Recently I started using encryption for many more of the outgoing emails I have been sending. Now since I’m easing back into this and I’m quite sure that my clients and associates are probably not set up to handle email encryption, I have only opted to add a PGP digital signature to my outgoing mails. But soon, very soon, I plan in implementing a system where 90% or more of my outgoing emails will be fully encrypted.
The other day I was asked by a client why he was seeing these encryptic messages in the emails he had been receiving from me. I briefly explained to him that for some time I have been uncomfortable sending some content through the normal email channels unencrypted and open to any prying eyes. I told him that what he was seeing in my emails was just a digital signature; if he had my encryption key then he would be able to always verify if the email he received under my name was actually from me.
Some people question the use of email encryption, saying that the only people who encrypt their emails are those who have something to hide or perhaps they are maybe even involved in some nefarious activities that they want to keep hidden. Nothing could be further from the truth!
Reasons to use email encryption could be any of the following:
- You are sending confidential information, such as credit card numbers, passwords, etc. and you want only the recipient to be able to view them.
- You are emailing your colleague about changes in the code to your new project and don’t want it “leaked”.
- You value your privacy and want to prevent any government agency or cyber-criminal from intercepting your email and reading the contents.
If any of the above reasons appealed to you, then you should seriously consider enabling encryption for some or all of your email correspondence. Heck, if it makes you feel like a super spy for doing this, then that’s a good enough reason as well!
I am not familiar with encryption methods on a Mac, but I do have a good understanding of how to accomplish this in either Windows or Linux. Let me break down the steps that I took to secure my emails and see if they work for you.
First of all, you’re going to have to have an encryption program. Most linux distributions include GPG in the default install (a beautiful thing if you ask me), so Linux users are already setup from the getgo. I would recommend Windows users to download GPG4win, which is a great utility for GPG encryption. After you have the necessary encryption software, then you have to create a key.
Creating an encryption key is relatively simple. Whether you’re using Linux or Windows, there should be an easily identifiable spot in the GPG program to create a new key. You will have to enter a name for the key and an email address associated with that name, and also a password to unlock the key. In my case, I used “Rob McGuire” and my email address of rob@robmcguire.net to go along with it. The program will churn away for a little while creating a secure key for you.
I should note that the encryption level of these keys are incredibly powerful, BUT they are really only as strong as the password you used when you set it up. Try to make a key that is easy for you to remember, but also try to mix it up somewhat; add capital letters, numbers and even symbols if you can.
After you have created an encryption key, you are halfway there to encrypting your emails. Now you just need to enable email encryption to your email program.
My email program of choice is Thunderbird, and I feel that it has the simplest, most direct route of enabling this feature. All I had to do was install the Enigmail extension for Thunderbird, and select the encryption key I wanted to use in the options panel. You can choose from several different options, but since I’m only digitally signing my emails for now (until I can convince some clients/associates to set this up on their end) I only selected to sign my emails with PGP.
So now, whenever I send an outgoing email from my rob@robmcguire.net email account, I am prompted for my password and then the email is digitally signed (proving that the email originated from me) and the email is sent. Easy as pie. The process would be just the same had I chosen the option to encrypt the entire email message as well as the attachments.
So what happens if I send an encrypted email to someone who doesn’t know what’s going on? That is also simple to fix if they are also using Thunderbird. The recipient would have to also install the Enigmail extension for thunderbird and then all they would need is my public key to decrypt messages I’ve sent to them as well as encrypt message back to me. My public key allows them to decrypt without knowing the password, and they can also send an encrypted email message back to me using my key without knowing the password. That’s pretty convenient.
There are a few ways of getting my public encryption key to the recipient (not the private key; the private key will always stay with me!). I can export the public key and attach it to an email to them, but I’ve been using a much more passive method of getting my keys to other people. Enigmail has a feature where you can upload your public key to one or more public key servers and other people can search those key databanks to download and import them to their computer.
So let’s say that I import my public key to the pgp.mit.edu keyserver. I then tell the recipient to search for my email address on that keyserver and then they will be able to locate the key, import it to Thunderbird, and from then on they will have no problem decrypting my messages or verifying my digital signature.
Many people think that the process for encrypting or decrypting emails is a difficult thing, but it’s actually quite simple if you follow these few steps. And email encryption isn’t limited to Thunderbird; other email apps support this and you can even use it in Gmail in Firefox as long as you install the FireGPG plugin. I have a friend who uses Gmail along with the FireGPG plugin and it runs very smoothly for him.
If any of you want to go ahead and try encrypting your emails through Thunderbird, I definitely recommend it. And I do know that the steps I described are rather brief, so if you have any questions or run into any problems, feel free to drop me a line and I’ll see if I can help figure it out for you.
No related posts.