In Part 1 of Is Your Email Private, We covered the basics of most current email systems, including how they work and why they are not secure. We then started into the topic of encryption and provided a link to PGP (Pretty Good Privacy), considered by many to be the default standard for email encryption on the Internet.
PGP is an encryption tool that uses public key cryptography (that is, cryptography that uses a public / private key pair to encrypt messages so that no other security is needed when sending messages across the Internet…) to maintain secure communications. To send someone a secure message, you “scramble” it using his or her public key before transmission. Then only the correct recipient can “un-scramble” the message using their private key. The same works for you. Someone would use your public key to encrypt a message, send it to you and then only you can decrypt the message using your private key.
If you missed Part 1, you can get your copy of PGP from here: http://www.pgpi.org. It’s free and there are many download sites available. Then walk through the following steps to start guarding your privacy…
1) This may sound simple but, step 1 – install the software! I would suggest that you use the defaults that the install program sets up for the installation. Wait until you’ve got more experience with the program before you modify anything.
2) Once the software is installed, it will walk you through creating your first public / private key pair. Go ahead, walk through the process – there’s nothing like getting you feet wet right away. Besides, you need to create this key pair before you can start using PGP. If you want to wait, you can create the key pair later by using the PGPkeys application.
3) Now that you’ve created your key pair, you need to pass out your public key. Since the key is simply a block of ASCII text characters, you can copy and paste it into the body of an email message or send it as an attached text file. Or you can post it on a public “key server” where anyone can get it anytime they need it. You also have access to other people’s public keys in this same manner.
4) OK – you’ve posted your public key and downloaded the public keys of all the people you want to send encrypted email. Now you need to validate these keys. Why? Because you want to make sure the key you downloaded belongs to the person you want to send email to. You can do this by comparing the unique fingerprint on your copy of someone’s public key to the fingerprint on that person’s original key. When you are sure that you have a valid public key, you sign it with your private key to show that you feel safe using it.
5) Now the fun begins! Once you have created your public / private keys and have downloaded the public keys of others you can start sending and receiving encrypted email.
If you are using one of the email applications supported by the included PGP plug-ins, you can send encrypted messages right from your email client by clicking on the appropriate buttons on the PGP toolbar. You can also decrypt messages right in the client.
If your email client is not supported by plug-ins, you can encrypt or decrypt your email using the functions from PGPtray or from PGPtools. Both of these applications are available by clicking on the PGP icon in the system tray of your Windows OS.
There are many other options available inside the PGP program. I suggest you read the user’s guide from top to bottom. You don’t want to miss out on any of the functionalty and versatility available to you from the FREE application.
Next time – Online encrypted email services…