Protect your Privacy! How to Send Encrypted Emails with Linux

Posted 02/05/2009 at 11:00pm | by Will Kraft

7

Comments

Print

Other ways to use GPG

If you use a web-based email client like Gmail or an email application with no native GPG support, you can still benefit from encrypted email. This method of encryption is not as elegant as those described in the previous section, but it will work regardless of the email client you are using.

The first thing you must do is compose your message. For this purpose, you should use the editor component of the kGpg frontend. (located in the kGpg file menu) This will present you with a simple text editor. Once you have written your message, click the encrypt button and choose a key from the list. kGpg requires an “ultimate” trust level on a public key in order to encrypt with it.

Once your message has been encrypted, copy everything, (including the -----BEGIN PGP MESSAGE----- and -----END PGP MESSAGE----- header and footer) paste it into your email client, and send the message. The recipient should be able to decrypt your message with his or her private key once he or she receives it. If any part of the encrypted message is omitted, decryption will not work.

If someone sends you a message encrypted using this method, you can decrypt it by copying everything, (including the header and footer) pasting it into kGpg, and clicking the decrypt button. If your private key is present and valid, you will be asked for your password. Once you provide the correct password, the decrypted message will be shown.

Sending encrypted email attachments

Sometimes it is more practical to send encrypted attachments rather than encrypting an entire message. GPG can do this, but it is rather inefficient since each file must be encrypted individually (encrypted files can be recognized by a .asc extension) or packaged into a tarball or zip file and then encrypted. Fortunately, a program called Truecrypt offers a better solution.

Truecrypt uses AES (Advanced Encryption Standard), a different encryption algorithm than GPG. With AES, there is no public or private key; rather there is a single password. 256-bit AES encryption is at least as strong as that offered by GPG, since some experts claim that cracking 256-bit AES encryption with modern computing power would take longer than the current age of the universe.

Truecrypt's main purpose is to encrypt entire hard drives to greatly boost operating system security, but Truecrypt also has the ability to create encrypted files of a predefined size. (Anywhere from a few megabytes to a few gigabytes) These files (when unlocked) operate like small virtual hard drives, so any files written to them are automatically encrypted and decrypted on the fly. Unlike GPG-encrypted files, Truecrypt archive files have no predefined extension, so you can easily disguise a Truecrypt file by assigning a false extension. If anyone intercepts your file, the interloper would likely think that it is merely a corrupt file. Since AES-encrypted files appear to be random data, a well-trained professional with a hexadecimal editor may notice something unusual, (since most files have some sort of structure) but this scenario is highly unlikely in most situations. Your main goal with the false extension tactic is to protect the file from casual suspicion, not detailed analysis.

Staying safe

All the encryption in the world isn't going to do you any good if you cannot trust your own computer. Any computer used for encryption should be fully patched and malware free to create a sanitary environment. Rather than attempt to crack encryption by brute force, attackers usually try much less resource-intensive tactics, such as stealing your private key and password when you use them. Passwords are frequently stolen through the use of keyloggers, which are hardware or software-based devices that capture your keystrokes.

Hardware-based keyloggers are easy to locate; they are plugged into a computer through a PS/2 or USB port and the keyboard plugs into the keylogger. Some must be retrieved to be read, whereas others can transmit collected data over your internet connection when called for. You are very unlikely to find one of these on your home computer, but paranoid users may want to check their cases every so often. Generally, it is a bad idea to run a decrypt on any public or work computer that you do not fully trust and have fully inspected, since these computers are most likely to have a hardware keylogger installed.

Software-based keyloggers are far more insidious and can be picked up like any other malware, so your otherwise secure home computer can potentially be infected. A competent attacker will often try to hide the presence of the keylogger with a rootkit, so get in the habit of checking for rootkits every so often. Windows users can use RootKitRevealer, and Linux users can use Chkrootkit or Rootkit Hunter. This process is easily automated by setting a Cron job (under Linux) and writing the scan output to a log file, emailing it to yourself, or both. If you find a rootkit, you should immediately deep-format your hard drive (Darik's Boot-and-Nuke is good for this) and reinstall your operating system.