this screencast will explain in verybasic terms how to send and receive encrypted email. please beadvised that while not all of the informationpresented here is fact, or even accurate, there's truth in it, and hopefully,understanding. so without further ado, meet ron and jill. ron and jill are tragic lovers whose familiescan't stand each other. every time they write love notes to oneanother, a meddling, paranoid family member intercepts the letter, and fierce battles are inevitably fought, and it gets old.well, you get the idea.
ron and jill need a way to send each other theirlove notes without being read by anyone else. then one evening in a game of poker, the apothecary runs out of money.so he gives a strong box to ron, to cover his losses. this strongbox is just what ron needs to send love notes to jill. so ron gives jill the box, leaving it open for her to fill.this box is his "public key". and ron keeps the "private key" for himself. and that's pretty much how e-mailencryption works.
when you get someone's public key, you gain the ability to send messages that only they can open. then jill writes a love letter and seals it inside ron's public key strongbox. having received the strongbox without incident, ron opens it and retrieves the letter.jill is so excited about the success of their transmission that she decides to get her own strong box to give ron, so theprocess can be repeated in reverse. so now ron and jill can send nasty letters back and forthwithout anyone else reading them. you see how this works, right?
back in 1991, phil zimmerman made thesource code for his encryption software freely availablethe software was named pretty good privacy, or pgp. it quickly became the global standard for e-mail encryption. once the united states government decided not to prosecute phil for exporting encryption technology, he founded a company, that company was bought and sold, and pgp became commercialized.what we will be installing is gnu privacy guard, or gpg, a free, public-licensed encryption suite
that is fully compatible with pgp. you learn how to use gpg to generatea public and private key pair, and import the public keys you receive fromothers. step 1, obviously, is to download andinstall gpg. so, go to the gpg4win website, and click download gpg4win. click download -- whatever's the newestversion... and when it finishes saving, we will double-click the installer.
and english, i guess. next.yes, we agree. of course this gnupg component is not optional. it's the main component of gpg4win so you have to leave this checked. kleopatra is basically a keyring. it lets yougenerate your public and private key pair, and also letsyou manage the public keys that other people send to you.so you need this. and the gnu privacy assistant
sounds like something you don't need. gpgol is a plugin for microsoft office outlook. however, there have been reports thatthis particular plugin causes some instability in windows 8 and in other certain circumstances. so instead of using this particularplug-in, we'll be using a different plugin for outlook. so we'll uncheck this. the shell extension lets you rightclick on files and choose
encrypt or decrypt.it's very handy for sending encrypted attachments in emails. so we'll leave that.claws mail is an email client that i don't have, so i'll leave this un-checked.and this is just documentation. so next, yes, i'm ok with where it's installed. that's fine.and when it's completed, we'll just click next.i don't need to see that. hit finish.and in your start menu
you will see kleopatra.before you can decrypt or encrypt anything you haveto generate keys for yourself. the way you do that is within kleopatrayou go to the file menu and go to new certificate.you're presented with two options here. the second option requires a subscription to a certificate service such as geotrust, or similar. the first option basically allows youto create your own trust network among your peers, letting you self-sign your certificate,and certify
each other's keys. so we'll go with the free option here.these first two fields are required,and the third field is optional. so we'll just skip that, and click next and create key. now, if you are obsessive-compulsive and you wantto generate some more randomness, you can drag this window around and enter some garbage in this window here before you enteryour passphrase. but it's all optional.(the passphrase is not, though. you have to have that.)okay.
the key pair has been generated.now, at some point in the future, you will probably have to reinstallwindows, or you might get a new computer at some point,so you need to keep a copy of this key pair that you just created. so we'll make a backup and just for now we'll store it on the desktop. it's done! and we can put it on a flash drive, and stick it in a drawer, or whatever you feelis appropriate.
second thing we ought to do is export the public key to allow other people to send us encrypted e-mails.the way you do that is you just highlight this certificate that you made, and export certificates.now bear in mind this will only export the public version of the key.basically your strong box. this file name here is
the fingerprint for the key.it's kind of complicated. but it's handy to provide to yourrecipients even though the file name is very long.i think i'll just cut this to the clipboard and replace it with my email address and there it's been exported.if i want to send this to someone, i just open a new message and send it to someone. public key...fingerprint...
what we just cut to the clipboard [stammering]... and don't forget to attach it we'll send it and import it later. so here is the email that i sent myself, anddown here you see i've got it attached. i went ahead and downloaded thatattachment, saved it, and here it is.now i'll show you how to import that into kleopatra.basically all you have to do is drag the file and drop it onto kleopatra, and then click importcertificates.
... and one imported. before we can do anything with this,there are two things we need to do to it. number one: we have to certify it.number two: we have to trust it. so if you look in trusted certificates here, you'll see that key (that i just imported fromthe oithelp e-mail) does not exist here. it's sitting here in imported certificates, waiting to be trusted i guess. so go to...we'll right click on this key, and
change owner trust.and i'm pretty sure i know i am who i say i am, so i believethe checks are accurate. ok...ok...and... we will also certify this certificate.even though we trusted it, you see it's still not in trusted certificates. we still have to certify it. so click the checkbox here, and yes,
that's the same fingerprint.there's the fingerprint from the key, and there's thefingerprint contained within the key. so they match.click next. yes, certify. and... success. hit finish, and now we can use this key to send encrypted e-mails to oithelpfrom this gmail account. as you can see here, i've done the same thing in reverse,sending the public key from
my gmail virtual machine to my host machine, and imported the public key, and i trusted it, and certified it. so now i'm ready to send an e-mail from... ... my... outlook account to the gmail account. you remember during the gpg4win setup, i mentioned the gpgol plugin for outlook was something i was going to skip?
i skipped that so that i could use the outlook privacy plugin.this plugin is available from this website. basically, just download and unzip it, and there's an installer program.the installer will install .net 4.5 if you don't already have it and willprompt you for reboot. and this plugin seems to be very slick for a beta.the only hiccup i encountered was, after rebooting,
i got an error message saying the plugin couldn't connect to some service somewhere. but i simply re-ran the setup file,and it completed normally. and i'll show you the result. when you go to outlook, and you go to new e-mail... i'll send an encrypted message to my gmail account. this message is encrypted.i'll show you how this works. hello world. and just for good measure,
i'll attach a picture of my daughter to the e-mail. and we'll show you how it encrypts.so first you sign... this is what the outlook privacy plugin does. it adds these openpgp buttons up here. so first you sign, then encrypt, and you'll notice the message getsconverted to plain text. apparently this outlook privacy plugin doesn't support html messages yet. it is my understanding it in the works, but fornow,
we'll deal with plain text messages andattachments. when you hit send, you're prompted for the passphrase for your signature.and the message... goes. now, what actually gets sent is this. if you want you can decrypt it and read it from your sent items, but you seeeven the attachment has been encrypted.
as you can see, in this virtual machine inmy gmail account, i've received the encrypted message i sent myself. before i can decrypt and view it, i have to configure a browser plugin. now, the best plugin that i've foundso far is called mailvelope. right now mailvelope is only available asa google chrome extension. it appears there's a firefox add-on in development, but, google chrome, forright now, is the best web browser to use forinteracting with
encrypted email via the web for gmail, and yahoo! and so forth. i... went ahead and installed the mailvelope extension. after doing so this icon appeared.you just click this icon and go to options. now, mailvelope does notinteract directly with gnupg the same way the outlookplugin does. so we have to manually import the keys that were going to use. to do that we go into
kleopatra, and we first have to export thekey that we're going to import. so kleopatra, right click on the certificate and export secret keys. now i'm gonna show you how to do this incorrectlyfirst, just to show you what happens. when you export a key, you need to... when you export a key to import into mailvelope,you need to check mark this ascii armor box.if you don't, the file will keep a .gpg extension andwill be exported as binary.
what that means is basically a bunch of non-text characters are included. you see all these boxes and extendedcharacters and so forth, non-printable characters, and it just confuses mailvelope. if you try to submit thatyou'll get an error. best thing is to export it as ascii. go back to export secret key, and we'll just do the same thing, except this time,we'll check the ascii armor checkbox.you'll see the file extension has
changed here, which indicates it's a... it's basically a plain text file. if we import that file, you'll see it's base64 encoded. there are no extended characters. it'salphanumeric with a bunch of pluses, and slashes, and so forth. and if we submit that, you'll see we have alittle greater success. and now that we've imported that key, weshould be able to open this encrypted email.as you can see, mailvelope will automatically detect
any kind of pgp encryption and hover this graphic over it.you just click that envelope and enter your secret key. and the message will be decrypted. as far as the attachment goes, that can'tbe decrypted within the web page itself.you'll have to download that to your hard drive. and... and then decrypt it here. if you try to open it the way it is,windows is gonna say,
"what the hell are you doing?" so you have to decrypt it first.basically, just right click on this file, and choose decrypt and verify.and when you hit decrypt down here, you might be prompted for your certificate's passcode.just enter it if so, and hit ok.and there is the graphic! double-click that, and there's a pictureof my daughter. lovely! now, say you want to send an encryptedresponse to this message. before you can do that, you have to importyour intended
recipient's public key into mailvelope. so, we'll go back to mailvelope options. and import keys, and... here's the key the recipient sent us. submit.great success. and there it is in the list.we should be able to send an encrypted response to this now.just click reply... and if you want to compose your message encrypted, click this button
that mailvelope adds. this message will self... ... bah!... ... will self-destruct. nice picture! we'll click this lock icon, and we'll be prompted who we'd like toencrypt this message for. only the people in this list down here will be able to decrypt the message.
so since we just added this key, it has becomeavailable as a recipient. so we'll click add, and click ok. and there's the encrypted message. we'll transfer this message back into gmail, and this is what will be sent. since... you didn't list yourself as a recipient, you won't be able to decrypt the message.
and if we want to see the result,we come back over here... and there's the message, that was just sent.we can open that in its own window, and the outlook privacy plugin will allow us todecrypt and view it. there it is.that's... how to encrypt and decrypt emails. :)
0 comments:
Post a Comment