One of the problems with using browser-based email is that it is not friendly to encryption. Webmail also lacks a few other attributes that are standard in email.
There are several applications that encrypt e-mail. Some are proprietary, which often means you have to buy them and they also often only work with one platform. It limits the usefulness of encryption if you can for example, only use it for work e-mail when sending e-mail to colleagues. With proprietary systems there is also the backdoor question: Can providers supervisors and others read your encrypted e-mail if they choose to?
Bear in mind that if you run encrypted personal mail on a work machine, it may arouse the suspicions of your employer.
There is a highly respected mail and file encryption program that is available free and will work with Windows, Mac, Linux and Unix. It is known as pgp (Pretty Good Privacy) or gpg (Gnu Privacy Guard).
If you use gmail, you can still send and receive encrypted e-mail, you just use a mail program rather than a browser like Firefox. You will be able to send and receive e-mail with any user who also uses pgp.
Thunderbird is a popular email programme that works with most email providers, cable networks (such as Comcast), telephone companies (such as Verizon) etc. It can be downloaded free to the system of your choice. Thunderbird works on Windows, Mac and Linux.
https://www.mozilla.org/en-US/thunderbird/ Thunderbird Download Page
How to install gmail on Thunderbird
When thunderbird is working with gmail, you can now use thunderbird for all your gmail and other mail too, the one interface can have several email addresses, such as yahoo, comcast etc.
Thunderbird does not automatically encrypt; for that you need a plug-in that uses pgp called Enigmail.
Setting up gpg with thunderbird the first time is cumbersome, but once it is set up and configured, it adds little overhead or complexity to sending and receiving e-mail.
With Thunderbird the encryption is done with the Enigmail plugin.
You will download a file that looks like "enigmail-1.9.6.1-sm+tb.xpi". Make a note of where it has been downloaded to.
Open Thunderbird. Select "Tools" from the menu at the top of thunderbird and select add-ons Manager. In that page select the gear icon at the top right of the page. In the drop down pick install Add-on from file. Navigate to the directory where you saved the .xpi file and select that.
You should close and restart thunderbird. The at the menu at the top of thunderbird you will see Enigmail, select that, then select "Set up Wizard". You will be walked through the installation. Your passphrase is the tricky bit.
After Enigmail is installed, you can if you wish tweak various parameters like your passphrase, expiration date etc.
Enigmail automates much of the difficult parts of using
encryption and as a bonus, if you don't have gpg loaded on your
machine, it will download it from the net and the wizard will help you
configure it.
Gnu Privacy Guard (gpg) is what is known as
public-private key encryption. There are lots of explanations on
the web and in books as to the philosophy of this. Simply put, it
relies on complex combinations of asymmetric equations, or ones
that are easy to do one way and hard the other way - think of how
simple it is to square a number (just multiply it its own number
of times) but how much more work it is to find a square root
(square numbers smaller and larger than the root of the target
repeatedly, narrowing the bracket around it each time until you
get the target). Then imagine trying the same procedure with a
fractional exponent. A public-private encryption algorithm uses
much more complex equations to generate a set of keys, one
available to all and one kept secret.
You are Fred and you want to send an encrypted e-mail to
Mary. You have Mary's public key, she can give it to you in an
open e-mail, or you can get it from a common repository or third
party. You compose your e-mail and send it off to Mary which
calls up your private key. You will then be asked to add Mary's
public key if there is any question or it will automatically add
the key. The encryption is a combination of your private key
and her public key. When she receives your e-mail, she needs your
public key and her private key to decrypt the e-mail.
Your private key is protected with a passphrase (A long
password) Only you have this key and passphrase. Protect them
both, and change them as necessary. Remember that the most
important part is a really good passphrase. There are some really
good ways to make a solid passphrase. Long and complex and hard
to guess is best. Random words good; a list of your children in
chronological order bad. More on passphrases:
Note: The above URL mentions using dice. You can buy dice from
the
Electronic Frontier Foundation, which is a good way to
support them.
You can encrypt files as well using this technique. If
you send an e-mail with a file attachment, that too is encrypted.
Your computer(s) with Thunderbird and Enigmail installed will be
the only device that can read and send encrypted mail using your
private key. You can run your key on several devices: say a
laptop, a desktop, etc. Your gmail browser interface will still
work, but encrypted emails will not be decrypted and so will
appear as gibberish on a web page.
Note that using public<>private keys the exchange is between just
two parties.
You want to distribute your public key widely. You can
e-mail it to people you know, you can put it on your own web
page, or you can put it on the MIT (Massachusetts Institute of
technology) key server.
To propagate your public key as a file, you need to
generate the public key as an ASCII
(known as .txt to many) file. This is the key others need to read
encrypted mail you send to them and send encrypted mail to you.
Enigmail makes this simple.
When you are composing an email in Thunderbird, you can
attach your public key with a couple of clicks. On the top of the
Message compose window is a button Attach My Public Key. Click on
that and your key will be attached to the e-mail so the recipient
will have your key as an attachment. They can save it to a file
and use it, or if they have Thunderbird and enigmail can add it
to their gpg keyring. A keyring is a file of all the public keys
you have gathered. You can look at your keyring with Enigmail. In
Thunderbird, select Enigmail, then in the drop down menu select
Key Management. Your Public and Private keys will be listed along
with all the public keys you have gathered.
In Thunderbird, select Enigmail on the top menu. Then
select Key Management. Highlight your key, it will have your name
and e-mail address on it. In the Thunderbird top menu now select
File and select Export Keys to File. A dialog box will pop up,
select Export Public Keys. A navigation window will pop up and
you cam select what directory you want to save it in. When you
have navigated to the directory (I have a directory called
security for such files), click on Save and your file will be
saved into that directory, for you to distribute. The file will
have a name in this format:
Firstname_Lastname_you@domain.com_(0x89ABCDEF)_pub.asc
You can rename the file to anything you like. What is
important is the file itself. Do not edit the file, if it is
corrupted it won't work. You can copy and paste the text or send
it as a file.
We will use the MIT server as an example:
Open your browser on https://pgp.mit.edu/ Lower down that page it says Submit a key. Paste your
ASCII armored key into that window, then click on Submit this
key..
Your public key is now on the key server. Anyone wanting
your public key so they can send you encrypted e-mail or a file
can get your public key.
Getting a key off the MIT server is pretty simple:
Open your browser on https://pgp.mit.edu/ At the top is Extract a Key. In the Search String box you
can enter the known key connected to the key file, or even just
the e-mail address of the entity you wish to send to.
For example, either jmacassey@gmail.com or F564E69F will work.
If they are on the server you will get a line with some
data on it. Click on the key and you will get the PUBLIC KEY
BLOCK. Copy and paste or save it. If you save it from a browser,
it may have extraneous cruft before and after the file block
delineator.
-----BEGIN PGP PUBLIC KEY BLOCK-----
RANDOM DATA WOULD BE HERE
-----END PGP PUBLIC KEY BLOCK-----
This shouldn't give you trouble, but you may want to use
a text editor like notepad, TextEdit, vim or emacs to clean it
up. DO NOT use a word processor such as Word, Libreoffice etc. as
it will add odd characters.
Enigmail has a smart feature, if someone sends you an
encrypted e-mail out of the blue, it will search for that key, or
of they also sent their public key as an attachment it will incorporate it.
If you happen to have someone's public key in a file,
saved from a remote location, handed to you on a thumb drive etc.
you can Select Enigmail, then Key Management, then under File in
the top Menu select Import Key, you will get a finder and can
steer to the location of the key and import it.
Using e-mail encryption on a daily basis is a good
practice. Under the hood, encryption is complex and involves high
level math, but that shouldn't dissuade you from using it.
Whereas cryptography means to obscure information, and
you can encrypt words whether written, transmitted or stored
digitally, traditional cryptography has traditionally meant that
the sender and receiver share the same decoding method, the key.
This has meant that anyone knowing that key can decrypt the
message. Traditionally the best way to enable security was to
change the keys frequently. The Achilles heal was then
distributing these keys to all users of the cypher. It also meant
that many people then knew those keys.
With Public/Private key encryption, the person
encrypting the message is the only person who knows the key. Also
the person receiving the key decodes by knowing their private
key. So knowing the recipients public key is all that is needed
to generate a message that only the recipient can read. Anyone
intercepting the message not being the holder of the senders
public key and the recipient's private key will only see
gibberish.
A good explanation of public-key encryption is here:
https://en.wikipedia.org/wiki/Public-key_cryptography For a full version of GPG with associated explanations,
there is GnuPG. This
does require you use a terminal. GnuPG will run on several
platforms - MacOS, FreeBSD, NetBSD, OS/2 and Solaris amongst
others.
For Microsoft Windows users there is Gpg4win which provides a
graphical interface.
For Apple Mac users there is GPG Tools. It is a simple to
use Graphical Interface, will automatically work with Apple's
Mail.app. Installing and using GPG Tools
A compact list of gpg commands is The GNU Privacy
Handbook
This tutorial is put together by:
Julian Macassey
julian@tele.com
Contact me with any questions.
What is public-private key encryption?
Briefly, and simply this is how it works:
What to do with your public key:
Exporting your Public Key to a file:
Putting your key on a public server:
Importing Keys.
Further Reading