Sometimes, we need to send sensitive information through email, and we want to make sure it won't fall into the wrong hands. Using the free OpenPGP encryption, we can send secure email messages, which will keep our personal data safe from prying eyes, even from the NSA.
Unblock any international website, browse anonymously, and download movies and Mp3 with complete safety with CyberGhost, just for $2.75 per month:
Data encryption is a huge chapter, and there are multiple algorithms and methods to secure our data, both online and offline.
In this guide we won't analyze computerized cryptography in detail - we are preparing a separate guide for that - but we will take a practical approach on how to send secure email messages, using OpenPGP.
What is OpenPGP
PGP (Pretty Good Privacy) is a cryptosystem, a family of software systems that provide cryptographic privacy and authentication for data communication. OpenPGP is an open standard for PGP encryption, based on PGP 5.x.
In simpler words, PGP can be used for digitally signing data and can encrypt and decrypt anything, from files and whole disk partitions to text and email messages. OpenPGP is the standard method for different applications to encrypt and decrypt data using PGP.
Despite its name, PGP is more than just "pretty good". It is an excellent encryption solution for sensitive data, especially when we want to send secure email messages.
Edward Snowden mentioned that "Encryption works" as a way to hide our email contents from the NSA. According to security expert Nico Sell, founder of the mobile security app Wickr, "when it comes to email [encryption], PGP's about as good as it gets".
Set up secure email with OpenPGP
To send a secure email with OpenPGP, we might need to change the way we send email. If we are using webmail, we need to use it through an email client.
For this guide, we will setup OpenPGP in Thunderbird, Mozilla's open source email client. It is possible to send a secure email with OpenPGP through Outlook, but we will cover this in a separate guide.
Download and install the software
To send secure email with OpenPGP, we will need the following software:
- 1) gpg4win, a free Windows software that allows us to generate secret keys and manage public keys for our contacts.
- 2) Thunderbird
- 3) Enigmail, an encryption and authentication add-on for Thunderbird
While installing pgp4win, we will only need the default GnuPG component, we can safely uncheck everything else (though it won't hurt if we keep them).
Thunderbird is pretty straightforward to install, nothing out of the ordinary.
After installing Thunderbird, we select to use our existing email...
...and then provide our email credentials.
If you are using Gmail and have trouble connecting it to Thunderbird, see our guide:
Use Gmail with Thunderbird, for Offline Access and Backup
We install Enigmail like any other add-on in Thunderbird. After we download the .xpi file...
...we open Thunderbird, select Add-ons...
...select "Extensions" and drag the .xpi on Thunderbird.
This will open the installation prompt. After the installation, we need to restart Thunderbird.
Setup Enigmail
After we restart Thunderbird, we will find the Enigmail Setup Wizard running.
If we close the Wizard without going through the setup, we can start it again from the new Enigmail entry on the menu.
We just need to click on the arrow and select the Setup Wizard.
Either way, we select the standard configuration.
We need to enter a secure passphrase, at least eight characters long.
We will be using this passphrase both to send a secure email and to receive it.
We must make sure we remember it because there is no way to retrieve or reset the passphrase if we forget it. In this case, we will have to create new OpenPGP keys.
Next, Enigmail will use gpg4win to create both a private and a public key. On a modern PC, this will take less than 30 seconds.
After the program has generated the keys, we need to create a Revocation Certificate. We will use it in case we lost access to our private key - if we forgot our passphrase, for example - to revoke our public key and issue a new one.
We need to enter our passphrase to create the certificate...
...and then save it on our hard drive.
Exchange public keys with selected contacts
The way asymmetric cryptography works, before we send our first secure email, we need to exchange public keys with the intended contact.
We just need to Write a new message...
...and click on "Attach my Public Key".
We can write anything on the subject line and inside the email body, it doesn't matter.
Our recipient, who must also have gpg4win, Thunderbird, and Enigmail installed, will receive the key.
They need to right-click the attachment and select "Import OpenPGP key".
After it is successfully imported...
...they must send us their key...
...and we will also import it.
We need to do this with any contact we wish to send secure email to, but only once.
Unless we or one of our contacts revoke the public key, this connection is good for five years, by default.
Confirm the keys
After we received and imported the public key from our contact, we must confirm that we have received it intact.
We go to Menu -> Enigmail -> Key Management...
...right-click on the recipient's public key and select "Key Properties".
We must then contact the recipient, and confirm that we have the same Fingerprint for his key.
We then do the same thing for the public key we send them, to verify that fingerprint.
If everything is in order, we click on "Select action" and choose "Sign Key".
We select "I have done very careful checking", and check the "Local signature" option.
The recipient should do the same.
Now, we are ready to send as many secure email messages as we want.
How to send secure email with OpenPGP
When we create a new email for a contact that we have exchanged public keys, the message will be encrypted by default.
Remember that anything in the message's body will be encrypted, but the subject line will always be visible. So, make sure not to give any spoilers.
For extra security, we can click on the "This message will be encrypted" message and change two settings.
First, we can check the "Sign Message" checkbox, which confirms that the email came from us. Second, we can select the "Use PGP/MIME" that will also encrypt the names of any attachments.
From this same window, we can also disable encryption, in case we just want to send an unencrypted email to this contact.
To send the message encrypted, we have to provide our passphrase.
If the recipient tries to read this message from their Gmail account, they will get a bunch of gibberish.
With Thunderbird and Enigmail, though, opening the message will prompt for their passphrase.
With their correct passphrase, they will get the decrypted message.
If the passphrase is wrong, they will get nothing at all.
The only way to break this code is by brute force - that means having a computer test all the possible passphrases until it finds the right one.
The thing is, if a passphrase is long and complicated enough, it can take literally forever to be cracked by brute force. The famous Edward Snowden example, "MargaretThatcheris110%SEXY" creates a search space of 2.66 x 10^51 possible passwords.
If a massive array of computers tried 100 trillion passphrase guesses per second, it would take 8.47 thousand trillion trillion centuries to check all the possibilities.
Just make sure your passphrase is not "passphrase". Or "MargaretThatcheris110%SEXY" for that matter, because it's a famous example and a strong attacker would definitely try it before trying the brute force method.
Did you find it easy to send secure email using Enigmail?
Cryptography is somewhat like how a cell phone works. Those of us who aren't telecommunications engineers don't have the slightest clue on how the GSM network works, but this won't stop us from dialing and texting.
Sure, all this exchange of public keys is a bit complicated. But, after the initial setup, which only needs to be done once with a contact, sending secure email messages is simple for anyone.
Will you use Thunderbird and Enigmail to send secure email? Do you prefer another method? Leave us a comment.
Support PCsteps
Do you want to support PCsteps, so we can post high quality articles throughout the week?
You can like our Facebook page, share this post with your friends, and select our affiliate links for your purchases on Amazon.com or Newegg.
If you prefer your purchases from China, we are affiliated with the largest international e-shops:
Leave a Reply