Digital Encryption 101 – Securing Your Messages

(TFC) – For many, the task of learning how to thwart the electronic eyes and ears of the State may seem quite daunting. However, the good news is that this need for basic communication between private individuals has been met by technophiles who are constantly working to make sure that the average person has the ability to communicate via electronic medium in a secure manner without great effort. This skillset is not hard to gain and the software required is free. If you can follow simple instructions and install software using the software’s included installation wizard, then you can do this. This article will teach the beginner to send and receive encrypted email.

The method of encrypting email we will use is known as PGP (short for Pretty Good Privacy) and it is as of yet considered unbreakable. The two facets of PGP that make it extraordinary for this task are its use of asymmetric encryption and digital signatures. Asymmetric encryption simply means that if you wish to send an encrypted email to a person or entity, you can email so that only their specific passphrase, or private key, will decrypt the message, only knowing publicly available information, which is referred to as their public key. This public key will allow a person to lock the message, but only the private key of the pair will unlock the message. This makes it an excellent tool for contacting persons that you do not know personally, such as reporters (think Edward Snowden contacting Glenn Greenwald). Digital signatures allow a person to verify the veracity and integrity of the data being sent, which prevents any tampering with the message. The contents of the email, but not the subject line, will be fully encrypted.

There are two simple methods to using PGP. The first method will be through the use of a computer based email client. This is simply a program that will allow you to send and receive email from web-based email provider, such as Gmail or Yahoo, from your computer without having to manually log-in to the website. The program for this that is the easiest to use for encryption is Thunderbird, by Mozilla. Make sure that all software that you download and install is from the official site. You can download the Thunderbird email client at:
https://www.mozilla.org/en-US/thunderbird/

Download the file and open it, then follow the instructions for installing the software. If unsure about anything, then you may use all the default settings. The only exception would be if you already have another email client that you prefer to use, such as Microsoft Outlook for work, in which case as soon as the program opens there will be a pop-up box that is titled System Integration. Make sure that you uncheck the “Always perform this check…” box and click “Skip Integration”.

Now you may create a new email address or use an existing one, as you like. If you already have an existing web-based email on a major hosting service, this will be quite simple. You will enter the name you wish to have associated with this email account, the email address and the email password. The next screen will allow you to choose between IMAP and POP3, for most users it is usually best to use the default IMAP. Assuming that all of the information you have entered is correct, then you may be asked to log in to your email account.  You may add several email accounts to the email client making it in itself a very useful tool.

The next step is the installation of “GnuPG” which is what will actually do the work behind the scenes to perform the complicated mathematics involved in the encryption and decryption of data. The easiest way I have found to go about this for a beginner is the use of an installer which will essentially do all the work for you. For this amazing tool, simply go to
https://www.gpg4win.org
(Mac users can get the pgp software from here:
https://gpgtools.org/)

For windows users, after clicking the green download buttons on two different pages, there is a link to download for free next to the “Donate and Download” button. Again, the default settings are fine for the vast majority of users, simply download, run and follow the defaults for installation, but I do recommend that you select all options when installing the software. Mac Users, it will be much the same. This software may require a restart of the computer.

The next step is the installation of an add-on known as Enigmail. To the right of the search box is three vertical lines, this is the “Tools” button. Click the Tools button and click add-ons, then search for Enigmail. When it comes up, click the install button and after it has installed click restart now, right above where the install button was located. Upon restart, choose “Start Setup Now” if not already selected, and click next. Clicking next again will allow you reach the final stage. This is where you will create your passphrase. Rules on creating passphrases abound on the internet. Length, the use of upper and lower case characters, numbers, special characters, and making things as random as possible are all going to make it harder to break your passphrase, however it needs to be something you can remember.
You will be required to create a revocation certificate in order to finish. Should you forget your passphrase, then this revocation certificate is used to revoke your pgp key from public keyrings.

Posting your email and your public-key on your website or social media, or sending your public key and a copy of this article to your friends will give you a way to contact each other securely, with the messages including the attachments (except for the headers and subject lines) being totally unintelligible, and even after it has been decrypted, the version stored on the web-based email server is still encrypted, and is as safe as the passphrase used. To get your public-key simply go to Tools -> Enigmail -> Key Management. Right-click the key you wish to share and choose copy public key to clipboard. Then you may paste (CTRL-V) the key in a message, or on your social media profile or wherever you wish. Decrypting a message sent to you is as simple as opening the Thunderbird program, clicking on the email and entering the passphrase when prompted. To be able to send an encrypted message to someone, you need to have their public-key. If they send you their public key, then after you verify that it is indeed authentic in origin, say through a phone call, then you may add it to your keyring through Tools -> Enigmail -> Key Management. If they sent you a file with their public key it will be a “.asc.pgp” file. Download it, and in the Key Management window under the File tab choose “Import keys from file” and choose that file that you downloaded. If you have a text version of someone’s public key, then you want to copy (CTRL-C) everything from the beginning dashes to the end dashes. Then in Key Management under the Edit tab, choose “Import keys from clipboard”.
pgp

The second method to use PGP may even be more simple. Download and install The PGP software from the source given above. Ensure that you include all the options when installing the GPG (GnuPGP) software. Once it is installed, open GPA (Gnu Privacy Assistant). If you do not already have a PGP key set the you need to create one, and if you have one then you need to import one. This is done in Windows > Keyring Manager. In Keyring Manager, under the “Key” tab click “New Key” or “Import Keys”, if you already have keys to import. Make sure that if you backup your secret key, you do so to a secure (read: encrypted) location. If this key is compromised, so is your encryption and that of every message you have received. To get your public key, right click on the key in your Keyring Manager and click “Export Keys”. Open that file that you exported in a text editor, such as notepad, to get the public key that others will use to encrypt messages to you. To import the public keys of others, just copy the text version of the key, from the first dash in the “—–BEGIN PGP PUBLIC KEY BLOCK—-“ to the last dash in the “—-END PGP PUBLIC KEY BLOCK—-“ and paste that into a notepad document or other text editor and save it to your computer. Then from your Keyring Manager > Keys tab click “Import Keys” and click on the file that you saved with the key you wish to import to your keyring.

This program does not send the message for you, it simply encrypts the message, allowing you to use the email or messaging service of your choice to convey the now encrypted message. In the main GPA window (in the Clipboard), you simply type the message you wish to send. When finished, you click encrypt and choose the key of the person you wish to be able to decrypt the message. The program then encrypts the message. You copy the resulting unintelligible text into your choice of messenger or email and send it. If you receive an encrypted message then you simply copy and paste the message into the GPA program and click “Decrypt” where you will be prompted for your passcode which will allow the program to unlock the message into plain text. It is really that simple.

How long did that take to read? How long would it take to implement? That amount of time is enough to thwart all 17 of the known US intelligence agencies as well as all known foreign ones, despite their wasted billions. Despite what they may have you think, no agency in the world has significantly better cryptology that the average citizen. It is all based on mathematics, and math does not change simply due to an excess of bureaucracy and wasted money. If you want your digital privacy back, you will have to take it. This is one step.