Image credits: Email Self Defense - the Free Software Foundation.
After the Snowden revelations in 2013, I began looking into improving the privacy of my email communications. Initially, I explored installing my own private email server (Tuts+). Ultimately, I learned that securing your email server is hard and it's critical, for now, to focus on per-message encryption.
This is the first tutorial of a series in which I'll be focusing on encrypting your email. In this tutorial, I'll introduce the general concepts of encryption and how they can be used to secure and verify our emails. In the second tutorial, I'll guide you through installing encryption software on your computer and getting started sending your first messages.
We'll also explore encrypting browser-based email and strengthening the "web of trust", and then we'll switch topics a bit to encrypting your Internet activities with the use of a VPN. Finally, as part of the series on managing your digital assets after your death, we'll use what we've learned to create a secure cache of important information for your descendants in case of emergency.
Getting Started With Encryption
In this series, I'll refer repeatedly to a great resource set up by the Electronic Frontier Foundation (EFF) called The Surveillance Self-Defense Guide. You may also want to read one of their explainers, An Introduction to Public Key Cryptography and PGP, which this particular tutorial parallels. I've tried to make this tutorial a bit simpler to read.
Frankly, the architecture of our global email system isn't built for privacy or authentication. In fact, I'd argue it's fundamentally broken in ways that we need to overhaul for the modern digital communications age. Until then, the best way to protect our privacy and authenticate our communications is Pretty Good Privacy, also known as PGP.
In this tutorial, I'm going to explain the basics of PGP and how you can use it to ensure the confidentiality of your communications in a surveillance society and also how to authenticate the identity of people you communicate with.
What Is Pretty Good Privacy (PGP)?
A System of Encryption With Paired Keys
PGP is a system of encryption that operates with a pair of keys that operate symmetrically. A pair of keys is referred to as a private key and a public key. People must keep their private key safe and secure at all times, not shared with anyone. However, they can share their public key on reputable public key exchanges and in person.
Typically, PGP users install some kind of commercial or open source encryption software compatible with the OpenPGP standard. GnuPG is a common implementation of OpenPGP. Some of the images I'm using in the tutorial are from the Free Software Foundation's GnuPG Email Self Defense infographic.
Sending an Encrypted Message
You can use your PGP software to send encrypted messages. Your software will encrypt the outbound message with your recipient's public key.
The message itself will bounce around the Internet as gibberish, indecipherable to anyone without the recipient's private key.
Any surveillance authority intercepting the message will be unable to decipher its contents.
When your recipient receives the message gibberish, they will use their PGP software with their private key and your public key to decrypt the message.
A Few Very Important Things
Protect Your Private Key With a Password
If you allow your private key to fall into the wrong hands, then other people will be able to impersonate you by sending encrypted messages on your behalf. They'll also be able to read confidential messages sent to you with encryption.
Your private key could be stolen without you realizing it. For example, if malware is placed on your computer, criminals or government spies could obtain it illicitly. You'd never know.
It's very important to protect your private key with an incredibly strong password. When Edward Snowden types in his password under a blanket in Citizenfour, he's protecting his private key password from possible video surveillance.
If your private key, perhaps stored on a laptop or thumb drive, is stolen, your password will slow perpetrators from accessing it. But ultimately, they will be able to access it.
Notify Others If Your Private Key Is Compromised
If you ever discover your private key has been compromised, you can notify others to preserve the web of trust, which we'll discuss further below.
PGP Doesn't Conceal Who You Know
PGP won't encrypt the subject line or To: address line of encrypted messages, sometimes called the message envelope. Therefore, PGP won't conceal who you know unless you have a way to exchange anonymous public keys with people using anonymous email addresses who only access their email using Tor to disguise their IP address.
What Is a Digital Signature?
Digital Signatures can authenticate that a message was sent by the person holding the sender's private key and verify that the message hasn't been tampered with.
Typically, this is done by generating a cryptographic hash of the original message and then encrypting the hash with the sender's private key (the reverse of what is done to encrypt the message body). This is called signing the message. The image below is from Wikipedia.
Even minute changes to the message radically alter the hash.
When the recipient receives the message, they decrypt the hash with the sender's public key and verify the result. If the hash is correct, it proves that the person holding the sender's private key sent the message. If the hash is incorrect, then the message has been tampered with—or it wasn't sent by the alleged sender.
Your ability to trust PGP relies on the trustworthiness of the public key you received from the sender. For example, if I emailed you my public key—and the NSA intercepted the message and replaced it with their public key—they could begin sending encrypted messages to you that you would believe are from me. Or, if you've been exchanging encrypted messages with your friend and their private key has been compromised, other people could be reading your private messages.
This could be very significant if you're a spy or an activist.
The trustworthiness of keys is known as the Web of Trust.
If you read about PGP, you'll see mentioned mythological "key parties" (probably organized by Jake Applebaum). You'll likely never be invited to one. (I've actually met Jake a couple of times but I'm not cool enough to be invited to his key parties.)
Most of us little people use key servers to exchange our keys. Users we trust may digitally sign the public keys of other people we wish to message, and this allows us to have some certainty of the validity of specific public keys.
Ultimately, the only way to be sure you have someone's actual public key is to exchange it with them in person.
However, there are some interesting new services that are trying to improve the web of trust, which I'll review in upcoming episodes.
I hope you're feeling inspired to secure your email. Coming up in the next tutorial, I'll guide you through installing encryption software on your computer, creating your first key pair, and getting started sending your first secure messages.