

You need a User-ID to identify your key; the software constructs the user id
from Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Joe Blogs
Email address: joe.blogs@foobar.com
Comment: 
optional comment

Once you have confirmed the key lifetime you are asked for your name and email address. Note that the output of the program is somewhat confusing here. It states that you need to enter the information in a specific way, all on one line. This is not true; you need to enter this information on three separate lines, and press Enter after you enter each value. The comment field is optional.

You selected this USER-ID:
    "Joe Blogs <joe.blogs@foobar.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?

Here you are asked if you want to edit any of the fields, or type O to continue or Q to quit.

Enter passphrase:
Repeat your passphrase:

Finally, you are asked to type in a passphrase to protect your secret key. The thing to remember here is that it is a passphrase, not a password. A passphrase typically consists of a sentence such as "I love eating cheese," and the longer the passphrase, the better. When you have added it, you are asked to confirm it by typing it twice. Then your keys are created and saved in your GPG keyrings that are located in .gnupg in your home directory. You have two keyrings, because one contains only other people's public keys and one contains only your private key. It's a good idea to back up your secret keyring (.gnupg/secring.gpg) to a safe place because if you lose your private key, you can't re-create it and you will not be able to access encrypted messages that have been sent to you.

It's critical that you choose a very strong passphrase: using a key with a high level of encryption with a short passphrase is like building a bank vault but securing the door with only a piece of string. If your passphrase is weak, you leave your private key vulnerable to brute-force dictionary attacks if it ever falls into the wrong hands.

8.4.3. Publish Your Key to a Server

Now that you have your key, it's a good idea to send it to a public key server. A key server is a public resource that will provide a means for you to distribute your public key to those who need it to encrypt email to you. It is also a place where you can download their public keys, should you need to encrypt email to them. You have to upload it to only one key server, because the key servers replicate with each other. Here is the command to upload your key:

 foo@bar:~$ gpg --keyserver wwwkeys.pgp.net --send-key joe.blogs@foobar.com

To save some typing, store values for options such as the key server name in ~/.gnupg/options.

Enigmail supports a number of key servers by default:

8.4.4. Installing Enigmail in Thunderbird

Download copies of the Enigmail and Enigmime modules, for your version of Thunderbird, from http://enigmail.mozdev.org/download.html. Enigmail handles the basic encryption and decryption while the Enigmime enables PGP/MIME-formatted email. (Later versions of the Enigmail plug-in for Thunderbird move all this into one module.)

From within Thunderbird, select ToolsExtensions and click Install. Now browse to the Enigmail and Enigmime modules and select them.

You need to close and reopen Thunderbird before Enigmail will work.

8.4.5. Configuring Enigmail

Now that you have Enigmail installed, you just need to configure it. Inside Thunderbird, select ToolsAccount Settings and then select OpenPGP Security under each account for which you have a key. Then check "Enable OpenPGP support (Enigmail) for this identity." You don't need to change anything else (unless you want to); the defaults are fine.

Now you can sign your own emails, which is how you can start distributing your public key to people you correspond with.

To send an encrypted email to someone, that person will need to have her own keypair, and you will need a copy of her public key. You can ask her to either put it on a key server or send you a signed email (which includes her public key).

To receive encrypted email, people will need your public key firstagain, they can get this off the key server or you can sign an email to them.

8.4.6. Configuring Evolution

Evolution has support for GPG built in: once you install GPG and have created a key for yourself, you can select ToolsAccountsYour default accountSecurity, where you will see options that allow you to tell Evolution to do things, such as always sign messages by default.

You will also see a field where you can enter your PGP/GPG key ID. Type in the email address associated with your key so that Evolution knows which key to use.

8.4.7. Keysignings

You can do many more interesting things with GPG, such as determine if a person you never met is really who she says she is. To learn more about keysignings and other GPG-related events, browse to http://www.keysigning.org.

Adrian Bradshaw