E-Mail Snooping Okay; Time to Encrypt!
According to a court of appeals, it is perfectly legal for an ISP to read your e-mail without telling you! This makes any type of problems people have with GMail moot; now your very own ISP can be reading your most secret thoughts and exchanges with other people and be protected under the law. So what do we do to combat this?
My solution is to start encrypting e-mail. “But I’ve got nothing to hide,” you may protest. I say that’s not the point. The point is that you should have a reasonable expectation of privacy in your correspondence with others, and now it is time to take action to protect that right.
I recommend using a program called GnuPG, the GNU Privacy Guard. It is a free program that allows you to manage public and private key pairs in order to encrypt messages and files. You can find a great starter’s guide for Windows located here.
The GnuPG uses public key cryptography for encrypting and signing messages. What that means is that you have a public “key” which is distributed to the public (your friends, etc.) and is used to encrypt messages to be delivered by you and to decrypt signatures you have created. You also have a private key which complements your public key by allowing you to decrypt messages you receive and to encrypt signatures. Your public key and private key are known as a “key pair”.
Once you have GPG installed open up a command prompt/terminal and type in the following: (warning: it’s a command line utility so be warned, Windows users. Linux/OS X geeks will be familiar with this already)
gpg –gen-key
It will then ask you a few questions, of which you use the defaults for most. Use the default key type (”DSA and ElGamal”), the default key size (1024), no expiration date for the key, and put in your name/email address/comment so you’ll know what the key is for later. Also, you’ll have to use a passphrase with your key. Use something secure but easy to remember. I use a different key for each of my e-mail addresses, but that isn’t necessary.
Next, you’ll need to get your public key out there. One way to do so is to just e-mail it to people, put it on your web page, or use a trusted third-party keyring server. Before doing this, however, you need to export your key into a readable/usable ASCII format. Do this by issuing the following command:
gpg –armor –export email@address > filename.txt
You can use the name you specified for your key, or your e-mail address like the above example. Now you should have a text file that looks something like this (this is not a valid key, btw, but just an example):
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.2.4 (GNU/Linux)mQGiBEDjMkoRBADRNrmaql3p609KBqr0j4t7UiHj/K3qAaWOaO18H6H6zKY8IUky
GlzNp8YQjwuARwVlbxe/hmWU3NLU/3xfJYQBlMH6SOZ1ofl38BtknRclwhGR7l+a
fy6UheVwTFH5BpVoBfjUvfMBHWgLLS5fHGZ8eAcBuf82kdGc340zAxS0cwCg6DZy
vWIEOf4mk8GL5SaBKwJHuLUD/il/FGlGEqcIiqme6rJ1CAE7kbzFaetn9g1M1Wyr
yjnAADxNNDWYBxvPcIge/s1bl+svWElg1IRpIybK9YyPzsOIhVyw4binZVBblSlD
Hw4N6dY5oX8QRDJL+98kmXtywEZljdSVn6jdBGvj0mZ1PKeJGxWMMRsEKiOOqLnR
rmX/2D0lK6I1tHQ/r4rrhK2C3TvhmFe95XR7DxKlGRWBuVfcNrQpVGltb3RoeSBH
b3VybGV5IChXb3JrKSA8dGdvdXJsZXlAYW5jLm5ldD6IXgQTEQIAHgUCQOMySgIb
NWEfanzAcTsXTQCgl1bji52YMFb58qxiCtyxjvUkyp25AQ0EQOMyTBAEAIJp/KIj
/Ln/A5nEFlL8Ae/Mm1g+APGV5uOz9C5JqQOErOShzO8HsTyN2Itwcu2YCFZAx3y4
AwYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRAFPqPBtqM1WpI8AKCv4zy4tTiTGSgW
No+c8hKvwGNoYIN+nkkdWdRyXQr6KTcaXEa4900QbUaeMdRG9IfTyelbMA6ABGae
XRyRWKYuJSAmJzkzK+fvYftQ5gQ+iIRfvmBDAAMFA/4iXaCaMTTb25qV+NAWMXnD
2G8yf4t2Q34xbH8CnqLMePAFTvN40+BpG1s3wju1PDUH3ae6BgLzTjfGRt6fOYUZ
H0jpDIGaTyjZrM8aBjAIYWoHNACDx00q/48PpxUPgkvi38xI29QKpVfwOFxmM06c
puPiBADK3jJFqrROVrImkb4GiDGXZCTbT467UY2MqytcxOYFIO+Vj0NYD+2v+IG7
eZf7EKV0c7RmMpsUwgoXEuURIr18LgsYXnW3jX5CFFm2UTPlkolTwT5gjrh7sUDq
LBTIg37Vt19G1P4s4GzRHIhJBBgRAgAJBQJA4zJMAhsMAAoJEAU+o8G2ozVakagA
oLtAIjEjLLI5v9jcc/pUNGnWwQf3AJ92n8DnqXZzg7IO5goxAe4isEevNg==
=dA+D
—–END PGP PUBLIC KEY BLOCK—–
You can import other people’s keys by doing this:
gpg –import filename.txt
So when you get a friend’s key, you can import it and start exchanging secure and private e-mail.
To encrypt text, you can do the following:
gpg -r RECIPIENT_NAME -e filename.txt > encrypted.txt
That will encrypt filename.txt into encrypted.txt for the user RECIPIENT_NAME, which is the name on the public key of the person you want to encrypt the file for.
Do decrypt, do the following:
gpg -d encrypted.txt
And your text will be decrypted, provided you know the passphrase for your key and have the sender’s public key imported.
Yes, this stuff is really geeky, and this little synopsis probably just confused you more than anything. There are lots of cool helper utilities and GUI programs out there to help get you started and make things easier, but I wholeheartedly recommend everyone to start encrypting their stuff. It’s pretty important.