The software we will be using for this process are: FireFox, GPG and FireGPG. These tools are all Free and are available on Windows, Mac OS and Linux, so no matter what kind of computer you have, these steps will be the same.
Step 1: Install Firefox
Install the Firefox web browser from Here.
Side Note: PGP
We should take a second here and talk about PGP so you have an idea of how secure this process is. If you do not need(or care) to know about pgp and its history, please skip ahead to the next step. PGP stands for Pretty Good Privacy, which is nerd humor because when used properly, PGP is still not breakable by large governments. It was developed in 1991 by Philip Zimmermann (shown to the left), who 2 years later became the primary target of the US government in a criminal investigation for “munitions export without a license” when his software made its way over seas. At that time, any cryptographic software above a certain strength was considered munitions by the government. You can learn more about Phil Zimmermann on wikipedia. PGP is a public key cryptography system which means that messages are protected using three things: a private key, a public key and a password. Without all three things, the message cannot be reassembled, or “decrypted”. You exchange public keys with anyone you want to be able to send encrypted emails to (or receive from). Keys are just random looking text files that are mathematically generated using encryption algorithms, which we will create during the next step. For those of you who are feeling lost, don’t worry, once you are done, you will just point and click to protect your messages and you will be using military-grade encryption to send your email.
Step 2: Install GPG
GPG stands for GNU Privacy Guard which is a free implementation of PGP which you can find for any operating system. Download the install file that pertains to your computer below:
Windows XP/Vista download
Mac OS 10.4 or later download
Linux (check to see if you already have it first) download source code
Run the file the you downloaded and install it using the default settings.
Step 3: Install FireGPG
FireGPG is a plugin for the Firefox web browser. Ive read over their site quite a bit and cant find reference to whichever single person started the FireGPG project, but here is a link to their contributors page. FireGPG is aimed at giving gpg a nice user friendly front-end. The result? It becomes more convenient for the whole world to start protecting their email with the extremely secure PGP utility called gpg.
While using Firefox, browse to: http://getfiregpg.org/install.html
Step 4: Generate Encryption Keys
While in Firefox, Click: Tools > FireGPG > Key Manager
Click New Key
Name:
Type your name
Email:
Your Email address
Comment:
No Comment needed
Password:
*Now remember, anything encrypted with your public key can ONLY be decrypted by your private key and your password. If you keep your computer secure and nobody can steal your private key, you are 100% safe. If someone does steal your private key, and your password is over 10 characters, you can still consider yourself perfectly safe. If someone steals your private key file off your computer and they can guess or crack your password because it is too short or simple, your data is no longer safe. Use a long password with numbers and punctuation if possible and keep your computer updated and secure, and you will be able to sleep soundly knowing that it could take a hundred years to crack the protection on your email using today’s technology. Do note that you have to type this password in when you want to decrypt an email, so be sure you can remember it. And obviously, don’t write it down! It so easy to do, everyone should use this level of protection whether they feel it is necessary or not.
click: “The Key never expires”
click: “Advanced options”
Key length:
Change to 4096
leave Key Type as “DSA &El Gamal”
click Generate key
click Advanced Options
This part will make Firefox appear to have crashed until it is done, which can be a long time. (It took 14 minutes on a Macbook 2.16ghz Core 2 Duo)
During this part you should bring up another program, and do anything that lets you type and move the mouse. It will use the movements from your mouse and the keys you are typing as part of the encryption key. It helps make the data random and that is the key to strong encryption. Do not force close Firefox; or in Windows, do not end the task. Eventually the FireGPG guys will fix this, Im sure. After its done, Firefox will be responsive again and a message will pop up saying, key generated.
click “OK”
Wrap Up: Securing your Email
First step when you would like to send someone an encrypted email is to get their public key. Conversely, you would also want to send them your public key so they can send you an encrypted reply.
In order to send someone your public key, you would bring up Firefox and browse to your email. Address an email to the person and then right-click in the message body.
Select FireGPG > Export. Then select your own email adress.
This will put your public key in the body in the email.
As long as the other person sends your their key in the same fashion, you are setup to send and receive encrypted emails with them.
When you receive their key, select all the text in their key, right-click on it and select FireGPG > Import.
Gmail
FireGPG is actually designed for Gmail and will display buttons when you are viewing or composing an email to encrypt, decrypt, verify and a few other things. When sending an email to someone who is setup like you are for encryption, you would choose “Sign” and “Encrypt” as the options before you send the email. Signing the message means that you have verified that you are the sender, because you would have had to type in your password and have the secret key in order to sign the message. You do have to type in your encryption password before sending the message if you want to sign it, but I think its worth it. FireGPG should auto-verify a message by default. It also detects encrypted text and auto-prompts you to type in your encryption password.
Not Gmail
If you are not using Gmail, you can use FireGPG on any other website, so while you are in Yahoo Mail or wherever, you can just do a “select all” on an encrpyted email, right-click the text, select FireGPG > Decrypt. You can do the reverse for sending encrypted emails. It is really much easier in Gmail because FireGPG integrates into the Gmail interface when you are viewing or writing emails.
Backup your Keys
You should export your own keys and back them up. If you lose your private key or forget your password, there is no way to get back into your encrypted emails.
If you have any questions, feel free to leave them as comments.
Enjoy!
Vanish, announced by researchers at the University of Washington today, is a new concept for sending protected messages over the internet. It is not a shared key system, meaning that you dont have to exchange anything with someone beforehand in order to send them a protected message. The concept is that the message is encrypted by a key, which is scattered across a peer-to-peer file sharing network and is unknown even to the sender. After a specific amount of time, the key will erode away from the peer-to-peer network, off of several different nodes, making it more difficult if not impossible to ever reassemble the key that was used to protect the data. Vanish is a perfect digital equivelent to disappering ink. You can send someone a message and encrypt it with a self destructing key, which makes it mathematically “impossible” to read without. The University of Washington has a FireFox plugin you can use to test out this new system here.
security | admin | 
July 21, 2009 9:00 pm | 
Comments (0) 
