Print
Today, we live in a world of rapidly diminishing privacy. If you use your employer's email system, it is possible that every message you send or receive is logged and intercepted without your knowledge. This may have unintended or even disastrous consequences if an intercepted email message contains sensitive personal information. Unless your email goes through Secure Socket Layer (SSL) protected connections, your email is vulnerable to what is known in the IT security field as man-in-the-middle attacks, where an attacker can intercept your message as it flies to its intended recipient.
Email is sent in a format that is easily readable if an attacker can grab and reconstruct enough pieces (packets) from the data transmission with packet sniffing software. Technologies like deep packet inspection make it theoretically possible that any given message that goes over the internet can be sniffed and read by third parties who have the right software and know-how. (the feds, your ISP, etc.) While no one may have a real reason to spy on you, relying solely on security through obscurity has always been a poor policy to live by. Because of this, encryption is the only real option you can trust. We teach you how to put your emails in a lockbox before sending them off to their destinations.
Public key encryption works by having two separate keys: a public key and a private key. The whole concept can be compared to a padlock. When a padlock is open, anyone can lock it (public key) but the lock can't be opened again without its key or combination (private key). For this reason, your private key and its password should never be shared with anyone else, whereas your public key may be freely distributed so people can use it to send encrypted messages to you.
On Linux, the most notable public key encryption program is the GNU Privacy Guard. (GPG) Originally created as the open source descendant of OpenPGP (Pretty Good Privacy), GPG became a popular encryption tool and maintains full compatibility with PGP. GPG is a text-only command line application in its most basic form, but various frontends like kGpg exist for it. Once you have GPG installed, you must generate a key pair (CTRL+N in kGpg) to create a public and private key for yourself. For maximum security, you should use a strong password (at least seven random uppercase and lowercase letters, numbers, and symbols without dictionary words) and a 4096 bit key.
4096 bit encryption is extremely strong by today's standards, to the point where cracking is completely impractical. Breaking a single 4096-bit key would literally take millions of years even with modern distributed computing technology working on it around the clock, and an attacker would have to steal your private key first to even make an attempt. This situation is not likely to change unless there is a revolutionary breakthrough in quantum computing and the technology becomes readily available.
Once your key pair has been generated, you should upload your public key to the various key servers around the world so people and email applications will be able to find it. kGpg has a built-in list of the most popular servers to make the process easier.
GPG is platform-independent, and GPG software exists for practically every operating system in common use. Encrypted messages can be shared between operating systems, so once someone has your public key, you can receive encrypted messages from them, and vice versa. While this article is geared towards Linux, you can also apply it to any other operating system that has an implementation of GPG or OpenPGP.
Many popular Linux email clients (Like Evolution and Kmail) have built-in features that allow them to interact with GPG. To enable encryption in Mozilla Thunderbird, you must install Enigmail.
If you are using Evolution, you should compose your message as you normally would and then select PGP Encrypt from the Security menu in the message composition window. Once you do this, Evolution will query the keyservers. If Evolution is able to find a key that matches the email address of the recipient, your message will be automatically encrypted as it is sent.
Kmail and Thunderbird handle encryption in much the same way. Unlike Evolution, Kmail or Thunderbird will not automatically query the keyservers to match the recipient email address with, but will only allow you to use the public keys you have installed on your computer. After you have chosen a key, the message will be encrypted with it and sent. While this encryption process is not as automated as Evolution's, it does prevent the small possibility of automatically encrypting with an old or expired key that the recipient no longer uses.
Comments are closed on this article
Vormetric
November 22, 2011 at 7:45pm
Vormetric Encryption allows enterprises to encrypt sensitive data on servers, control access to that information, and report on who is accessing the protected data. Vormetric Encryption supports all of the major platforms – Linux, Unix, Windows and can be used in physical, virtual and cloud environments. It enables enterprises to have a common solution to protect both structured and unstructured data with integrated key management.
modes
February 06, 2009 at 10:04am
there's actually a much simpler solution called voltage securemail. it uses identity-based encryption so users don't have to deal with encryption keys - it uses your email address instead. For big companies, that's a major benefit and saves them the big headache of assigning and managing keys. and average people can have email privacy without being tech-savvy at all. go to their website for more http://www.voltage.com/
KidDeath10k
February 05, 2009 at 2:10pm
Hey Will,
I think you mean't Privacy rather than Privary right? :)
-Michael
KidDeath10k
February 05, 2009 at 2:35pm
Anytime, it's not like I haven't made a typo before either! :P
