Saturday, July 27, 2013

How to encrypt your emails

Using PGP encrypted emails nobody except the sender and the intended recipient will be able to read and understand the contents. Below is a quick guide to encryption.
Each user needs three things, basically: PGP encryption software, a key pair and public keys of contacts. It isn't hard and here’s how to do it.

Step 1: Install PGP software
There are options. I recommend using GnuPG (or, for Linux, KGpg). Or, if you use webmail, go to your browser’s plugin site and search for a PGP implementation. Or go to download.com and search for PGP to find free software for PGP. Or buy Symantec PGP. Just like people can send each other email without worrying which email client the recipient use for reading it, neither does the software people use for PGP matter much.

Step 2: Create a key pair
You will use your private key to encrypt things (files, emails). Others will use your public key to encrypt things for you. Follow instructions in the software for creating a key pair (usually a guide will launch after install). Do not forget your passphrase (aka password) and keep it well secured. You might also want to keep a backup of the key files or install them on more than one devices/computers.

Step 3: Exchange public keys
Send your public key to the contacts that need it. Or put it on your website or on a public key server. If you’re paranoid, copy it to a USB stick, put the stick in a brown envelope and hand it over only to people you meet in back alleys. Similarly, acquire the public keys you need from your contacts. You can download the public key for benno@ecowar.eu right from the site. and send me yours if you want to. In your PGP software, find the option to import a key, then browse to the file location.

Step 4: Enjoy the privacy
PGP is pretty good privacy. The mathematics says the NSA has an astronomical chance of hacking your key given enough time and a couple of their supercomputers. Other than that you should be safe.

Remember, however, that whoever you communicate with using PGP can still share your stuff. The security of your contacts is still a matter of trust. Also remember that prolific hackers and authorities alike will be able to see who you communicate with and how much. (That’s part of the reason Wikileaks required the use of Tor as well as PGP.) And remember that using PGP is no different than having a very heavy safe in your office - you’ll still be required to open it if a judge tells you to. Plus, of course, emails will still leave meta-data for agencies to analyze.

That being said, below is a complete list of all my passwords. That’s how i trust PGP ;-)

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.19 (GNU/Linux)


hQEMA20S8Tlr6T+3AQf/bWzsJ4NWh3Zz5EvsX/6nzxUE69ubjTJ77dNqkjcNCsSF
hQnIoWr3DRKgIGnE5EYOLDGBW+KocoUNBJtzyzpRTSUqbTulgSof7nbXFtwAeFH6
ZRIdUNRz3CUwJ6/GJE/AN2sEJUEshZU7KihHXMNqaV+YFrkoK+nNWzpiZeuh2ALB
b0LEN3MKB+RCV0spHxHei0CjEMIND+Jq/NSow/U29QPP0GAJxkFG3p5PF6lgjHRV
rox0F5vLoIoDK9slBpqOmYismmnz0oYJsyBcDf3xwmc0LBvp3t/rtMfnJRD40fmV
82CB8rpsaVy9dGgTRp3YYXXYGX9vJNyZ4d1tebSstNLqAQEDswasHs7P/feg8mFd
KfTVfZovRzEt+vzZC6jGZGl990MJeD7B8KhnuZ5inrGlU3/3P0aen7odlDiLRETe
zQ4Av7EDyXS1EdD86KEVfx1WP7+1DNJCotqbvV14JxU6sLx2L1wRF3ksGuRJCMXC
AwRK8C+IPyw3O0bT9LOscluwgJYTGp7eNaLCBJ8qwX3E/JbIUCm4rRzoxW8U0yl8
Ehu38T6vpn+8o/JFZ4zOpGzuzBrcVqS0GL+8JFSvEmiJzpb/wm+nkP6VCeVDv64/
nrjSzLCI0RMR2wo/quj3OIoZTgN2Frr75zyHsg8yoLJCBWEHa41PRnGjhKOUcOm4
8J6teiQ26gNw8TC9jFnq5zBQLshMl98a91JaRrpryApRONXOiTuvBPT6ge7uw/DE
j+9GJRVpZE4eQYmjy7Und7EusI53lEqHedkXfTwy6nAlekzhebByyubh06hfG6vs
gWLAGL5xsw6pNFdT7SiBS8W1CjqTmujAxJavh87M10aI/QtiVVBt+dnitedLj6Vd
onu/CQdzhSsq1QTCnQRh1sw6NADdgzcp0mKh4wPuT2wQRq/mR8jvgMyjMPSvvfL+
idRzpLepAuaDIOo8/Atzq68sh8+y1JTatGFA93DHIwIJnmr6xZ8pFoqiR7VmNXSo
rGLhhMmOkmo6aDwQLRI5RY9lGeyzdIf/mbGJA1mUG19q7JDpJp2Moqhfz0qreTir
JZKdMpOA8zHFEE3Z3+BnyhrCRfOr2jtTQFTUGn10GDI09nUV1amc/JiR6f5cAyXr
K42yqW2w2+81SCr795pD5AVoSV6EuPrApViohJWI9MldEnkJhEgDNs3GoXc27v8H
Bn2N3YqlhnhU1Z7pUJWDiRcORF1MgvD2AOK/y6kFQsFQ1BeVWJ2UU3k1myLMM9cq
c/Dwu1lefKcznylNNuFZEwrAKMtX5hz+Evn6HEKhOkk9c5rXepFJpQdHhzxU5Hvx
7YNWnY0U56H3F347ML2QP824taBtOg9D6Id0Fk8PWwBml85954RV2Uy2ItDZ0dsm
2JFc5tiKDhNYOmfUAxeRl8R4/XuYBzTl5PAPMbq+sXIwo541t0PAWIReqSO/4RlD
Uh0X5+Q8znzH9vHOBH200TWFJ39SKPoy7mVCWEbFEW7kBSKAB3AG77Ex8iA5MpEf
BB+QT+wnL79mnXCCHv/7loEejfg/AgHu5JaQ6nrHmz6Fo8c9WbuhyvaS28rRIr7V
Hf6yNlPZIc/taa8D2qFramMMZXuTHp4OMayRP1A64tHlhcliFJr6wirJgOdUMplH
lYA76RWuJnsaBl2SFAyEN+4krVizXBwlB0Jd7u/5p+sjeUR0O6DJnCcvjTvTd8RE
rOlaMz1b6T7ovBkzB0erWkKPKI+Y3oqTGbWwIjfLTX2sAxDURTj39ZvJygoIbCwf
izF64n4dmdPvWtHnbvWtjeN4ryQ06Tx+SiE78FXqk5QA0HvqXw8kZdkkiM8IIUjt
J4Fo3kJL3fXLJOXbOllNfG7DO3BkYMnJLcIjJzPtTlhJhSRfCjYX4r4EQCwwPggC
34JLHrO0RYZC1o73Vr38Y1FvaglTsoqndiOEqJAWNoA+nXX9CZ1P+0FdgXlqpdYt
eU8INK9QjjwVP/cJ3EkIBLhebqakLdoKw3ddhkDqC8EhBS/lzMokPEgNnDsjVAti
o2egSXDFEKsiMspmpaJFm1LLu0lBJtyLD9WOsvaR4+tia2JOUkEQtPZS8wdj9tlZ
McZhyafq9YV2OV99GzdfTwoRApCF2mcuEyGw0OiAThzTNSsmWQIZVzhD8elPXRcV
Kr8gVBgcWxoSOqyXyn/zQcUcqpQdxa5/6pDCLBSc4S2U41PvzwJNAb2xAEJmCq2a
pmjX+0U9QjAPyVweJMCeh3bIxqOAFkIWqNPs6Ohz8RPxnKdrfFyKj1+LJOkj2mJd
Yvx+RlmM1wQAfMSbDuAiN09N+928kdXRaHuAaU5LqsS6BZtlzzJ3OXhfU3o8Wh55
Mq4Qs0NqYZYguTVHXpuhRqyX64Lnwq4hwi5rIlZcttBmObF6X5nmwB0REPYTtrdC
J63HuPwX5z06UOFUH8z4QynP7uZzbYtb4Yfz6uCwWUY+hB00t9n5s5AMmIH9agLN
tWESjD2bC5/sfAeQxYML9wZ749rr+nGhEH1ZeV/y0MDC4LD7WNEf06AuVohViv52
8lVF/pCoV/tg/tx+oU++kDicxrDANIiOdqjf4JiUGwhkWlJvHJAiqVXIwH/2GDTP
xYwtGpbBx9LInY+MunkPctCvc+4=
=PGiV
-----END PGP MESSAGE-----


Face the facts: We can’t trust secretive US agencies, the Russian mafia nor the Chinese military hackers to not snoop on our mostly mundane (yet, given our epicurean civilizational state of democracy which also entitles us to bomb lesser countries, perfectly justifiably private) chatter. But everyone can do their share to make confidentiality a norm.

[Cross-posted from ecowar.eu.]