Tuesday, August 6, 2013

Protect Your Privacy with Encryption - Encrypt Files and Email with GnuPG

With the revelation that the government is continually surveilling everything we do online and we cannot trust corporations to protect our privacy you have to ask yourself, what can I do to protect my privacy?

I am an IT consultant who works in large corporations and government implementing software solutions for security, backup, archiving and endpoint management.  I am certified on Symantec's encryption technology called Symantec Encryption Desktop and Symantec Encryption Management Server. These two enterprise class technologies can be used to automate encryption tasks in the enterprise. But if you are a home user there are alternatives such as Cryptophane for file encryption and Enigmail for email encryption. All of these technologies use public-key encryption.

Definition of public-key cryptogryphy: Public-key cryptography refers to a cryptographic system requiring two separate keys, one of which is secret and one of which is public. Although different, the two parts of the key pair are mathematically linked. One key locks or encrypts the plaintext, and the other unlocks or decrypts the ciphertext. Neither key can perform both functions by itself. The public key may be published without compromising security, while the private key must not be revealed to anyone not authorized to read the messages.


What is Cryptophane?

"Cryptophane is an easy-to-use Windows application that works with GnuPG (a PGP-compatible encryption program.) It allows users to encrypt, sign, decrypt, and perform key maintenance without having to deal with GnuPG's command-line interface."

Download: https://code.google.com/p/cryptophane/downloads/list


1. Download cryptophane-0.7.0-gnupg-1.4.2.exe or newer (Cryptophane 0.7.0 beta + GnuPG 1.4.2 full installer).

2. Run the installer.

Creating a Private Key

1. Open Cryptophane.

2. Click on the Keys.

3. Click on Generate Secret Key.

4. Enter the name, e-mail, address and passphrase and click Generate.

5. Click OK.

Export a Public Key

1. Click on File and then click Export Public Keys.

2. Choose the key that you would like to export and click OK.

3. Enter a file name and click save.

You can now give the public to to friends and business contacts. They can use your public key to encrypt files that only you can open using your private key.

Import a Public Key

1. Open Cryptophane.
2. Click File and then click Import Keys.

3. Browse to the file choose it and click Open. (You may have to click on the File Types drop down and choose All Files). 

You should now see:

4. Click OK. You should now see the public key in Cryptophane.

5. Right click on the newly added public key and choose Sign Key.

6. Review the contents of the popup. Since we got the public key from our friend we can tick the box "I have checked the above fingerprint with the key owner and they match". You can then click I am POSITIVE that this key belongs to its indicated owner.

7. Because your are signing the public key with your private key to prove its authenticity you need to enter your password and click OK.

8. Right click on the public key and choose Edit Trust.

9. Update the trust of the user who created the public key. Since I know Joe I will choose I trust this user fully. Then click Update Trust.

Encrypting Files with A Public Key

1. Choose a file, right click on it and choose Encrypt/Sign.

2. Choose the public key of the person that you want to encrypt the file for. (If you have more than one public key, ie. for multiple friends, you can choose multiple keys to encrypt with). You can also choose to sign the encrypted file with you public key to prove authenticity. Click Process.

3.  You will be asked for your password because you are signing the encrypted file with your private key. Enter your private key password and click OK.

4. Click OK.

The file is now encrypted and signed.

Decrypting an Encrypted File

 1. Navigate to the encrypted file, right click on it an choose Decrypt.

2. Choose where to save the decrypted file and click Save.

3. Enter the password for your private key and click OK.

4. See the decrypted file in your folder.


What is Enigmail?

"Enigmail is a security extension to Mozilla Thunderbird and Seamonkey. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard."

Sending and receiving encrypted and digitally signed email is simple using Enigmail.

Download: http://www.enigmail.net/download/ 

Installing Enigmail

1. Download and install Thunderbird.
2. If you have not yet installed Cryptophane, download and install GnuPG.
2. Download the correct version of Enigmail.
3. Open Thunderbird and add your email account.
4. Click on Tools and click on Add-ons.

5. Click the little round gear looking button on the top right side of the page and choose Install Add-on From File.

6. Navigate to and choose the Enigmail extension and click Open.

7. Click Install Now.

8. Click Restart Now.

9. Click on Tools and click on Setup Wizard.

10. Choose Yes, I would like the wizard to get me started and click Next.

11. Choose No, I want to create per-recipient rules for emails that need to be signed and click next. (Signing emails will let your recipients know that the message was actually sent from you)

12.  Choose No, I will create per-recipient rules for those that sent me their public key and click Next.

13. Choose Yes and click Next.

Note: If you get a warning saying that GnuPG could not be found, navigate to it and select it. If you configured Cryptophane previously you should be able to find GnuPG in the Cryptophane installation directory. Eg: C:\Program Files\Cryptophane\GnuPG\gpg.exe.

14. If Enigmail cannot find a key it will ask you if you want to create a new key pair. Choose yes and click Next.

15. Enter a strong passphrase (>8 characters including uppercase and symbols) and click next.

16. Click Next.

17. Click Skip.

18. The wizard will then complete. Enigmail is now configured in Thunderbird.

Export Public Key

1. Click on Tools, Open PGP and then click on key management.

2. Click Display All Keys by Default.

3. Right click your key and choose Send Public Key By Email.

4. Fill out the email and send it to your recipient.

Import a Public Key

1. Open your email and see the email from your sender that included the public key.

2. Click Import OpenPGP Key.

3. Click OK.

4. Open OpenPGP Key Management.

5. Right click the newly imported public key and click Sign Key.

6. Choose I have done very careful checking (since you know who sent your the key) and click OK.

7. Enter your private key password and click OK.

8. Right click the newly imported public key and click Set Owner Trust.

9. Set the level of trust for the public key. Choose I trust fully and click OK. (since you know who sent your the key)

10. Close OpenPGP Key Management.

Sending and Encrypted Email

1. Create a new email by clicking Shift and the Write button. (Creates a non-HTML email that is capable of being encrypted)
2. Add a user who you have a public key for.
3. Click OpenPGP and choose Sign Message and Encrypt Message.

4. Click send and enter your password (which signs the email).

Receiving an Encrypted Email

1. Open Thunderbird.
2. Click on the encrypted email and enter the password of your private key and click OK.

3. Read the decrypted message.

Privacy is a right. If you don't fight for it it will be taken away.

Stand tall,
Cameron Mottus

No comments:

Post a Comment