Encrypting your Email Communications using PGP
If you are watching this tutorial as part of the conference materials, the software is on a separate CD. Alternately, you can obtain the software at the following URLs: www.gpgtools.org (Mac) www.gpg4win.org (Windows) www.gpg4o.de (Outlook 2010 plug-in)
How do I protect Financial Assets?? Safe Tax Strategy Stable Institutions Strong PIN Gold Off Shore Due Diligence Trust Diversification Entities Insurance
How do I protect Physical Assets?? Guard Dog Safe Neighborhood Firearms Alarm System Situational Awareness Medical Checkup Eat Well Martial Arts Exercise Lifestyle
How do I protect Digital Assets?? One Time Password Linux PGP Tor Anti-Virus Firewall Mac Versus PC Safe Email Provider Technical Expertise Off The Record Chat Jitsi HTTPS Proxy Service Secure Cloud Storage Strong Password TrueCrypt
Answer Any and all of the above There are many technologies, techniques and tools. Each is intended to address a different problem.
Today We will address the challenge of communicating privately via email using Public Key Encryption. If you grasp the concept of how Public Key Encryption works, developing additional security practices become much simpler. Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. - Edward Snowden
Agenda VERY BRIEF primer on encryption as it applies to email Configure your laptop and email software to send and receive encrypted email Windows Mac Outlook (2010) Apple Mail
Three Data Security Objectives Confidentiality Preventing unwanted disclosure of information Integrity Ensuring that content as well as identity can be trusted. Availability Ensuring that data and systems are available when expected.
What is encryption? Encryption is the process of encoding information so that only authorized parties can read it.
Two Kinds of Encryption Shared Secret / Symmetric Key Both the sender and the receiver use the same encryption key. Works very well, but it requires the sender and receiver to be able securely share the key ahead of time. That is a problem in the world of email. Public Key / Private Key A different key is used to decode than to encode a message. (Wait... I ll explain). This is what is used to encrypt email. The enabling technology is commonly known as PGP or GPG
Public Key Encryption During setup, two keys are generated, a public key and a private key. The keys are mathematically related, but one cannot be used to derive the other. What is encrypted with one key can be decrypted with the other. What is encrypted with one key CANNOT be decrypted by itself. The public key is distributed far and wide to any and all. The private key is a closely guarded secret. Public Keys are used to encrypt. Private Keys are used to decrypt So here is how it works...
How to encrypt email Make sure your recipient has PGP / GPG... and knows how to use it! Make sure you have the recipient s public key. Type your message in your mail program and click encrypt. Select the recipients Public Key to use for encryption and click Send
What is Signing? Signing is the act of digitally certifying that an email you have sent did in fact come from you. It is comparable to the use of a signet and a seal. Assume you have my pubic key and that you know it belongs to me Assume that you know with a high degree of confidence that I have closely guarded my private key I can fingerprint my message with my private key. Using my public key in your possession, you can verify the fingerprint. Since the fingerprint is unique to my private key, you know the message came from me
Installation and Configuration
Install GPG Mac Run GPG Suite from directory Accept all default settings and install Close to finish installation In Spotlight type and run GPG Keychain Access PC Run gpg4win on thumb drive Under Choose Components, check all except GpgOL Claws-Mail Complete Installation (May require reboot) Under Programs, confirm new folder Ggp4Win and launch program Kleopatra Next - Create Keys...
Create Encryption Keys Mac Launch GPG Keychain Access Click New Enter name and email address. Open Advanced Options in the Comment field, enter private or work Set Expiration if desired. Leave other default settings. Click Generate Key Enter passphrase and repeat. DO NOT FORGET. (I recommend a sentence). Click Finish PC In Kleopatra click File New Certificate Select Create a personal OpenPGP key pair Enter name and email address. Under Comment, enter private or work Click Advanced Settings. Review and change as necessary (expiration date). Click Next and Create Key. Enter passphrase and repeat. DO NOT FORGET. (I recommend a sentence). Click Finish Next - Configure Email...
Configure Email Outlook Install Outlook GPG Plug-in - gpg40_setup.exe Accept default settings (Note This is trial software) Thunderbird Install Thunderbird plug-in nameed Enigmail by clicking Tools Add-ons and search for add-in Enigmail Apple Mail No configuration necessary Next - Distribute Public Keys
Distribute Public Keys Mac Open GPG Keychain Access Right-click your key and hit Export CLEAR THE BOX THAT SAYS Allow Secret Key Export (IMPORTANT) PC Open Kleopatra Select your certificate and click Export Certificates Save the file to your desktop and email as an attachment to: caseyconference.2013@gmail.com Save the file to your desktop and email as an attachment to: caseyconference.2013@gmail.com You will receive an automatic response from caseyconference.2013@gmail.com with our Public Key attached. Save that file to your desktop immediately.
Import Public Keys Remember: You need my public key to send me an encrypted email. My public key (that you received from my automatic response) is my lock that I send you. I have the key to unlock it. You need to put my public key in your keychain Mac Open GPG Keychain Access Click Import and select the file saved on your desktop named caseyconfpublickey Click Open PC Open Kleopatra Click Import Certificates and select the file saved on your desktop named caseyconfpublickey Click Open
Finally - Time to Encrypt Stuff Mac Apple Mail Launch Apple Mail Click Compose New Message compose a test email to caseyconference. 2013@gmail.com Click the lock icon to make sure it is locked. Make sure there is a checkmark in the seal icon. Click Send. Enter your PGP pass phrase from earlier. PC Outlook Launch Outlook. If asked for gpg4o settings, accept default. compose a test email to caseyconference. 2013@gmail.com Ensure there is a checkbox in both Encrypt and Sign. Click Send. Enter your PGP pass phrase from earlier We will respond with an encrypted and signed email from caseyconference.2013@gmail.com
Review and Notes You encrypt a message with another party s public key You decrypt a message with your own private key You sign a message with your own private key You verify a signature with another party s public key Does the whole email get encrypted? NO What if I want to encrypt to many recipients? How about GMail via a browser? What if I lose my key or my computer crashes? ipad / iphone: opengp and ipgmail